446071be407efeb4e0d7c83bb504774a

1.  
2. Bot Communication Details:
3. Server DNS Name: apotheke-stiepel.com   Service Port: 80  Signature Name: Trojan.TeslaCrypt
4. Direction   Command User-Agent  Host    Connection  Pragma
5. GET /tmp/misc.php?C11C3B537C7D807D855777DB654F6A0BDC1591D647A14248AAA4E20F179A91CC2C
6.    CDBDE434B01781911FA635784514AAB62D4170DF3C21CFEABD6267274BE93AFE6105571E31C0A
7.    3F06C4123D7E295E92D5FCB0D8ABFEFC426C3306BF4B0FFB78BFDAA459739683A5271F9229605
8.    7426B147C4E97BEC4E3DC9A8AA8FF59BC8B17B6CD31261628F39EDF335A52E68DFB4EF2EDA48A
9.    F2D2C167C54BFF8EDF6010BCAB3DC95525DD29FA65F853576EC0E681E27BAE7A21A69E74048DF
10.    5C89377C521324C6719C7116EF1CEF0DB8484EE4F07AECB845DB8FB81F2FA8AA14F10BDBC99BD
11.    49A60BBDF83417106A0D1568F7E11835FC51442D97B633E2DF8AADC00DC035CA69D949A619F98
12.    D202C67130EA12CD9D7DC8A5D75852BAE0B21BB5F9434F93419D26496D608F3D9743896BB0F00
13.    C2CC0AF2F1D2702700CABD29065CC05A9779A4C66416AEBC3E67808542F930534B61AE3F808C5
14.    AB5633B016EDFD83AC0F94 HTTP/1.1  Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko apotheke-stiepel.com    Keep-Alive 
15. GET /tmp/misc.php?572A56481F78D91A71F483FAC3626A6F3F0B199F77247528100DF8D9FB4CBD158E
16.    BD9497F2B1EDDF97B66305AF836A15BFE7901D398BA1ADEA745BB88F4B4C2D71FDEAB1AA019AF
17.    9A37F7E8B1F6BD99597AA53B1922D67FF6FDE3E5C3C740A2FC47EF3F3B1A5D6A665F0CB44DEC8
18.    60DC3927DC27FA84E55C9DB4F1CDD48426281322B32C98B97E673668F8F882E5F0EE8B30D7B0F
19.    0EC773C56AA20784A1C69A0576AFCDE80C5A0A37558533541801B8685CED94DF94C18D8A9630F
20.    E57EC9497F67E677FE56C8847B7D999A3D0F503E813A0A2D421CCBB0F83651FFB681D3D8FC231
21.    B2928C2C7036183AEADF90BB3965297ADAD041F68CE543A79118915ED6EF72D55633A57934EF8
22.    EB9A5DA3E1FE5863F7208C52BD9BB8958BCA4B099315FFCAF873395A915D9D89BFEBCD3AAEC28
23.    52F44183B63D1E173A28E91F96C432632987744191699096A6CB81CDEDB8FFBC2A3371273794D
24.    308CCD62AA630BB553512B HTTP/1.1  Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko apotheke-stiepel.com    Keep-Alive 
25. GET /tmp/misc.php?D75E24DAF74403E668692C761F1277D3DEE05B23699A462E770EF7C2B412992CF5
26.    79C27ED71DDFF27867BA8FE680524E9DC1B12FA8A608C8E3C714A816B5B6ECB39828673488886
27.    EDD684BB273BD5EE7FA6879A277F0ED2BCFFBAA66BD0EC300BB314DFB89A428EA39102CBE12A8
28.    5690DB42544535A414366FFF6475337D8827FA5E03CCCCC178BF2D1E4CEB5CF2D983F4CE37903
29.    A867E050EDD8AB2663B433D5366DD07CDB93063457352CC78B1D963808544AE0B2FA25C22729A
30.    AAFA1A675B2AB24793ECF5FFDB44C2DF35303DDC11F60C961E92F7E05C60D8C3AABE63EF88C31
31.    F619BC083B6192D4E67006512603847927A299AA1E205B0722E6F577D6772FEBB773675FFB634
32.    419B548E84D34B69CC48EABAB159BA3CCE08D47E04E061E3E0F289E104B86DC1227513A7F0026
33.    7FFB40A26D9F8B2D029418D54DFCE65F971E9818E24B4511F3627FBD8B95CD49B600E36A22736
34.    183A6B341C90EC4BB2CD03 HTTP/1.1  Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko apotheke-stiepel.com    Keep-Alive 
35. Server DNS Name: leboudoirdesbrunettes.com   Service Port: 80  Signature Name: Trojan.TeslaCrypt
36. Direction   Command User-Agent  Host    Connection  Pragma
37. GET /wp-content/uploads/misc.php?572A56481F78D91A71F483FAC3626A6F3F0B199F77247528100
38.    DF8D9FB4CBD158EBD9497F2B1EDDF97B66305AF836A15BFE7901D398BA1ADEA745BB88F4B4C2D
39.    71FDEAB1AA019AF9A37F7E8B1F6BD99597AA53B1922D67FF6FDE3E5C3C740A2FC47EF3F3B1A5D
40.    6A665F0CB44DEC860DC3927DC27FA84E55C9DB4F1CDD48426281322B32C98B97E673668F8F882
41.    E5F0EE8B30D7B0F0EC773C56AA20784A1C69A0576AFCDE80C5A0A37558533541801B8685CED94
42.    DF94C18D8A9630FE57EC9497F67E677FE56C8847B7D999A3D0F503E813A0A2D421CCBB0F83651
43.    FFB681D3D8FC231B2928C2C7036183AEADF90BB3965297ADAD041F68CE543A79118915ED6EF72
44.    D55633A57934EF8EB9A5DA3E1FE5863F7208C52BD9BB8958BCA4B099315FFCAA323B761D1D190
45.    E8CAB3E1442891A31A1DC476B04BCA261904E95C497043794C841EA9578FCE15497BCB559670C
46.    379AB137012A649B0BCDAA5CA14762D69939C HTTP/1.1   Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko leboudoirdesbrunettes.com   Keep-Alive 
47. GET /wp-content/uploads/misc.php?C11C3B537C7D807D855777DB654F6A0BDC1591D647A14248AAA
48.    4E20F179A91CC2CCDBDE434B01781911FA635784514AAB62D4170DF3C21CFEABD6267274BE93A
49.    FE6105571E31C0A3F06C4123D7E295E92D5FCB0D8ABFEFC426C3306BF4B0FFB78BFDAA4597396
50.    83A5271F92296057426B147C4E97BEC4E3DC9A8AA8FF59BC8B17B6CD31261628F39EDF335A52E
51.    68DFB4EF2EDA48AF2D2C167C54BFF8EDF6010BCAB3DC95525DD29FA65F853576EC0E681E27BAE
52.    7A21A69E74048DF5C89377C521324C6719C7116EF1CEF0DB8484EE4F07AECB845DB8FB81F2FA8
53.    AA14F10BDBC99BD49A60BBDF83417106A0D1568F7E11835FC51442D97B633E2DF8AADC00DC035
54.    CA69D949A619F98D202C67130EA12CD9D7DC8A5D75852BAE0B21BB5F9434F93608462E7D7FABD
55.    7E61E72BE32036A170D9974292B0C8638664073D4E68ED2EF2DA35B8E0E10E4F55DAEE4C59C75
56.    618C65EF8CB9B0FF1D4E457F18EE7DA2B2060 HTTP/1.1   Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko leboudoirdesbrunettes.com   Keep-Alive 
57. GET /wp-content/uploads/misc.php?D75E24DAF74403E668692C761F1277D3DEE05B23699A462E770
58.    EF7C2B412992CF579C27ED71DDFF27867BA8FE680524E9DC1B12FA8A608C8E3C714A816B5B6EC
59.    B39828673488886EDD684BB273BD5EE7FA6879A277F0ED2BCFFBAA66BD0EC300BB314DFB89A42
60.    8EA39102CBE12A85690DB42544535A414366FFF6475337D8827FA5E03CCCCC178BF2D1E4CEB5C
61.    F2D983F4CE37903A867E050EDD8AB2663B433D5366DD07CDB93063457352CC78B1D963808544A
62.    E0B2FA25C22729AAAFA1A675B2AB24793ECF5FFDB44C2DF35303DDC11F60C961E92F7E05C60D8
63.    C3AABE63EF88C31F619BC083B6192D4E67006512603847927A299AA1E205B0722E6F577D6772F
64.    EBB773675FFB634419B548E84D34B69CC48EABAB159BA3CCE08D47E04E061E34764A023F2D2D6
65.    64607F1590B855E6D4264C0E8440CECCA7EFDAC7F93269C7A3682C2E784DF76277ECD19B7DB16
66.    A7BB6CE6881215579872C8BD570CE43C678BC HTTP/1.1   Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko leboudoirdesbrunettes.com   Keep-Alive 
67. Server DNS Name: myexternalip.com   Service Port: 80  Signature Name: Trojan.TeslaCrypt
68. Direction   Command User-Agent  Host    Connection  Pragma
69. GET /raw HTTP/1.1   Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko myexternalip.com       
70. GET /raw HTTP/1.1   Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko myexternalip.com       
71. Server DNS Name: regiefernando.me   Service Port: 80  Signature Name: Trojan.TeslaCrypt
72. Direction   Command User-Agent  Host    Connection  Pragma
73. GET /images/slideshow/sysmisc.php?C11C3B537C7D807D855777DB654F6A0BDC1591D647A14248AA
74.    A4E20F179A91CC2CCDBDE434B01781911FA635784514AAB62D4170DF3C21CFEABD6267274BE93
75.    AFE6105571E31C0A3F06C4123D7E295E92D5FCB0D8ABFEFC426C3306BF4B0FFB78BFDAA459739
76.    683A5271F92296057426B147C4E97BEC4E3DC9A8AA8FF59BC8B17B6CD31261628F39EDF335A52
77.    E68DFB4EF2EDA48AF2D2C167C54BFF8EDF6010BCAB3DC95525DD29FA65F853576EC0E681E27BA
78.    E7A21A69E74048DF5C89377C521324C6719C7116EF1CEF0DB8484EE4F07AECB845DB8FB81F2FA
79.    8AA14F10BDBC99BD49A60BBDF83417106A0D1568F7E11835FC51442D97B633E2DF8AADC00DC03
80.    5CA69D949A619F98D202C67130EA12CD9D7DC8A5D75852BAE0B21BB5F9434F9358ACC50820886
81.    D3CB707006675EC6EDE50EDFAFD1DFA022DCC45B4E04A175B4506B811A0C6E5C172DF55C96E66
82.    29C6D5B3A55607AF46CA96C08D2369301A1B9E HTTP/1.1  Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko regiefernando.me    Keep-Alive 
83. GET /images/slideshow/sysmisc.php?D75E24DAF74403E668692C761F1277D3DEE05B23699A462E77
84.    0EF7C2B412992CF579C27ED71DDFF27867BA8FE680524E9DC1B12FA8A608C8E3C714A816B5B6E
85.    CB39828673488886EDD684BB273BD5EE7FA6879A277F0ED2BCFFBAA66BD0EC300BB314DFB89A4
86.    28EA39102CBE12A85690DB42544535A414366FFF6475337D8827FA5E03CCCCC178BF2D1E4CEB5
87.    CF2D983F4CE37903A867E050EDD8AB2663B433D5366DD07CDB93063457352CC78B1D963808544
88.    AE0B2FA25C22729AAAFA1A675B2AB24793ECF5FFDB44C2DF35303DDC11F60C961E92F7E05C60D
89.    8C3AABE63EF88C31F619BC083B6192D4E67006512603847927A299AA1E205B0722E6F577D6772
90.    FEBB773675FFB634419B548E84D34B69CC48EABAB159BA3CCE08D47E04E061E3715A2A1665459
91.    77BAC3040E4D08E3C3EDCBE49316159727545C42873003046D051792BEDD3DAE13BD786C5C82B
92.    93F04C03C3E4C9AE4766346625AB28BA15E48E HTTP/1.1  Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko regiefernando.me    Keep-Alive 
93. Server DNS Name: schriebershof.de   Service Port: 80  Signature Name: Trojan.TeslaCrypt
94. Direction   Command User-Agent  Host    Connection  Pragma
95. GET /tmp/misc.php?C11C3B537C7D807D855777DB654F6A0BDC1591D647A14248AAA4E20F179A91CC2C
96.    CDBDE434B01781911FA635784514AAB62D4170DF3C21CFEABD6267274BE93AFE6105571E31C0A
97.    3F06C4123D7E295E92D5FCB0D8ABFEFC426C3306BF4B0FFB78BFDAA459739683A5271F9229605
98.    7426B147C4E97BEC4E3DC9A8AA8FF59BC8B17B6CD31261628F39EDF335A52E68DFB4EF2EDA48A
99.    F2D2C167C54BFF8EDF6010BCAB3DC95525DD29FA65F853576EC0E681E27BAE7A21A69E74048DF
100.    5C89377C521324C6719C7116EF1CEF0DB8484EE4F07AECB845DB8FB81F2FA8AA14F10BDBC99BD
101.    49A60BBDF83417106A0D1568F7E11835FC51442D97B633E2DF8AADC00DC035CA69D949A619F98
102.    D202C67130EA12CD9D7DC8A5D75852BAE0B21BB5F9434F931ABA777D85BCE4587831E4F30B4E9
103.    7EFC9E059A09F63E35D1F217B98E20ABF42858D57234306425B2E7BE3355035CB415A30B71097
104.    DEA1BDE6CF7405DADC1379 HTTP/1.1  Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko schriebershof.de    Keep-Alive 
105. GET /tmp/misc.php?D75E24DAF74403E668692C761F1277D3DEE05B23699A462E770EF7C2B412992CF5
106.    79C27ED71DDFF27867BA8FE680524E9DC1B12FA8A608C8E3C714A816B5B6ECB39828673488886
107.    EDD684BB273BD5EE7FA6879A277F0ED2BCFFBAA66BD0EC300BB314DFB89A428EA39102CBE12A8
108.    5690DB42544535A414366FFF6475337D8827FA5E03CCCCC178BF2D1E4CEB5CF2D983F4CE37903
109.    A867E050EDD8AB2663B433D5366DD07CDB93063457352CC78B1D963808544AE0B2FA25C22729A
110.    AAFA1A675B2AB24793ECF5FFDB44C2DF35303DDC11F60C961E92F7E05C60D8C3AABE63EF88C31
111.    F619BC083B6192D4E67006512603847927A299AA1E205B0722E6F577D6772FEBB773675FFB634
112.    419B548E84D34B69CC48EABAB159BA3CCE08D47E04E061E3CE60098A9D0E1EC0A913E690C8AD5
113.    74F3751CFB31D866987E554D48072BD0FE839B2EAB05A463A2456CED41CF35407C611165C3E85
114.    F0DE5739433E3537DF761D HTTP/1.1  Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko schriebershof.de    Keep-Alive 
115. Server DNS Name: woodenden.com   Service Port: 80  Signature Name: Trojan.TeslaCrypt
116. Direction   Command User-Agent  Host    Connection  Pragma
117. GET /sysmisc.php?C11C3B537C7D807D855777DB654F6A0BDC1591D647A14248AAA4E20F179A91CC2CC
118.    DBDE434B01781911FA635784514AAB62D4170DF3C21CFEABD6267274BE93AFE6105571E31C0A3
119.    F06C4123D7E295E92D5FCB0D8ABFEFC426C3306BF4B0FFB78BFDAA459739683A5271F92296057
120.    426B147C4E97BEC4E3DC9A8AA8FF59BC8B17B6CD31261628F39EDF335A52E68DFB4EF2EDA48AF
121.    2D2C167C54BFF8EDF6010BCAB3DC95525DD29FA65F853576EC0E681E27BAE7A21A69E74048DF5
122.    C89377C521324C6719C7116EF1CEF0DB8484EE4F07AECB845DB8FB81F2FA8AA14F10BDBC99BD4
123.    9A60BBDF83417106A0D1568F7E11835FC51442D97B633E2DF8AADC00DC035CA69D949A619F98D
124.    202C67130EA12CD9D7DC8A5D75852BAE0B21BB5F9434F936BA028085EB42F08AB7F9F0C6708F2
125.    B1C07780E9B51A3543D3DC9434FB19E3E0658D925C2CC39288456432594B52BBFF HTTP/1.1  Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko woodenden.com   Keep-Alive 
126. GET /sysmisc.php?D75E24DAF74403E668692C761F1277D3DEE05B23699A462E770EF7C2B412992CF57
127.    9C27ED71DDFF27867BA8FE680524E9DC1B12FA8A608C8E3C714A816B5B6ECB39828673488886E
128.    DD684BB273BD5EE7FA6879A277F0ED2BCFFBAA66BD0EC300BB314DFB89A428EA39102CBE12A85
129.    690DB42544535A414366FFF6475337D8827FA5E03CCCCC178BF2D1E4CEB5CF2D983F4CE37903A
130.    867E050EDD8AB2663B433D5366DD07CDB93063457352CC78B1D963808544AE0B2FA25C22729AA
131.    AFA1A675B2AB24793ECF5FFDB44C2DF35303DDC11F60C961E92F7E05C60D8C3AABE63EF88C31F
132.    619BC083B6192D4E67006512603847927A299AA1E205B0722E6F577D6772FEBB773675FFB6344
133.    19B548E84D34B69CC48EABAB159BA3CCE08D47E04E061E3DBE3FA33607B5B98A8AB3DA6EAF460
134.    839BE1CADA38864B9DE1F2091F0CCB8C507FB8D3A80A2867E27161015EB4119FF8 HTTP/1.1  Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko woodenden.com   Keep-Alive 
135.  
136. Callback communication observed from VM:
137. Server DNS Name: 199.16.199.3   Service Port: 80  Signature Name: Trojan.TeslaCrypt
138. Direction   Command User-Agent  Host    Connection  Pragma
139. GET /images/slideshow/sysmisc.php?D75E24DAF74403E668692C761F1277D3DEE05B23699A462E77
140.    0EF7C2B412992CF579C27ED71DDFF27867BA8FE680524E9DC1B12FA8A608C8E3C714A816B5B6E
141.    CB39828673488886EDD684BB273BD5EE7FA6879A277F0ED2BCFFBAA66BD0EC300BB314DFB89A4
142.    28EA39102CBE12A85690DB42544535A414366FFF6475337D8827FA5E03CCCCC178BF2D1E4CEB5
143.    CF2D983F4CE37903A867E050EDD8AB2663B433D5366DD07CDB93063457352CC78B1D963808544
144.    AE0B2FA25C22729AAAFA1A675B2AB24793ECF5FFDB44C2DF35303DDC11F60C961E92F7E05C60D
145.    8C3AABE63EF88C31F619BC083B6192D4E67006512603847927A299AA1E205B0722E6F577D6772
146.    FEBB773675FFB634419B548E84D34B69CC48EABAB159BA3CCE08D47E04E061E3715A2A1665459
147.    77BAC3040E4D08E3C3EDCBE49316159727545C42873003046D051792BEDD3DAE13BD786C5C82B
148.    93F04C03C3E4C9AE4766346625AB28BA15E48E HTTP/1.1  Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko regiefernando.me    Keep-Alive 
149. GET /images/slideshow/sysmisc.php?C11C3B537C7D807D855777DB654F6A0BDC1591D647A14248AA
150.    A4E20F179A91CC2CCDBDE434B01781911FA635784514AAB62D4170DF3C21CFEABD6267274BE93
151.    AFE6105571E31C0A3F06C4123D7E295E92D5FCB0D8ABFEFC426C3306BF4B0FFB78BFDAA459739
152.    683A5271F92296057426B147C4E97BEC4E3DC9A8AA8FF59BC8B17B6CD31261628F39EDF335A52
153.    E68DFB4EF2EDA48AF2D2C167C54BFF8EDF6010BCAB3DC95525DD29FA65F853576EC0E681E27BA
154.    E7A21A69E74048DF5C89377C521324C6719C7116EF1CEF0DB8484EE4F07AECB845DB8FB81F2FA
155.    8AA14F10BDBC99BD49A60BBDF83417106A0D1568F7E11835FC51442D97B633E2DF8AADC00DC03
156.    5CA69D949A619F98D202C67130EA12CD9D7DC8A5D75852BAE0B21BB5F9434F9358ACC50820886
157.    D3CB707006675EC6EDE50EDFAFD1DFA022DCC45B4E04A175B4506B811A0C6E5C172DF55C96E66
158.    29C6D5B3A55607AF46CA96C08D2369301A1B9E HTTP/1.1  Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko regiefernando.me    Keep-Alive 
159.  
160. Suspicious network behavior observed from VM:
161.  
162. Download Source Headers
163. GET    
164.  /kldf/cachec50da2243ebb9d634cfad3427cafcc61/73.exe?1 HTTP/1.1
165.     Server     
166.  Apache
167. Host   
168.  baneyconstruction.com
169.     Last-Modified  
170.  Thu, 03 Dec 2015 09:50:03 GMT
171. User-Agent     
172.  Mozilla/5.0 (Windows NT 6.3; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0
173.     ETag   
174.  "61c00-525fb509feb78"
175. Accept     
176.  text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
177.     Accept-Ranges  
178.  bytes
179. Accept-Language    
180.  de,en-US;q=0.7,en;q=0.3
181.     Content-Length     
182.  400384
183. Accept-Encoding    
184.  gzip, deflate
185.     Keep-Alive     
186.  timeout=5, max=100
187. Connection     
188.  keep-alive
189.     Connection     
190.  Keep-Alive
191. HTTP   
192.  1.1 200 OK
193.     Content-Type   
194.  application/x-msdownload
195. Date   
196.  Thu, 03 Dec 2015 09:51:45 GMT
197.        
198. OS Change Detail   (version: 1.1290)     | Items: 997  | OS Info: Microsoft Windows7 64-bit 6.1 sp1 15.0826   Top
199. Type    Mode/Class  Details (Path/Message/Protocol/Hostname/Qtype/ListenPort etc.)  Process ID  Parent ID   File Size
200. Analysis   
201. Malware
202.    
203.              
204. Application
205.    
206.              
207. 3 Repeated items skipped
208. Config  Update 
209.    
210.              
211. Uac
212. Service
213.    
214. Multimedia Class Scheduler
215.              
216. Process
217. Started
218.    
219. C:\Users\Administrator\AppData\Local\Temp\73.exe
220.   Parentname:  C:\Windows\explorer.exe
221.   Command Line:  "C:\Users\Administrator\AppData\Local\Temp\73.exe"
222.   MD5:  446071be407efeb4e0d7c83bb504774a
223.   SHA1: ef06d2b504ce08b2d6570ca4b4f923a1ad428f7a
224.     2252    1092    400384
225. Uac
226. Service
227.    
228. Windows Error Reporting Service
229.              
230. File   
231. Failed
232.    
233. C:\Windows\System32\WOW64LOG.DLL
234.     2252         
235. Regkey 
236. Queryvalue
237.    
238. \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\"ComputerName"
239.     2252         
240. File   
241. Failed
242.    
243. C:\Users\ADMINI~1\AppData\Local\Temp\A.CONFIG
244.     2252         
245. API Call   
246.    
247.  API Name:  Sleep   Address:  0x0042232d
248.  Params:  [15]
249.  Imagepath:  C:\Users\Administrator\AppData\Local\Temp\73.exe   DLL Name:  kernel32.dll
250.     2252         
251. API Call   
252.    
253.  API Name:  Sleep   Address:  0x0042232d
254.  Params:  [15]
255.  Imagepath:  C:\Users\Administrator\AppData\Local\Temp\73.exe   DLL Name:  kernel32.dll
256.     2252         
257. API Call   
258.    
259.  API Name:  Sleep   Address:  0x0042232d
260.  Params:  [15]
261.  Imagepath:  C:\Users\Administrator\AppData\Local\Temp\73.exe   DLL Name:  kernel32.dll
262.     2252         
263. File   
264. Failed
265.    
266. C:\Users\ADMINI~1\AppData\Local\Temp\A
267.     2252         
268. File   
269. Failed
270.    
271. C:\Users\Administrator\AppData\Local\Temp\MPR.DLL
272.     2252         
273. Mutex  
274.    
275. \Sessions\1\BaseNamedObjects\DBWinMutex
276.     2252         
277. File   
278. Failed
279.    
280. C:\Windows\SysWOW64\RPCSS.DLL
281.     2252         
282. API Call   
283.    
284.  API Name:  Sleep   Address:  0x0042232d
285.  Params:  [15]
286.  Imagepath:  C:\Users\Administrator\AppData\Local\Temp\73.exe   DLL Name:  kernel32.dll
287.     2252         
288. API Call   
289.    
290.  API Name:  Sleep   Address:  0x0042232d
291.  Params:  [15]
292.  Imagepath:  C:\Users\Administrator\AppData\Local\Temp\73.exe   DLL Name:  kernel32.dll
293.     2252         
294. 5 Repeated items skipped
295. API Call   
296.    
297.  API Name:  GetSystemDirectoryW   Address:  0x7732f96e
298.  Params:  [0x77396420, 260]
299.  Imagepath:  C:\Users\Administrator\AppData\Local\Temp\73.exe   DLL Name:  kernel32.dll
300.     2252         
301. Mutex  
302.    
303. \Sessions\1\BaseNamedObjects\AMResourceMutex3
304.     2252         
305. File   
306. Failed
307.    
308. C:\Users\Administrator\AppData\Local\Temp\DWMAPI.DLL
309.     2252         
310. File   
311. Failed
312.    
313. C:\Users\Administrator\AppData\Local\Temp\MSVFW32.DLL
314.     2252         
315. File   
316. Failed
317.    
318. C:\Users\Administrator\AppData\Local\Temp\PROFAPI.DLL
319.     2252         
320. API Call   
321.    
322.  API Name:  NtAdjustPrivilegesToken   Address:  0x7584ca4f
323.  Params:  [SeDebugPrivilege, Enabled]
324.  Imagepath:  C:\Users\Administrator\AppData\Local\Temp\73.exe   DLL Name:  ntdll.dll
325.     2252         
326. API Call   
327.    
328.  API Name:  GetTokenInformation   Address:  0x0041e934
329.  Params:  [0x1bc, 0x19]
330.  Imagepath:  C:\Users\Administrator\AppData\Local\Temp\73.exe   DLL Name:  advapi32.dll
331.     2252         
332. API Call   
333.    
334.  API Name:  GetTokenInformation   Address:  0x0041e976
335.  Params:  [0x1bc, 0x19]
336.  Imagepath:  C:\Users\Administrator\AppData\Local\Temp\73.exe   DLL Name:  advapi32.dll
337.     2252         
338. API Call   
339.    
340.  API Name:  Sleep   Address:  0x0042232d
341.  Params:  [15]
342.  Imagepath:  C:\Users\Administrator\AppData\Local\Temp\73.exe   DLL Name:  kernel32.dll
343.     2252         
344. API Call   
345.    
346.  API Name:  Sleep   Address:  0x0042232d
347.  Params:  [15]
348.  Imagepath:  C:\Users\Administrator\AppData\Local\Temp\73.exe   DLL Name:  kernel32.dll
349.     2252         
350. 4 Repeated items skipped
351. File   
352. Failed
353.    
354. C:\Users\Administrator\AppData\Roaming\73.EXE
355.     2252         
356. File   
357. Created
358.    
359. C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
360.     2252         
361. Malicious  Alert   
362. Malicious  Directory
363.    
364. Message:   Executable file created in suspicious location    Detail:   Process creating executable file in suspicious location  
365.              
366. Malicious  Alert   
367. Misc  Anom
368.    
369. Message:   Generic Trojan Behavior    Detail:   Generic Trojan Behavior  
370.              
371. File   
372. Open
373.    
374. C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
375.     2252         
376. File   
377. Date  Change
378.    
379. C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
380.     2252        400384
381. File   
382. Close
383.    
384. C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
385.  MD5:  446071be407efeb4e0d7c83bb504774a
386.  SHA1: ef06d2b504ce08b2d6570ca4b4f923a1ad428f7a
387.     2252        400384
388. Process
389. Started
390.    
391. C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
392.  Parentname:  C:\Users\Administrator\AppData\Local\Temp\73.exe
393.  Command Line:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
394.  MD5:  446071be407efeb4e0d7c83bb504774a
395.  SHA1: ef06d2b504ce08b2d6570ca4b4f923a1ad428f7a
396.     328 2252    400384
397. Malicious  Alert   
398. Process  Cloned
399.    
400. Message:   Process clones and starts itself    Detail:   Process clones and starts itself  
401.              
402. File   
403. Failed
404.    
405. C:\Users\Administrator\AppData\Roaming\UI\SWDRM.DLL
406.     2252         
407. API Call   
408.    
409.  API Name:  ShellExecuteW   Address:  0x0041f88d
410.  Params:  [0x0, NULL, C:\Windows\system32\cmd.exe, /c DEL C:\Users\ADMINI~1\AppData\Local\Temp\73.exe, NULL, 0]
411.  Imagepath:  C:\Users\Administrator\AppData\Local\Temp\73.exe   DLL Name:  Shell32.dll
412.     2252         
413. Malicious  Alert   
414. Generic  Anomalous  Activity
415.    
416. Message:   Hidden ShellExecute call made    Detail:   Hidden ShellExecute call made  
417.              
418. File   
419. Failed
420.    
421. C:\Users\Administrator\AppData\Local\Temp\PROPSYS.DLL
422.     2252         
423. File   
424. Failed
425.    
426. C:\Windows\System32\WOW64LOG.DLL
427.     328      
428. Regkey 
429. Queryvalue
430.    
431. \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\"ComputerName"
432.     328      
433. File   
434. Failed
435.    
436. C:\Users\Administrator\AppData\Local\Microsoft\Windows\Caches
437.     2252         
438. File   
439. Failed
440.    
441. C:\Users\Administrator\AppData\Local\Temp\NTMARTA.DLL
442.     2252         
443. File   
444. Failed
445.    
446. C:\Users\Administrator\AppData\Local\Temp\CRYPTSP.DLL
447.     2252         
448. File   
449. Failed
450.    
451. C:\Users\Administrator\AppData\Local\Temp\RPCRTREMOTE.DLL
452.     2252         
453. API Call   
454.    
455.   API Name:  Sleep   Address:  0x7760d98d
456.   Params:  [60000]
457.   Imagepath:  C:\Users\Administrator\AppData\Local\Temp\73.exe   DLL Name:  kernel32.dll
458.     2252         
459. File   
460. Failed
461.    
462. C:\Users\Administrator\AppData\Local\Temp\SECUR32.DLL
463.     2252         
464. Mutex  
465.    
466. \Sessions\1\BaseNamedObjects\ZonesCacheCounterMutex
467.     2252         
468. Regkey 
469. Deleteval
470.    
471. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
472.    on\Internet Settings\ZoneMap\"ProxyBypass"
473.     2252         
474. Regkey 
475. Deleteval
476.    
477. \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\"P
478.   roxyBypass"
479.     2252         
480. Regkey 
481. Deleteval
482.    
483. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
484.    on\Internet Settings\ZoneMap\"IntranetName"
485.     2252         
486. Regkey 
487. Deleteval
488.    
489. \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\"I
490.   ntranetName"
491.     2252         
492. Regkey 
493. Setval
494.    
495. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
496.    on\Internet Settings\ZoneMap\"UNCAsIntranet" = 0x00000000
497.     2252         
498. Regkey 
499. Setval
500.    
501. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
502.   on\Internet Settings\ZoneMap\"AutoDetect" = 0x00000001
503.     2252         
504. Mutex  
505.    
506. \Sessions\1\BaseNamedObjects\ZonesLockedCacheCounterMutex
507.     2252         
508. Regkey 
509. Deleteval
510.    
511. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
512.    on\Internet Settings\ZoneMap\"ProxyBypass"
513.     2252         
514. Regkey 
515. Deleteval
516.    
517. \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\"P
518.   roxyBypass"
519.     2252         
520. Regkey 
521. Deleteval
522.    
523. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
524.    on\Internet Settings\ZoneMap\"IntranetName"
525.     2252         
526. Regkey 
527. Deleteval
528.    
529. \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\"I
530.   ntranetName"
531.     2252         
532. Regkey 
533. Setval
534.    
535. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
536.    on\Internet Settings\ZoneMap\"UNCAsIntranet" = 0x00000000
537.     2252         
538. Regkey 
539. Setval
540.    
541. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
542.   on\Internet Settings\ZoneMap\"AutoDetect" = 0x00000001
543.     2252         
544. Folder 
545. Open
546.    
547. C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies
548.     2252         
549. Process
550. Started
551.    
552. C:\Windows\SysWOW64\cmd.exe
553.   Parentname:  C:\Users\Administrator\AppData\Local\Temp\73.exe
554.   Command Line:  "C:\Windows\system32\cmd.exe" /c DEL C:\Users\ADMINI~1\AppData\Local\Temp\73.exe
555.   MD5:  ad7b9c14083b52bc532fba5948342b98
556.   SHA1: ee8cbf12d87c4d388f09b4f69bed2e91682920b5
557.     1748    2252    302592
558. File   
559. Failed
560.    
561. C:\Windows\SysWOW64\UI\SWDRM.DLL
562.     2252         
563. API Call   
564.    
565.   API Name:  GetSystemDirectoryW   Address:  0x77179cce
566.   Params:  [0x2c1f6cc, 260]
567.   Imagepath:  C:\Users\Administrator\AppData\Local\Temp\73.exe   DLL Name:  kernel32.dll
568.     2252         
569. File   
570. Failed
571.    
572. C:\Windows\System32\WOW64LOG.DLL
573.     1748         
574. Process
575. Terminated
576.    
577. C:\Users\Administrator\AppData\Local\Temp\73.exe
578.   Parentname:  C:\Windows\explorer.exe
579.   Command Line:  N/A
580.     2252    1092     
581. Regkey 
582. Queryvalue
583.    
584. \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\"ComputerName"
585.     1748         
586. File   
587. Delete
588.    
589. C:\Users\Administrator\AppData\Local\Temp\73.exe
590.  MD5:  446071be407efeb4e0d7c83bb504774a
591.  SHA1: ef06d2b504ce08b2d6570ca4b4f923a1ad428f7a
592.     1748        400384
593. Malicious  Alert   
594. Self  Delete
595.    
596. Message:   Self deletion using batch file    Detail:   Process deleting itself using a batch file  
597.              
598. Malicious  Alert   
599. Self  Delete
600.    
601. Message:   Root process deleted    Detail:   Process deleting itself  
602.              
603. Process
604. Terminated
605.    
606. C:\Windows\SysWOW64\cmd.exe
607.  Parentname:  C:\Users\Administrator\AppData\Local\Temp\73.exe
608.  Command Line:  N/A
609.     1748    2252     
610. File   
611. Failed
612.    
613. C:\Users\ADMINI~1\AppData\Local\Temp\A.CONFIG
614.     328      
615. File   
616. Failed
617.    
618. C:\Users\ADMINI~1\AppData\Local\Temp\A
619.     328      
620. API Call   
621.    
622.  API Name:  Sleep   Address:  0x0042232d
623.  Params:  [15]
624.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
625.     328      
626. File   
627. Failed
628.    
629. C:\Users\Administrator\AppData\Roaming\MPR.DLL
630.     328      
631. Mutex  
632.    
633. \Sessions\1\BaseNamedObjects\DBWinMutex
634.     328      
635. File   
636. Failed
637.    
638. C:\Windows\SysWOW64\RPCSS.DLL
639.     328      
640. API Call   
641.    
642.  API Name:  Sleep   Address:  0x0042232d
643.  Params:  [15]
644.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
645.     328      
646. API Call   
647.    
648.  API Name:  Sleep   Address:  0x0042232d
649.  Params:  [15]
650.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
651.     328      
652. 7 Repeated items skipped
653. API Call   
654.    
655.  API Name:  GetSystemDirectoryW   Address:  0x7732f96e
656.  Params:  [0x77396420, 260]
657.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
658.     328      
659. Mutex  
660.    
661. \Sessions\1\BaseNamedObjects\AMResourceMutex3
662.     328      
663. API Call   
664.    
665.  API Name:  NtAdjustPrivilegesToken   Address:  0x7584ca4f
666.  Params:  [SeDebugPrivilege, Enabled]
667.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  ntdll.dll
668.     328      
669. API Call   
670.    
671.  API Name:  GetTokenInformation   Address:  0x0041e934
672.  Params:  [0x1bc, 0x19]
673.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  advapi32.dll
674.     328      
675. API Call   
676.    
677.  API Name:  GetTokenInformation   Address:  0x0041e976
678.  Params:  [0x1bc, 0x19]
679.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  advapi32.dll
680.     328      
681. API Call   
682.    
683.  API Name:  Sleep   Address:  0x0042232d
684.  Params:  [15]
685.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
686.     328      
687. API Call   
688.    
689.  API Name:  Sleep   Address:  0x0042232d
690.  Params:  [15]
691.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
692.     328      
693. API Call   
694.    
695.  API Name:  Sleep   Address:  0x0042232d
696.  Params:  [15]
697.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
698.     328      
699. File   
700. Failed
701.    
702. C:\Users\Administrator\AppData\Roaming\DWMAPI.DLL
703.     328      
704. API Call   
705.    
706.  API Name:  Sleep   Address:  0x0042232d
707.  Params:  [15]
708.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
709.     328      
710. File   
711. Failed
712.    
713. C:\Users\Administrator\AppData\Roaming\MSVFW32.DLL
714.     328      
715. API Call   
716.    
717.  API Name:  Sleep   Address:  0x0042232d
718.  Params:  [15]
719.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
720.     328      
721. File   
722. Failed
723.    
724. C:\Users\Administrator\AppData\Roaming\PROFAPI.DLL
725.     328      
726. Mutex  
727.    
728. \Sessions\1\BaseNamedObjects\78456214324124
729.     328      
730. File   
731. Failed
732.    
733. C:\Users\Administrator\AppData\Roaming\BCDEDIT.EXE
734.     328      
735. File   
736. Failed
737.    
738. C:\Users\ADMINI~1\AppData\Local\Temp\bcdedit.exe
739.     328      
740. Process
741. Started
742.    
743. C:\Windows\System32\bcdedit.exe
744.  Parentname:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
745.  Command Line:  bcdedit.exe /set {current} bootems off
746.  MD5:  780836bb63852990382df27de7fefd20
747.  SHA1: 6feedabbc6576a4bdc68935677b7a01f130b98f2
748.     848 328 346112
749. Regkey 
750. Queryvalue
751.    
752. \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\"ComputerName"
753.     848      
754. Regkey 
755. Added
756.    
757. \REGISTRY\MACHINE\BCD00000000\Objects\{92102341-c2c1-11e2-b94a-fece50bdaf86}\Elements\16000020
758.     848      
759. Regkey 
760. Setval
761.    
762. \REGISTRY\MACHINE\BCD00000000\Objects\{92102341-c2c1-11e2-b94a-fece50bdaf86}\Elements\16000020\"Elem
763.    ent" = 00
764.     848      
765. Process
766. Terminated
767.    
768. C:\Windows\System32\bcdedit.exe
769.  Parentname:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
770.  Command Line:  N/A
771.     848 328  
772. API Call   
773.    
774.  API Name:  Sleep   Address:  0x0041df48
775.  Params:  [1000]
776.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
777.     328      
778. Process
779. Started
780.    
781. C:\Windows\System32\bcdedit.exe
782.  Parentname:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
783.  Command Line:  bcdedit.exe /set {current} advancedoptions off
784.  MD5:  780836bb63852990382df27de7fefd20
785.  SHA1: 6feedabbc6576a4bdc68935677b7a01f130b98f2
786.     1756    328 346112
787. Regkey 
788. Queryvalue
789.    
790. \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\"ComputerName"
791.     1756         
792. Regkey 
793. Added
794.    
795. \REGISTRY\MACHINE\BCD00000000\Objects\{92102341-c2c1-11e2-b94a-fece50bdaf86}\Elements\16000040
796.     1756         
797. Regkey 
798. Setval
799.    
800. \REGISTRY\MACHINE\BCD00000000\Objects\{92102341-c2c1-11e2-b94a-fece50bdaf86}\Elements\16000040\"Elem
801.    ent" = 00
802.     1756         
803. Process
804. Terminated
805.    
806. C:\Windows\System32\bcdedit.exe
807.  Parentname:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
808.  Command Line:  N/A
809.     1756    328  
810. API Call   
811.    
812.  API Name:  Sleep   Address:  0x0041df48
813.  Params:  [1000]
814.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
815.     328      
816. Process
817. Started
818.    
819. C:\Windows\System32\bcdedit.exe
820.  Parentname:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
821.  Command Line:  bcdedit.exe /set {current} optionsedit off
822.  MD5:  780836bb63852990382df27de7fefd20
823.  SHA1: 6feedabbc6576a4bdc68935677b7a01f130b98f2
824.     3048    328 346112
825. Regkey 
826. Queryvalue
827.    
828. \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\"ComputerName"
829.     3048         
830. Regkey 
831. Added
832.    
833. \REGISTRY\MACHINE\BCD00000000\Objects\{92102341-c2c1-11e2-b94a-fece50bdaf86}\Elements\16000041
834.     3048         
835. Regkey 
836. Setval
837.    
838. \REGISTRY\MACHINE\BCD00000000\Objects\{92102341-c2c1-11e2-b94a-fece50bdaf86}\Elements\16000041\"Elem
839.    ent" = 00
840.     3048         
841. Process
842. Terminated
843.    
844. C:\Windows\System32\bcdedit.exe
845.  Parentname:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
846.  Command Line:  N/A
847.     3048    328  
848. API Call   
849.    
850.  API Name:  Sleep   Address:  0x0041df48
851.  Params:  [1000]
852.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
853.     328      
854. Process
855. Started
856.    
857. C:\Windows\System32\bcdedit.exe
858.  Parentname:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
859.  Command Line:  bcdedit.exe /set {current} bootstatuspolicy IgnoreAllFailures
860.  MD5:  780836bb63852990382df27de7fefd20
861.  SHA1: 6feedabbc6576a4bdc68935677b7a01f130b98f2
862.     2604    328 346112
863. Regkey 
864. Queryvalue
865.    
866. \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\"ComputerName"
867.     2604         
868. Regkey 
869. Added
870.    
871. \REGISTRY\MACHINE\BCD00000000\Objects\{92102341-c2c1-11e2-b94a-fece50bdaf86}\Elements\250000e0
872.     2604         
873. Regkey 
874. Setval
875.    
876. \REGISTRY\MACHINE\BCD00000000\Objects\{92102341-c2c1-11e2-b94a-fece50bdaf86}\Elements\250000e0\"Elem
877.    ent" = 01 00 00 00 00 00 00 00
878.     2604         
879. Process
880. Terminated
881.    
882. C:\Windows\System32\bcdedit.exe
883.  Parentname:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
884.  Command Line:  N/A
885.     2604    328  
886. API Call   
887.    
888.  API Name:  Sleep   Address:  0x0041df48
889.  Params:  [1000]
890.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
891.     328      
892. Process
893. Started
894.    
895. C:\Windows\System32\bcdedit.exe
896.  Parentname:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
897.  Command Line:  bcdedit.exe /set {current} recoveryenabled off
898.  MD5:  780836bb63852990382df27de7fefd20
899.  SHA1: 6feedabbc6576a4bdc68935677b7a01f130b98f2
900.     2548    328 346112
901. Regkey 
902. Queryvalue
903.    
904. \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\"ComputerName"
905.     2548         
906. Regkey 
907. Setval
908.    
909. \REGISTRY\MACHINE\BCD00000000\Objects\{92102341-c2c1-11e2-b94a-fece50bdaf86}\Elements\16000009\"Elem
910.    ent" = 00
911.     2548         
912. Process
913. Terminated
914.    
915. C:\Windows\System32\bcdedit.exe
916.  Parentname:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
917.  Command Line:  N/A
918.     2548    328  
919. API Call   
920.    
921.  API Name:  Sleep   Address:  0x0041df48
922.  Params:  [1000]
923.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
924.     328      
925. Regkey 
926. Added
927.    
928. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\zsys\
929.     328      
930. File   
931. Failed
932.    
933. C:\Users\Administrator\AppData\Roaming\NETAPI32.DLL
934.     328      
935. File   
936. Failed
937.    
938. C:\Users\Administrator\AppData\Roaming\NETUTILS.DLL
939.     328      
940. File   
941. Failed
942.    
943. C:\Users\Administrator\AppData\Roaming\SRVCLI.DLL
944.     328      
945. File   
946. Failed
947.    
948. C:\Users\Administrator\AppData\Roaming\WKSCLI.DLL
949.     328      
950. File   
951. Failed
952.    
953. C:\Users\Administrator\AppData\Roaming\SCHEDCLI.DLL
954.     328      
955. API Call   
956.    
957.  API Name:  GetComputerNameExW   Address:  0x76e7ce4b
958.  Params:  [0, 0x76f10a6c, 0x76f101c0]
959.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
960.     328      
961. API Call   
962.    
963.  API Name:  CryptAcquireContextW   Address:  0x0041baf8
964.  Params:  [NULL, NULL, 1, 4026531840]
965.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  advapi32.dll
966.     328      
967. File   
968. Failed
969.    
970. C:\Users\Administrator\AppData\Roaming\CRYPTSP.DLL
971.     328      
972. API Call   
973.    
974.  API Name:  Process32First   Address:  0x0041bda4
975.  Params:  [0x208, 0x18d448]
976.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
977.     328      
978. Malicious  Alert   
979. Generic  Anomalous  Activity
980.    
981. Message:   Enumerating running processes    Detail:   Process is enumerating running processes  
982.              
983. Regkey 
984. Setval
985.    
986. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\zsys\"ID" = e0 e6 ba c4 cd a3
987.    3b b5
988.     328      
989. Regkey 
990. Added
991.    
992. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\E0E6BAC4CDA33BB5
993.     328      
994. Regkey 
995. Setval
996.    
997. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\E0E6BAC4CDA33BB5\"data" = 31 3
998.   2 45 53 37 6e 48 6d 4c 58 35 76 75 4a 38 33 62 70 36 33 45 4d 66 6d 42 4d 74 50 4d 78 57 52 51 51
999.    00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 3d cc a6 85 98 f4 57 66 ea b1 ca 98 a2 67 20 6d af
1000.   5d 4f 5e 07 1e 38 8d 14 5a c3 24 34 66 c6 19 05 d5 02 34 fa 06 f0 c3 d6 41 ec 60 82 be cf c8 ef 6
1001.   1 4a ae b0 e3 5a 15 69 19 0a 14 b7 9b fb 96 00 00 33 37 34 43 34 34 45 39 44 39 37 35 35 46 31 36
1002.    44 45 37 39 39 37 35 38 30 41 30 45 32 31 38 32 34 37 43 42 41 30 37 46 36 34 36 44 35 39 33 36
1003.   31 45 39 39 35 33 46 35 37 31 43 39 39 42 44 41 39 37 33 34 33 33 37 44 38 34 34 45 35 42 44 45 3
1004.   9 31 37 36 31 34 32 45 41 33 45 41 45 33 35 42 32 34 42 35 44 37 33 34 45 31 46 46 37 33 31 33 38
1005.    37 34 32 30 43 39 38 39 36 45 34 45 34 38 44 00 00 00 00 04 47 b3 b7 5e 96 25 0e e6 c3 17 17 24
1006.   00 80 69 d2 b2 a9 7d ac 59 44 25 3f c3 ca 7a 8b 75 b2 84 6b 91 cd 9a 15 25 5e 8c 57 cb 21 1b c2 4
1007.   9 db 51 85 52 5e 61 05 17 84 ee 4a c7 14 4b 33 d1 45 59 75 00 00 00 00 00 00 00 00 db 4d 61 56 00
1008.    00 00 00
1009.     328      
1010. Regkey 
1011. Setval
1012.    
1013. \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"EnableLinkedConnections
1014.   " = 0x00000001
1015.     328      
1016. Malicious  Alert   
1017. Misc  Anom
1018.    
1019. Message:   Process deleting itself    Detail:   Process deleting itself in any manor  
1020.              
1021. Regkey 
1022. Setval
1023.    
1024. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
1025.    on\Run\"Acronis" = C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
1026.     328      
1027. API Call   
1028.    
1029.  API Name:  CryptAcquireContextA   Address:  0x00412c1f
1030.  Params:  [NULL, NULL, 1, 4026531840]
1031.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  advapi32.dll
1032.     328      
1033. File   
1034. Failed
1035.    
1036. C:\Users\Administrator\AppData\Roaming\PROPSYS.DLL
1037.     328      
1038. API Call   
1039.    
1040.  API Name:  GetSystemDirectoryW   Address:  0x75f92cf2
1041.  Params:  [0x2aafa60, 260]
1042.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
1043.     328      
1044. API Call   
1045.    
1046.  API Name:  GetVolumeNameForVolumeMountPointW   Address:  0x76220aaa
1047.  Params:  [NULL, \\?\Volume{a4dcb962-c2b8-11e2-8b83-806e6f6e6963}\]
1048.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
1049.     328      
1050. API Call   
1051.    
1052.  API Name:  GetSystemDirectoryW   Address:  0x743b56d4
1053.  Params:  [0x2aaec30, 260]
1054.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
1055.     328      
1056. API Call   
1057.    
1058.  API Name:  GetSystemDirectoryW   Address:  0x743b56d4
1059.  Params:  [0x2aaebf8, 260]
1060.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
1061.     328      
1062. API Call   
1063.    
1064.  API Name:  GetVolumeNameForVolumeMountPointW   Address:  0x76220aaa
1065.  Params:  [NULL, \\?\Volume{a4dcb962-c2b8-11e2-8b83-806e6f6e6963}\]
1066.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
1067.     328      
1068. File   
1069. Failed
1070.    
1071. C:\Users\ADMINI~1\AppData\Local\Temp\VSSADMIN.EXE
1072.     328      
1073. File   
1074. Failed
1075.    
1076. C:\Users\Administrator\AppData\Local\Microsoft\Windows\Caches
1077.     328      
1078. API Call   
1079.    
1080.  API Name:  GetSystemDirectoryW   Address:  0x77179cce
1081.  Params:  [0x2d1f6cc, 260]
1082.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
1083.     328      
1084. File   
1085. Failed
1086.    
1087. C:\Users\Administrator\AppData\Roaming\NTMARTA.DLL
1088.     328      
1089. File   
1090. Failed
1091.    
1092. C:\Users\Administrator\AppData\Roaming\SECUR32.DLL
1093.     328      
1094. Mutex  
1095.    
1096. \Sessions\1\BaseNamedObjects\ZonesCacheCounterMutex
1097.     328      
1098. Regkey 
1099. Deleteval
1100.    
1101. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
1102.   on\Internet Settings\ZoneMap\"ProxyBypass"
1103.     328      
1104. Regkey 
1105. Deleteval
1106.    
1107. \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\"P
1108.    roxyBypass"
1109.     328      
1110. Regkey 
1111. Deleteval
1112.    
1113. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
1114.   on\Internet Settings\ZoneMap\"IntranetName"
1115.     328      
1116. Regkey 
1117. Deleteval
1118.    
1119. \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\"I
1120.    ntranetName"
1121.     328      
1122. Regkey 
1123. Setval
1124.    
1125. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
1126.   on\Internet Settings\ZoneMap\"UNCAsIntranet" = 0x00000000
1127.     328      
1128. Regkey 
1129. Setval
1130.    
1131. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
1132.    on\Internet Settings\ZoneMap\"AutoDetect" = 0x00000001
1133.     328      
1134. Mutex  
1135.    
1136. \Sessions\1\BaseNamedObjects\ZonesLockedCacheCounterMutex
1137.     328      
1138. Regkey 
1139. Deleteval
1140.    
1141. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
1142.   on\Internet Settings\ZoneMap\"ProxyBypass"
1143.     328      
1144. Regkey 
1145. Deleteval
1146.    
1147. \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\"P
1148.    roxyBypass"
1149.     328      
1150. Regkey 
1151. Deleteval
1152.    
1153. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
1154.   on\Internet Settings\ZoneMap\"IntranetName"
1155.     328      
1156. Regkey 
1157. Deleteval
1158.    
1159. \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\"I
1160.    ntranetName"
1161.     328      
1162. Regkey 
1163. Setval
1164.    
1165. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
1166.   on\Internet Settings\ZoneMap\"UNCAsIntranet" = 0x00000000
1167.     328      
1168. Regkey 
1169. Setval
1170.    
1171. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
1172.    on\Internet Settings\ZoneMap\"AutoDetect" = 0x00000001
1173.     328      
1174. Folder 
1175. Open
1176.    
1177. C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies
1178.     328      
1179. File   
1180. Created
1181.    
1182. C:\Users\Administrator\Documents\recover_file_brvwbqpck.txt
1183.     328      
1184. File   
1185. Close
1186.    
1187. C:\Users\Administrator\Documents\recover_file_brvwbqpck.txt
1188.  MD5:  ea9cb64cffd1adb09d964c1e202861d9
1189.  SHA1: fe160fe8991773f9ca44999b34a398a5b32b0766
1190.     328     254
1191. Process
1192. Started
1193.    
1194. C:\Windows\System32\vssadmin.exe
1195.  Parentname:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
1196.  Command Line:  "C:\Windows\System32\vssadmin.exe" delete shadows /all /Quiet
1197.  MD5:  e23dd973e1444684eb36365deff1fc74
1198.  SHA1: 09fafeb1b8404124b33c44440be7e3fdb6105f8a
1199.     2336    328 167424
1200. File   
1201. Failed
1202.    
1203. C:\Users\Administrator\AppData\Roaming\API-MS-WIN-DOWNLEVEL-ADVAPI32-L2-1-0.DLL
1204.     328      
1205. API Call   
1206.    
1207.  API Name:  Sleep   Address:  0x0041f00b
1208.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
1209.     328      
1210. File   
1211. Open
1212.    
1213. C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
1214.     328     128
1215. Process
1216. Opened
1217.    
1218.  
1219. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1220.    
1221. 4
1222. 328
1223.          
1224. Process
1225. Opened
1226.    
1227.  
1228. Target:   C:\Windows\System32\smss.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1229.    
1230. 264
1231. 328
1232.          
1233. Process
1234. Opened
1235.    
1236.  
1237. Target:   C:\Windows\System32\csrss.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1238.    
1239. 348
1240. 328
1241.          
1242. Process
1243. Opened
1244.    
1245.  
1246. Target:   C:\Windows\System32\wininit.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1247.    
1248. 376
1249. 328
1250.          
1251. Process
1252. Opened
1253.    
1254.  
1255. Target:   C:\Windows\System32\csrss.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1256.    
1257. 396
1258. 328
1259.          
1260. Process
1261. Opened
1262.    
1263.  
1264. Target:   C:\Windows\System32\winlogon.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1265.    
1266. 432
1267. 328
1268.          
1269. Process
1270. Opened
1271.    
1272.  
1273. Target:   C:\Windows\System32\services.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1274.    
1275. 476
1276. 328
1277.          
1278. Process
1279. Opened
1280.    
1281.  
1282. Target:   C:\Windows\System32\lsass.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1283.    
1284. 492
1285. 328
1286.          
1287. Process
1288. Opened
1289.    
1290.  
1291. Target:   C:\Windows\System32\lsm.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1292.    
1293. 500
1294. 328
1295.          
1296. Process
1297. Opened
1298.    
1299.  
1300. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1301.    
1302. 612
1303. 328
1304.          
1305. Process
1306. Opened
1307.    
1308.  
1309. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1310.    
1311. 684
1312. 328
1313.          
1314. Process
1315. Opened
1316.    
1317.  
1318. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1319.    
1320. 756
1321. 328
1322.          
1323. Process
1324. Opened
1325.    
1326.  
1327. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1328.    
1329. 828
1330. 328
1331.          
1332. Process
1333. Opened
1334.    
1335.  
1336. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1337.    
1338. 868
1339. 328
1340.          
1341. Process
1342. Opened
1343.    
1344.  
1345. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1346.    
1347. 904
1348. 328
1349.          
1350. Process
1351. Opened
1352.    
1353.  
1354. Target:   C:\Windows\System32\spoolsv.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1355.    
1356. 968
1357. 328
1358.          
1359. Process
1360. Opened
1361.    
1362.  
1363. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1364.    
1365. 1064
1366. 328
1367.          
1368. Process
1369. Opened
1370.    
1371.  
1372. Target:   C:\Windows\System32\taskhost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1373.    
1374. 1164
1375. 328
1376.          
1377. Process
1378. Opened
1379.    
1380.  
1381. Target:   C:\Windows\System32\dwm.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1382.    
1383. 1244
1384. 328
1385.          
1386. Process
1387. Opened
1388.    
1389.  
1390. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1391.    
1392. 1340
1393. 328
1394.          
1395. Process
1396. Opened
1397.    
1398.  
1399. Target:   C:\Windows\explorer.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1400.    
1401. 1092
1402. 328
1403.          
1404. Process
1405. Opened
1406.    
1407.  
1408. Target:   C:\Windows\System32\wbem\WmiPrvSE.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1409.    
1410. 940
1411. 328
1412.          
1413. Process
1414. Opened
1415.    
1416.  
1417. Target:   C:\Program Files\Internet Explorer\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1418.    
1419. 1976
1420. 328
1421.          
1422. Process
1423. Opened
1424.    
1425.  
1426. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1427.    
1428. 384
1429. 328
1430.          
1431. Process
1432. Opened
1433.    
1434.  
1435. Target:   C:\Program Files (x86)\Internet Explorer\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1436.    
1437. 1460
1438. 328
1439.          
1440. Process
1441. Opened
1442.    
1443.  
1444. Target:   C:\Program Files (x86)\Internet Explorer\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1445.    
1446. 1312
1447. 328
1448.          
1449. Process
1450. Opened
1451.    
1452.  
1453. Target:   C:\Program Files (x86)\Internet Explorer9\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1454.    
1455. 1324
1456. 328
1457.          
1458. Process
1459. Opened
1460.    
1461.  
1462. Target:   C:\Program Files (x86)\Internet Explorer9\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1463.    
1464. 1852
1465. 328
1466.          
1467. Process
1468. Opened
1469.    
1470.  
1471. Target:   C:\Windows\System32\wbem\WmiPrvSE.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1472.    
1473. 2056
1474. 328
1475.          
1476. Process
1477. Opened
1478.    
1479.  
1480. Target:   C:\Windows\System32\taskhost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1481.    
1482. 2220
1483. 328
1484.          
1485. Process
1486. Opened
1487.    
1488.  
1489. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1490.    
1491. 2456
1492. 328
1493.          
1494. Process
1495. Opened
1496.    
1497.  
1498. Target:   C:\Windows\System32\vssadmin.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1499.    
1500. 2336
1501. 328
1502.          
1503. Process
1504. Opened
1505.    
1506.  
1507. Target:   C:\Windows\System32\conhost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1508.    
1509. 2168
1510. 328
1511.          
1512. API Call   
1513.    
1514.  API Name:  GetVolumeNameForVolumeMountPointW   Address:  0x76220e20
1515.  Params:  [NULL, \\?\Volume{a4dcb965-c2b8-11e2-8b83-806e6f6e6963}\]
1516.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
1517.     328      
1518. API Call   
1519.    
1520.  API Name:  GetVolumeNameForVolumeMountPointW   Address:  0x76220e20
1521.  Params:  [NULL, \\?\Volume{a4dcb962-c2b8-11e2-8b83-806e6f6e6963}\]
1522.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
1523.     328      
1524. File   
1525. Failed
1526.    
1527. C:\Users\Administrator\AppData\Roaming\IPHLPAPI.DLL
1528.     328      
1529. File   
1530. Failed
1531.    
1532. C:\Users\Administrator\AppData\Roaming\WINNSI.DLL
1533.     328      
1534. File   
1535. Failed
1536.    
1537. C:\Users\Administrator\AppData\Roaming\API-MS-WIN-DOWNLEVEL-SHLWAPI-L2-1-0.DLL
1538.     328      
1539. Process
1540. Opened
1541.    
1542.  
1543. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1544.    
1545. 4
1546. 328
1547.          
1548. Process
1549. Opened
1550.    
1551.  
1552. Target:   C:\Windows\System32\smss.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1553.    
1554. 264
1555. 328
1556.          
1557. Process
1558. Opened
1559.    
1560.  
1561. Target:   C:\Windows\System32\csrss.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1562.    
1563. 348
1564. 328
1565.          
1566. Process
1567. Opened
1568.    
1569.  
1570. Target:   C:\Windows\System32\wininit.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1571.    
1572. 376
1573. 328
1574.          
1575. Process
1576. Opened
1577.    
1578.  
1579. Target:   C:\Windows\System32\csrss.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1580.    
1581. 396
1582. 328
1583.          
1584. Process
1585. Opened
1586.    
1587.  
1588. Target:   C:\Windows\System32\winlogon.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1589.    
1590. 432
1591. 328
1592.          
1593. Process
1594. Opened
1595.    
1596.  
1597. Target:   C:\Windows\System32\services.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1598.    
1599. 476
1600. 328
1601.          
1602. Process
1603. Opened
1604.    
1605.  
1606. Target:   C:\Windows\System32\lsass.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1607.    
1608. 492
1609. 328
1610.          
1611. Process
1612. Opened
1613.    
1614.  
1615. Target:   C:\Windows\System32\lsm.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1616.    
1617. 500
1618. 328
1619.          
1620. Process
1621. Opened
1622.    
1623.  
1624. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1625.    
1626. 612
1627. 328
1628.          
1629. Process
1630. Opened
1631.    
1632.  
1633. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1634.    
1635. 684
1636. 328
1637.          
1638. Process
1639. Opened
1640.    
1641.  
1642. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1643.    
1644. 756
1645. 328
1646.          
1647. Process
1648. Opened
1649.    
1650.  
1651. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1652.    
1653. 828
1654. 328
1655.          
1656. Process
1657. Opened
1658.    
1659.  
1660. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1661.    
1662. 868
1663. 328
1664.          
1665. Process
1666. Opened
1667.    
1668.  
1669. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1670.    
1671. 904
1672. 328
1673.          
1674. Process
1675. Opened
1676.    
1677.  
1678. Target:   C:\Windows\System32\spoolsv.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1679.    
1680. 968
1681. 328
1682.          
1683. Process
1684. Opened
1685.    
1686.  
1687. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1688.    
1689. 1064
1690. 328
1691.          
1692. Process
1693. Opened
1694.    
1695.  
1696. Target:   C:\Windows\System32\taskhost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1697.    
1698. 1164
1699. 328
1700.          
1701. Process
1702. Opened
1703.    
1704.  
1705. Target:   C:\Windows\System32\dwm.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1706.    
1707. 1244
1708. 328
1709.          
1710. Process
1711. Opened
1712.    
1713.  
1714. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1715.    
1716. 1340
1717. 328
1718.          
1719. Process
1720. Opened
1721.    
1722.  
1723. Target:   C:\Windows\explorer.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1724.    
1725. 1092
1726. 328
1727.          
1728. Process
1729. Opened
1730.    
1731.  
1732. Target:   C:\Windows\System32\wbem\WmiPrvSE.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1733.    
1734. 940
1735. 328
1736.          
1737. Process
1738. Opened
1739.    
1740.  
1741. Target:   C:\Program Files\Internet Explorer\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1742.    
1743. 1976
1744. 328
1745.          
1746. Process
1747. Opened
1748.    
1749.  
1750. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1751.    
1752. 384
1753. 328
1754.          
1755. Process
1756. Opened
1757.    
1758.  
1759. Target:   C:\Program Files (x86)\Internet Explorer\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1760.    
1761. 1460
1762. 328
1763.          
1764. Process
1765. Opened
1766.    
1767.  
1768. Target:   C:\Program Files (x86)\Internet Explorer\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1769.    
1770. 1312
1771. 328
1772.          
1773. Process
1774. Opened
1775.    
1776.  
1777. Target:   C:\Program Files (x86)\Internet Explorer9\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1778.    
1779. 1324
1780. 328
1781.          
1782. Process
1783. Opened
1784.    
1785.  
1786. Target:   C:\Program Files (x86)\Internet Explorer9\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1787.    
1788. 1852
1789. 328
1790.          
1791. Process
1792. Opened
1793.    
1794.  
1795. Target:   C:\Windows\System32\wbem\WmiPrvSE.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1796.    
1797. 2056
1798. 328
1799.          
1800. Process
1801. Opened
1802.    
1803.  
1804. Target:   C:\Windows\System32\taskhost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1805.    
1806. 2220
1807. 328
1808.          
1809. Process
1810. Opened
1811.    
1812.  
1813. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1814.    
1815. 2456
1816. 328
1817.          
1818. Process
1819. Opened
1820.    
1821.  
1822. Target:   C:\Windows\System32\vssadmin.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1823.    
1824. 2336
1825. 328
1826.          
1827. Process
1828. Opened
1829.    
1830.  
1831. Target:   C:\Windows\System32\conhost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1832.    
1833. 2168
1834. 328
1835.          
1836. Regkey 
1837. Setval
1838.    
1839. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
1840.   on\Internet Settings\"ProxyEnable" = 0x00000000
1841.     328      
1842. Regkey 
1843. Setval
1844.    
1845. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
1846.    on\Internet Settings\"ProxyServer" = 10.0.0.2:8080
1847.     328      
1848. Regkey 
1849. Deleteval
1850.    
1851. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
1852.   on\Internet Settings\"ProxyOverride"
1853.     328      
1854. Regkey 
1855. Deleteval
1856.    
1857. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
1858.    on\Internet Settings\"AutoConfigURL"
1859.     328      
1860. Regkey 
1861. Deleteval
1862.    
1863. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
1864.   on\Internet Settings\"AutoDetect"
1865.     328      
1866. Regkey 
1867. Setval
1868.    
1869. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
1870.    on\Internet Settings\Connections\"SavedLegacySettings" = 46 00 00 00 21 00 00 00 09 00 00 00 0d 0
1871.   0 00 00 31 30 2e 30 2e 30 2e 32 3a 38 30 38 30 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00
1872.    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 0a 00 00 42 00
1873.   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
1874.   0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1875.    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1876.   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1877.     328      
1878. File   
1879. Failed
1880.    
1881. C:\Users\Administrator\AppData\Roaming\DNSAPI.DLL
1882.     328      
1883. File   
1884. Find
1885.    
1886. C:\*
1887.     328      
1888. File   
1889. Find
1890.    
1891. C:\$Recycle.Bin\*
1892.     328      
1893. File   
1894. Created
1895.    
1896. C:\$Recycle.Bin\S-1-5-21-2529703413-2662079939-3113469119-500\how_recover+sia.txt
1897.     328      
1898. File   
1899. Close
1900.    
1901. C:\$Recycle.Bin\S-1-5-21-2529703413-2662079939-3113469119-500\how_recover+sia.txt
1902.  MD5:  dfd795e9766d0000c6b098809bd6eb64
1903.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
1904.     328     2639
1905. Regkey 
1906. Setval
1907.    
1908. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
1909.   on\Internet Settings\5.0\Cache\Content\"CachePrefix" =
1910.     328      
1911. File   
1912. Failed
1913.    
1914. C:\Users\Administrator
1915.     328      
1916. File   
1917. Failed
1918.    
1919. C:\Users\Administrator\AppData\Local
1920.     328      
1921. File   
1922. Failed
1923.    
1924. C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files
1925.     328      
1926. Regkey 
1927. Setval
1928.    
1929. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
1930.    on\Internet Settings\5.0\Cache\Cookies\"CachePrefix" = Cookie:
1931.     328      
1932. File   
1933. Failed
1934.    
1935. C:\Users\Administrator\AppData\Roaming
1936.     328      
1937. File   
1938. Failed
1939.    
1940. C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies
1941.     328      
1942. Regkey 
1943. Setval
1944.    
1945. \REGISTRY\USER\S-1-5-21-2529703413-2662079939-3113469119-500\Software\Microsoft\Windows\CurrentVersi
1946.   on\Internet Settings\5.0\Cache\History\"CachePrefix" = Visited:
1947.     328      
1948. File   
1949. Failed
1950.    
1951. C:\Users\Administrator\AppData\Local\Microsoft\Windows\History
1952.     328      
1953. File   
1954. Created
1955.    
1956. C:\$Recycle.Bin\S-1-5-21-2529703413-2662079939-3113469119-500\how_recover+sia.html
1957.     328      
1958. File   
1959. Close
1960.    
1961. C:\$Recycle.Bin\S-1-5-21-2529703413-2662079939-3113469119-500\how_recover+sia.html
1962.   MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
1963.   SHA1: 597094f82fc2949d527748bf1385e60405437d1d
1964.     328     9372
1965. File   
1966. Created
1967.    
1968. C:\$Recycle.Bin\how_recover+sia.txt
1969.     328      
1970. File   
1971. Close
1972.    
1973. C:\$Recycle.Bin\how_recover+sia.txt
1974.   MD5:  dfd795e9766d0000c6b098809bd6eb64
1975.   SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
1976.     328     2639
1977. Regkey 
1978. Queryvalue
1979.    
1980. \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\"ComputerName"
1981.     2336         
1982. File   
1983. Created
1984.    
1985. C:\$Recycle.Bin\how_recover+sia.html
1986.     328      
1987. File   
1988. Close
1989.    
1990. C:\$Recycle.Bin\how_recover+sia.html
1991.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
1992.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
1993.     328     9372
1994. Process
1995. Opened
1996.    
1997.  
1998. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
1999.    
2000. 4
2001. 328
2002.          
2003. Process
2004. Opened
2005.    
2006.  
2007. Target:   C:\Windows\System32\smss.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2008.    
2009. 264
2010. 328
2011.          
2012. Process
2013. Opened
2014.    
2015.  
2016. Target:   C:\Windows\System32\csrss.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2017.    
2018. 348
2019. 328
2020.          
2021. Process
2022. Opened
2023.    
2024.  
2025. Target:   C:\Windows\System32\wininit.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2026.    
2027. 376
2028. 328
2029.          
2030. Process
2031. Opened
2032.    
2033.  
2034. Target:   C:\Windows\System32\csrss.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2035.    
2036. 396
2037. 328
2038.          
2039. Process
2040. Opened
2041.    
2042.  
2043. Target:   C:\Windows\System32\winlogon.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2044.    
2045. 432
2046. 328
2047.          
2048. Process
2049. Opened
2050.    
2051.  
2052. Target:   C:\Windows\System32\services.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2053.    
2054. 476
2055. 328
2056.          
2057. Process
2058. Opened
2059.    
2060.  
2061. Target:   C:\Windows\System32\lsass.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2062.    
2063. 492
2064. 328
2065.          
2066. Process
2067. Opened
2068.    
2069.  
2070. Target:   C:\Windows\System32\lsm.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2071.    
2072. 500
2073. 328
2074.          
2075. Process
2076. Opened
2077.    
2078.  
2079. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2080.    
2081. 612
2082. 328
2083.          
2084. Process
2085. Opened
2086.    
2087.  
2088. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2089.    
2090. 684
2091. 328
2092.          
2093. Process
2094. Opened
2095.    
2096.  
2097. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2098.    
2099. 756
2100. 328
2101.          
2102. Process
2103. Opened
2104.    
2105.  
2106. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2107.    
2108. 828
2109. 328
2110.          
2111. Process
2112. Opened
2113.    
2114.  
2115. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2116.    
2117. 868
2118. 328
2119.          
2120. Process
2121. Opened
2122.    
2123.  
2124. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2125.    
2126. 904
2127. 328
2128.          
2129. Process
2130. Opened
2131.    
2132.  
2133. Target:   C:\Windows\System32\spoolsv.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2134.    
2135. 968
2136. 328
2137.          
2138. Process
2139. Opened
2140.    
2141.  
2142. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2143.    
2144. 1064
2145. 328
2146.          
2147. Process
2148. Opened
2149.    
2150.  
2151. Target:   C:\Windows\System32\taskhost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2152.    
2153. 1164
2154. 328
2155.          
2156. Process
2157. Opened
2158.    
2159.  
2160. Target:   C:\Windows\System32\dwm.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2161.    
2162. 1244
2163. 328
2164.          
2165. Process
2166. Opened
2167.    
2168.  
2169. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2170.    
2171. 1340
2172. 328
2173.          
2174. Process
2175. Opened
2176.    
2177.  
2178. Target:   C:\Windows\explorer.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2179.    
2180. 1092
2181. 328
2182.          
2183. Process
2184. Opened
2185.    
2186.  
2187. Target:   C:\Windows\System32\wbem\WmiPrvSE.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2188.    
2189. 940
2190. 328
2191.          
2192. Process
2193. Opened
2194.    
2195.  
2196. Target:   C:\Program Files\Internet Explorer\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2197.    
2198. 1976
2199. 328
2200.          
2201. Process
2202. Opened
2203.    
2204.  
2205. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2206.    
2207. 384
2208. 328
2209.          
2210. Process
2211. Opened
2212.    
2213.  
2214. Target:   C:\Program Files (x86)\Internet Explorer\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2215.    
2216. 1460
2217. 328
2218.          
2219. Process
2220. Opened
2221.    
2222.  
2223. Target:   C:\Program Files (x86)\Internet Explorer\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2224.    
2225. 1312
2226. 328
2227.          
2228. Process
2229. Opened
2230.    
2231.  
2232. Target:   C:\Program Files (x86)\Internet Explorer9\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2233.    
2234. 1324
2235. 328
2236.          
2237. Process
2238. Opened
2239.    
2240.  
2241. Target:   C:\Program Files (x86)\Internet Explorer9\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2242.    
2243. 1852
2244. 328
2245.          
2246. Process
2247. Opened
2248.    
2249.  
2250. Target:   C:\Windows\System32\wbem\WmiPrvSE.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2251.    
2252. 2056
2253. 328
2254.          
2255. Process
2256. Opened
2257.    
2258.  
2259. Target:   C:\Windows\System32\taskhost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2260.    
2261. 2220
2262. 328
2263.          
2264. Process
2265. Opened
2266.    
2267.  
2268. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2269.    
2270. 2456
2271. 328
2272.          
2273. Process
2274. Opened
2275.    
2276.  
2277. Target:   C:\Windows\System32\vssadmin.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2278.    
2279. 2336
2280. 328
2281.          
2282. Process
2283. Opened
2284.    
2285.  
2286. Target:   C:\Windows\System32\conhost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2287.    
2288. 2168
2289. 328
2290.          
2291. File   
2292. Failed
2293.    
2294. C:\Users\Administrator\AppData\Roaming\DHCPCSVC6.DLL
2295.     328      
2296. File   
2297. Failed
2298.    
2299. C:\Users\Administrator\AppData\Roaming\RPCRTREMOTE.DLL
2300.     328      
2301. Process
2302. Opened
2303.    
2304.  
2305. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2306.    
2307. 4
2308. 328
2309.          
2310. Process
2311. Opened
2312.    
2313.  
2314. Target:   C:\Windows\System32\smss.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2315.    
2316. 264
2317. 328
2318.          
2319. Process
2320. Opened
2321.    
2322.  
2323. Target:   C:\Windows\System32\csrss.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2324.    
2325. 348
2326. 328
2327.          
2328. Process
2329. Opened
2330.    
2331.  
2332. Target:   C:\Windows\System32\wininit.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2333.    
2334. 376
2335. 328
2336.          
2337. Process
2338. Opened
2339.    
2340.  
2341. Target:   C:\Windows\System32\csrss.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2342.    
2343. 396
2344. 328
2345.          
2346. Process
2347. Opened
2348.    
2349.  
2350. Target:   C:\Windows\System32\winlogon.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2351.    
2352. 432
2353. 328
2354.          
2355. Process
2356. Opened
2357.    
2358.  
2359. Target:   C:\Windows\System32\services.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2360.    
2361. 476
2362. 328
2363.          
2364. Process
2365. Opened
2366.    
2367.  
2368. Target:   C:\Windows\System32\lsass.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2369.    
2370. 492
2371. 328
2372.          
2373. Process
2374. Opened
2375.    
2376.  
2377. Target:   C:\Windows\System32\lsm.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2378.    
2379. 500
2380. 328
2381.          
2382. Process
2383. Opened
2384.    
2385.  
2386. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2387.    
2388. 612
2389. 328
2390.          
2391. Process
2392. Opened
2393.    
2394.  
2395. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2396.    
2397. 684
2398. 328
2399.          
2400. Process
2401. Opened
2402.    
2403.  
2404. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2405.    
2406. 756
2407. 328
2408.          
2409. Process
2410. Opened
2411.    
2412.  
2413. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2414.    
2415. 828
2416. 328
2417.          
2418. Process
2419. Opened
2420.    
2421.  
2422. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2423.    
2424. 868
2425. 328
2426.          
2427. Process
2428. Opened
2429.    
2430.  
2431. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2432.    
2433. 904
2434. 328
2435.          
2436. Process
2437. Opened
2438.    
2439.  
2440. Target:   C:\Windows\System32\spoolsv.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2441.    
2442. 968
2443. 328
2444.          
2445. Process
2446. Opened
2447.    
2448.  
2449. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2450.    
2451. 1064
2452. 328
2453.          
2454. Process
2455. Opened
2456.    
2457.  
2458. Target:   C:\Windows\System32\taskhost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2459.    
2460. 1164
2461. 328
2462.          
2463. Process
2464. Opened
2465.    
2466.  
2467. Target:   C:\Windows\System32\dwm.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2468.    
2469. 1244
2470. 328
2471.          
2472. Process
2473. Opened
2474.    
2475.  
2476. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2477.    
2478. 1340
2479. 328
2480.          
2481. Process
2482. Opened
2483.    
2484.  
2485. Target:   C:\Windows\explorer.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2486.    
2487. 1092
2488. 328
2489.          
2490. Process
2491. Opened
2492.    
2493.  
2494. Target:   C:\Windows\System32\wbem\WmiPrvSE.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2495.    
2496. 940
2497. 328
2498.          
2499. Process
2500. Opened
2501.    
2502.  
2503. Target:   C:\Program Files\Internet Explorer\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2504.    
2505. 1976
2506. 328
2507.          
2508. Process
2509. Opened
2510.    
2511.  
2512. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2513.    
2514. 384
2515. 328
2516.          
2517. Process
2518. Opened
2519.    
2520.  
2521. Target:   C:\Program Files (x86)\Internet Explorer\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2522.    
2523. 1460
2524. 328
2525.          
2526. Process
2527. Opened
2528.    
2529.  
2530. Target:   C:\Program Files (x86)\Internet Explorer\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2531.    
2532. 1312
2533. 328
2534.          
2535. Process
2536. Opened
2537.    
2538.  
2539. Target:   C:\Program Files (x86)\Internet Explorer9\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2540.    
2541. 1324
2542. 328
2543.          
2544. Process
2545. Opened
2546.    
2547.  
2548. Target:   C:\Program Files (x86)\Internet Explorer9\iexplore.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2549.    
2550. 1852
2551. 328
2552.          
2553. Process
2554. Opened
2555.    
2556.  
2557. Target:   C:\Windows\System32\wbem\WmiPrvSE.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2558.    
2559. 2056
2560. 328
2561.          
2562. Process
2563. Opened
2564.    
2565.  
2566. Target:   C:\Windows\System32\taskhost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2567.    
2568. 2220
2569. 328
2570.          
2571. Process
2572. Opened
2573.    
2574.  
2575. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2576.    
2577. 2456
2578. 328
2579.          
2580. Process
2581. Opened
2582.    
2583.  
2584. Target:   C:\Windows\System32\vssadmin.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2585.    
2586. 2336
2587. 328
2588.          
2589. Process
2590. Opened
2591.    
2592.  
2593. Target:   C:\Windows\System32\conhost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2594.    
2595. 2168
2596. 328
2597.          
2598. File   
2599. Failed
2600.    
2601. C:\Users\Administrator\AppData\Roaming\DHCPCSVC.DLL
2602.     328      
2603. Process
2604. Opened
2605.    
2606.  
2607. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2608.    
2609. 4
2610. 328
2611.          
2612. Process
2613. Opened
2614.    
2615.  
2616. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2617.    
2618. 384
2619. 328
2620.          
2621. Process
2622. Opened
2623.    
2624.  
2625. Target:   N\AB    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2626.    
2627. 2864
2628. 328
2629.          
2630. Ransom 
2631.    
2632. C:\049IoqKhtkpT2\naEhPKZY.xls
2633. MD5:  e20105be75fb0fac4e89425c38dfc2a8
2634.              
2635. Malicious  Alert   
2636. Ransomware
2637.    
2638. Message:   Ransomware Activity    Detail:   Ransomware Activity  
2639.              
2640. Malicious  Alert   
2641. Misc  Anom
2642.    
2643. Message:   Ransomware Activity    Detail:   Ransomware Activity  
2644.              
2645. File   
2646. Failed
2647.    
2648. C:\Users\Administrator\AppData\Roaming\RASADHLP.DLL
2649.     328      
2650. Process
2651. Opened
2652.    
2653.  
2654. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2655.    
2656. 4
2657. 328
2658.          
2659. Process
2660. Opened
2661.    
2662.  
2663. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2664.    
2665. 384
2666. 328
2667.          
2668. Process
2669. Opened
2670.    
2671.  
2672. Target:   C:\Windows\System32\VSSVC.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2673.    
2674. 2864
2675. 328
2676.          
2677. Network
2678. Dns  Query
2679.    
2680.  Protocol  Type:  udp   Qtype:  Host Address   Hostname:  myexternalip.com
2681.  Imagepath:  c:\Users\Administrator\AppData\Roaming\icwyx-a.exe
2682.     328      
2683. Malicious  Alert   
2684. Network  Activity
2685.    
2686. Message:   Network outbound communication attempted    Detail:   Process attempting connections via dns_query  
2687.              
2688. Malicious  Alert   
2689. Misc  Anom
2690.    
2691. Message:   Persistance with Self Delete Activity    Detail:   Persistance with Self Delete Activity  
2692.              
2693. Network
2694. Dns  Query  Answer
2695.    
2696.  Protocol  Type:  udp   IP Address:  199.16.199.2   Hostname:  myexternalip.com
2697.  Imagepath:  c:\Users\Administrator\AppData\Roaming\icwyx-a.exe
2698.     328      
2699. API Call   
2700.    
2701.  API Name:  GetSystemDirectoryA   Address:  0x76049c36
2702.  Params:  [0x2f6c7d0, 260]
2703.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
2704.     328      
2705. API Call   
2706.    
2707.  API Name:  Sleep   Address:  0x0041f00b
2708.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
2709.     328      
2710. Process
2711. Opened
2712.    
2713.  
2714. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2715.    
2716. 4
2717. 328
2718.          
2719. Process
2720. Opened
2721.    
2722.  
2723. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2724.    
2725. 384
2726. 328
2727.          
2728. Process
2729. Opened
2730.    
2731.  
2732. Target:   C:\Windows\System32\VSSVC.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2733.    
2734. 2864
2735. 328
2736.          
2737. Ransom 
2738.    
2739. C:\049IoqKhtkpT2\ogasoVZrY.jpg
2740. MD5:  c58548677bcc532e32b8f700d45b43ab
2741.              
2742. Process
2743. Opened
2744.    
2745.  
2746. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2747.    
2748. 4
2749. 328
2750.          
2751. Process
2752. Opened
2753.    
2754.  
2755. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2756.    
2757. 384
2758. 328
2759.          
2760. Process
2761. Opened
2762.    
2763.  
2764. Target:   C:\Windows\System32\VSSVC.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2765.    
2766. 2864
2767. 328
2768.          
2769. Process
2770. Opened
2771.    
2772.  
2773. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2774.    
2775. 4
2776. 328
2777.          
2778. Process
2779. Opened
2780.    
2781.  
2782. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2783.    
2784. 384
2785. 328
2786.          
2787. 3 Repeated items skipped
2788. Process
2789. Opened
2790.    
2791.  
2792. Target:   C:\Windows\System32\dllhost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2793.    
2794. 2960
2795. 328
2796.          
2797. Process
2798. Opened
2799.    
2800.  
2801. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2802.    
2803. 4
2804. 328
2805.          
2806. Process
2807. Opened
2808.    
2809.  
2810. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2811.    
2812. 384
2813. 328
2814.          
2815. Process
2816. Opened
2817.    
2818.  
2819. Target:   C:\Windows\System32\dllhost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2820.    
2821. 2960
2822. 328
2823.          
2824. Process
2825. Opened
2826.    
2827.  
2828. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2829.    
2830. 4
2831. 328
2832.          
2833. Process
2834. Opened
2835.    
2836.  
2837. Target:   N/A    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2838.    
2839. 384
2840. 328
2841.          
2842. Process
2843. Opened
2844.    
2845.  
2846. Target:   C:\Windows\System32\dllhost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2847.    
2848. 2960
2849. 328
2850.          
2851. 2 Repeated items skipped
2852. Process
2853. Opened
2854.    
2855.  
2856. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2857.    
2858. 2416
2859. 328
2860.          
2861. 2 Repeated items skipped
2862. Ransom 
2863.    
2864. C:\049IoqKhtkpT2\RsaneooSm.ppt
2865. MD5:  84bf5c5ade2397b22f49adc6c6e02f0a
2866.              
2867. Process
2868. Opened
2869.    
2870.  
2871. Target:   C:\Windows\System32\svchost.exe    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
2872.    
2873. 2416
2874. 328
2875.          
2876. 2 Repeated items skipped
2877. Ransom 
2878.    
2879. C:\049IoqKhtkpT2\yWdIhcc-.doc
2880. MD5:  c3e6ea4347c76bdbb178869798a2bc0b
2881.              
2882. File   
2883. Created
2884.    
2885. C:\049IoqKhtkpT2\how_recover+sia.txt
2886.     328      
2887. Network
2888. Http  Request
2889.    
2890.  Protocol  Type:  tcp   Destination  Port:  80   IP Address:  199.16.199.2
2891.  Imagepath:  c:\Users\Administrator\AppData\Roaming\icwyx-a.exe
2892.     328      
2893. API Call   
2894.    
2895.  API Name:  Sleep   Address:  0x7760d98d
2896.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
2897.     328      
2898. File   
2899. Close
2900.    
2901. C:\049IoqKhtkpT2\how_recover+sia.txt
2902.  MD5:  dfd795e9766d0000c6b098809bd6eb64
2903.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
2904.     328     2639
2905. File   
2906. Created
2907.    
2908. C:\049IoqKhtkpT2\how_recover+sia.html
2909.     328      
2910. File   
2911. Close
2912.    
2913. C:\049IoqKhtkpT2\how_recover+sia.html
2914.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
2915.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
2916.     328     9372
2917. Ransom 
2918.    
2919. C:\a8bC-VnssffT1\JgieYN.txt
2920. MD5:  75d738faabeaef4927f3d8f9e16a5ee0
2921.              
2922. Network
2923. Dns  Query
2924.    
2925.  Protocol  Type:  udp   Qtype:  Host Address   Hostname:  regiefernando.me
2926.  Imagepath:  c:\Users\Administrator\AppData\Roaming\icwyx-a.exe
2927.     328      
2928. Network
2929. Dns  Query  Answer
2930.    
2931.  Protocol  Type:  udp   IP Address:  199.16.199.3   Hostname:  regiefernando.me
2932.  Imagepath:  c:\Users\Administrator\AppData\Roaming\icwyx-a.exe
2933.     328      
2934. Network
2935. Http  Request
2936.    
2937.  Protocol  Type:  tcp   Destination  Port:  80   IP Address:  199.16.199.3
2938.  Imagepath:  c:\Users\Administrator\AppData\Roaming\icwyx-a.exe
2939.     328      
2940. Network
2941. Dns  Query
2942.    
2943.  Protocol  Type:  udp   Qtype:  Host Address   Hostname:  schriebershof.de
2944.  Imagepath:  c:\Users\Administrator\AppData\Roaming\icwyx-a.exe
2945.     328      
2946. Network
2947. Dns  Query  Answer
2948.    
2949.  Protocol  Type:  udp   IP Address:  199.16.199.4   Hostname:  schriebershof.de
2950.  Imagepath:  c:\Users\Administrator\AppData\Roaming\icwyx-a.exe
2951.     328      
2952. Network
2953. Http  Request
2954.    
2955.  Protocol  Type:  tcp   Destination  Port:  80   IP Address:  199.16.199.4
2956.  Imagepath:  c:\Users\Administrator\AppData\Roaming\icwyx-a.exe
2957.     328      
2958. Network
2959. Dns  Query
2960.    
2961.  Protocol  Type:  udp   Qtype:  Host Address   Hostname:  apotheke-stiepel.com
2962.  Imagepath:  c:\Users\Administrator\AppData\Roaming\icwyx-a.exe
2963.     328      
2964. Network
2965. Dns  Query  Answer
2966.    
2967.  Protocol  Type:  udp   IP Address:  199.16.199.5   Hostname:  apotheke-stiepel.com
2968.  Imagepath:  c:\Users\Administrator\AppData\Roaming\icwyx-a.exe
2969.     328      
2970. Network
2971. Http  Request
2972.    
2973.  Protocol  Type:  tcp   Destination  Port:  80   IP Address:  199.16.199.5
2974.  Imagepath:  c:\Users\Administrator\AppData\Roaming\icwyx-a.exe
2975.     328      
2976. Network
2977. Dns  Query
2978.    
2979.  Protocol  Type:  udp   Qtype:  Host Address   Hostname:  woodenden.com
2980.  Imagepath:  c:\Users\Administrator\AppData\Roaming\icwyx-a.exe
2981.     328      
2982. Network
2983. Dns  Query  Answer
2984.    
2985.  Protocol  Type:  udp   IP Address:  199.16.199.6   Hostname:  woodenden.com
2986.  Imagepath:  c:\Users\Administrator\AppData\Roaming\icwyx-a.exe
2987.     328      
2988. Network
2989. Http  Request
2990.    
2991.  Protocol  Type:  tcp   Destination  Port:  80   IP Address:  199.16.199.6
2992.  Imagepath:  c:\Users\Administrator\AppData\Roaming\icwyx-a.exe
2993.     328      
2994. Network
2995. Dns  Query
2996.    
2997.  Protocol  Type:  udp   Qtype:  Host Address   Hostname:  leboudoirdesbrunettes.com
2998.  Imagepath:  c:\Users\Administrator\AppData\Roaming\icwyx-a.exe
2999.     328      
3000. Network
3001. Dns  Query  Answer
3002.    
3003.  Protocol  Type:  udp   IP Address:  199.16.199.7   Hostname:  leboudoirdesbrunettes.com
3004.  Imagepath:  c:\Users\Administrator\AppData\Roaming\icwyx-a.exe
3005.     328      
3006. Network
3007. Http  Request
3008.    
3009.  Protocol  Type:  tcp   Destination  Port:  80   IP Address:  199.16.199.7
3010.  Imagepath:  c:\Users\Administrator\AppData\Roaming\icwyx-a.exe
3011.     328      
3012. Ransom 
3013.    
3014. C:\a8bC-VnssffT1\jRdTsHXUA_.png
3015. MD5:  fec63e7863dc861bddcbf0be680894ab
3016.              
3017. Ransom 
3018.    
3019. C:\a8bC-VnssffT1\ltzad_g.xls
3020. MD5:  fcf159d74ff134a5bb706ea757c890b8
3021.              
3022. API Call   
3023.    
3024.  API Name:  Sleep   Address:  0x0041f00b
3025.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
3026.     328      
3027. Ransom 
3028.    
3029. C:\a8bC-VnssffT1\oFQKz.ppt
3030. MD5:  c9ea11a479df9f7ebc9488c06fc1200d
3031.              
3032. Ransom 
3033.    
3034. C:\a8bC-VnssffT1\TBchtna.doc
3035. MD5:  a413fd453b82bf4d2dfe28453bee4293
3036.              
3037. API Call   
3038.    
3039.  API Name:  Sleep   Address:  0x0041f00b
3040.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
3041.     328      
3042. Ransom 
3043.    
3044. C:\a8bC-VnssffT1\VvnKloLwd.jpg
3045. MD5:  9404a1ecb3871feb3945b6dd3bd564b8
3046.              
3047. Uac
3048. Service
3049.    
3050. Volume Shadow Copy
3051.              
3052. Uac
3053. Service
3054.    
3055. Microsoft Software Shadow Copy Provider
3056.              
3057. File   
3058. Created
3059.    
3060. C:\a8bC-VnssffT1\how_recover+sia.txt
3061.     328      
3062. File   
3063. Close
3064.    
3065. C:\a8bC-VnssffT1\how_recover+sia.txt
3066.  MD5:  dfd795e9766d0000c6b098809bd6eb64
3067.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
3068.     328     2639
3069. File   
3070. Created
3071.    
3072. C:\a8bC-VnssffT1\how_recover+sia.html
3073.     328      
3074. File   
3075. Close
3076.    
3077. C:\a8bC-VnssffT1\how_recover+sia.html
3078.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
3079.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
3080.     328     9372
3081. File   
3082. Find
3083.    
3084. C:\Boot\*
3085.     328      
3086. File   
3087. Find
3088.    
3089. C:\Boot\cs-CZ\*
3090.     328      
3091. File   
3092. Created
3093.    
3094. C:\Boot\cs-CZ\how_recover+sia.txt
3095.     328      
3096. File   
3097. Close
3098.    
3099. C:\Boot\cs-CZ\how_recover+sia.txt
3100.  MD5:  dfd795e9766d0000c6b098809bd6eb64
3101.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
3102.     328     2639
3103. File   
3104. Created
3105.    
3106. C:\Boot\cs-CZ\how_recover+sia.html
3107.     328      
3108. File   
3109. Close
3110.    
3111. C:\Boot\cs-CZ\how_recover+sia.html
3112.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
3113.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
3114.     328     9372
3115. File   
3116. Find
3117.    
3118. C:\Boot\da-DK\*
3119.     328      
3120. File   
3121. Created
3122.    
3123. C:\Boot\da-DK\how_recover+sia.txt
3124.     328      
3125. File   
3126. Close
3127.    
3128. C:\Boot\da-DK\how_recover+sia.txt
3129.  MD5:  dfd795e9766d0000c6b098809bd6eb64
3130.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
3131.     328     2639
3132. File   
3133. Created
3134.    
3135. C:\Boot\da-DK\how_recover+sia.html
3136.     328      
3137. File   
3138. Close
3139.    
3140. C:\Boot\da-DK\how_recover+sia.html
3141.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
3142.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
3143.     328     9372
3144. File   
3145. Created
3146.    
3147. C:\Boot\de-DE\how_recover+sia.txt
3148.     328      
3149. File   
3150. Close
3151.    
3152. C:\Boot\de-DE\how_recover+sia.txt
3153.  MD5:  dfd795e9766d0000c6b098809bd6eb64
3154.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
3155.     328     2639
3156. File   
3157. Created
3158.    
3159. C:\Boot\de-DE\how_recover+sia.html
3160.     328      
3161. File   
3162. Close
3163.    
3164. C:\Boot\de-DE\how_recover+sia.html
3165.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
3166.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
3167.     328     9372
3168. File   
3169. Created
3170.    
3171. C:\Boot\el-GR\how_recover+sia.txt
3172.     328      
3173. File   
3174. Close
3175.    
3176. C:\Boot\el-GR\how_recover+sia.txt
3177.  MD5:  dfd795e9766d0000c6b098809bd6eb64
3178.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
3179.     328     2639
3180. File   
3181. Created
3182.    
3183. C:\Boot\el-GR\how_recover+sia.html
3184.     328      
3185. File   
3186. Close
3187.    
3188. C:\Boot\el-GR\how_recover+sia.html
3189.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
3190.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
3191.     328     9372
3192. File   
3193. Created
3194.    
3195. C:\Boot\en-US\how_recover+sia.txt
3196.     328      
3197. File   
3198. Close
3199.    
3200. C:\Boot\en-US\how_recover+sia.txt
3201.  MD5:  dfd795e9766d0000c6b098809bd6eb64
3202.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
3203.     328     2639
3204. File   
3205. Created
3206.    
3207. C:\Boot\en-US\how_recover+sia.html
3208.     328      
3209. File   
3210. Close
3211.    
3212. C:\Boot\en-US\how_recover+sia.html
3213.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
3214.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
3215.     328     9372
3216. File   
3217. Created
3218.    
3219. C:\Boot\es-ES\how_recover+sia.txt
3220.     328      
3221. File   
3222. Close
3223.    
3224. C:\Boot\es-ES\how_recover+sia.txt
3225.  MD5:  dfd795e9766d0000c6b098809bd6eb64
3226.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
3227.     328     2639
3228. File   
3229. Created
3230.    
3231. C:\Boot\es-ES\how_recover+sia.html
3232.     328      
3233. File   
3234. Close
3235.    
3236. C:\Boot\es-ES\how_recover+sia.html
3237.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
3238.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
3239.     328     9372
3240. File   
3241. Created
3242.    
3243. C:\Boot\fi-FI\how_recover+sia.txt
3244.     328      
3245. File   
3246. Close
3247.    
3248. C:\Boot\fi-FI\how_recover+sia.txt
3249.  MD5:  dfd795e9766d0000c6b098809bd6eb64
3250.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
3251.     328     2639
3252. File   
3253. Created
3254.    
3255. C:\Boot\fi-FI\how_recover+sia.html
3256.     328      
3257. File   
3258. Close
3259.    
3260. C:\Boot\fi-FI\how_recover+sia.html
3261.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
3262.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
3263.     328     9372
3264. File   
3265. Created
3266.    
3267. C:\Boot\Fonts\how_recover+sia.txt
3268.     328      
3269. File   
3270. Close
3271.    
3272. C:\Boot\Fonts\how_recover+sia.txt
3273.  MD5:  dfd795e9766d0000c6b098809bd6eb64
3274.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
3275.     328     2639
3276. File   
3277. Created
3278.    
3279. C:\Boot\Fonts\how_recover+sia.html
3280.     328      
3281. File   
3282. Close
3283.    
3284. C:\Boot\Fonts\how_recover+sia.html
3285.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
3286.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
3287.     328     9372
3288. File   
3289. Created
3290.    
3291. C:\Boot\fr-FR\how_recover+sia.txt
3292.     328      
3293. File   
3294. Close
3295.    
3296. C:\Boot\fr-FR\how_recover+sia.txt
3297.  MD5:  dfd795e9766d0000c6b098809bd6eb64
3298.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
3299.     328     2639
3300. File   
3301. Created
3302.    
3303. C:\Boot\fr-FR\how_recover+sia.html
3304.     328      
3305. File   
3306. Close
3307.    
3308. C:\Boot\fr-FR\how_recover+sia.html
3309.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
3310.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
3311.     328     9372
3312. File   
3313. Created
3314.    
3315. C:\Boot\hu-HU\how_recover+sia.txt
3316.     328      
3317. File   
3318. Close
3319.    
3320. C:\Boot\hu-HU\how_recover+sia.txt
3321.  MD5:  dfd795e9766d0000c6b098809bd6eb64
3322.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
3323.     328     2639
3324. File   
3325. Created
3326.    
3327. C:\Boot\hu-HU\how_recover+sia.html
3328.     328      
3329. File   
3330. Close
3331.    
3332. C:\Boot\hu-HU\how_recover+sia.html
3333.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
3334.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
3335.     328     9372
3336. File   
3337. Created
3338.    
3339. C:\Boot\it-IT\how_recover+sia.txt
3340.     328      
3341. File   
3342. Close
3343.    
3344. C:\Boot\it-IT\how_recover+sia.txt
3345.  MD5:  dfd795e9766d0000c6b098809bd6eb64
3346.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
3347.     328     2639
3348. File   
3349. Created
3350.    
3351. C:\Boot\it-IT\how_recover+sia.html
3352.     328      
3353. File   
3354. Close
3355.    
3356. C:\Boot\it-IT\how_recover+sia.html
3357.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
3358.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
3359.     328     9372
3360. API Call   
3361.    
3362.  API Name:  Sleep   Address:  0x0041f00b
3363.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
3364.     328      
3365. File   
3366. Created
3367.    
3368. C:\Boot\ja-JP\how_recover+sia.txt
3369.     328      
3370. File   
3371. Close
3372.    
3373. C:\Boot\ja-JP\how_recover+sia.txt
3374.  MD5:  dfd795e9766d0000c6b098809bd6eb64
3375.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
3376.     328     2639
3377. File   
3378. Created
3379.    
3380. C:\Boot\ja-JP\how_recover+sia.html
3381.     328      
3382. File   
3383. Close
3384.    
3385. C:\Boot\ja-JP\how_recover+sia.html
3386.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
3387.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
3388.     328     9372
3389. File   
3390. Created
3391.    
3392. C:\Boot\ko-KR\how_recover+sia.txt
3393.     328      
3394. File   
3395. Close
3396.    
3397. C:\Boot\ko-KR\how_recover+sia.txt
3398.  MD5:  dfd795e9766d0000c6b098809bd6eb64
3399.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
3400.     328     2639
3401. File   
3402. Created
3403.    
3404. C:\Boot\ko-KR\how_recover+sia.html
3405.     328      
3406. File   
3407. Close
3408.    
3409. C:\Boot\ko-KR\how_recover+sia.html
3410.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
3411.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
3412.     328     9372
3413. File   
3414. Created
3415.    
3416. C:\Boot\nb-NO\how_recover+sia.txt
3417.     328      
3418. File   
3419. Close
3420.    
3421. C:\Boot\nb-NO\how_recover+sia.txt
3422.  MD5:  dfd795e9766d0000c6b098809bd6eb64
3423.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
3424.     328     2639
3425. File   
3426. Created
3427.    
3428. C:\Boot\nb-NO\how_recover+sia.html
3429.     328      
3430. File   
3431. Close
3432.    
3433. C:\Boot\nb-NO\how_recover+sia.html
3434.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
3435.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
3436.     328     9372
3437. File   
3438. Created
3439.    
3440. C:\Boot\nl-NL\how_recover+sia.txt
3441.     328      
3442. File   
3443. Close
3444.    
3445. C:\Boot\nl-NL\how_recover+sia.txt
3446.  MD5:  dfd795e9766d0000c6b098809bd6eb64
3447.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
3448.     328     2639
3449. File   
3450. Created
3451.    
3452. C:\Boot\nl-NL\how_recover+sia.html
3453.     328      
3454. File   
3455. Close
3456.    
3457. C:\Boot\nl-NL\how_recover+sia.html
3458.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
3459.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
3460.     328     9372
3461. File   
3462. Created
3463.    
3464. C:\Boot\pl-PL\how_recover+sia.txt
3465.     328      
3466. File   
3467. Close
3468.    
3469. C:\Boot\pl-PL\how_recover+sia.txt
3470.  MD5:  dfd795e9766d0000c6b098809bd6eb64
3471.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
3472.     328     2639
3473. File   
3474. Created
3475.    
3476. C:\Boot\pl-PL\how_recover+sia.html
3477.     328      
3478. File   
3479. Close
3480.    
3481. C:\Boot\pl-PL\how_recover+sia.html
3482.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
3483.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
3484.     328     9372
3485. File   
3486. Created
3487.    
3488. C:\Boot\pt-BR\how_recover+sia.txt
3489.     328      
3490. File   
3491. Close
3492.    
3493. C:\Boot\pt-BR\how_recover+sia.txt
3494.  MD5:  dfd795e9766d0000c6b098809bd6eb64
3495.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
3496.     328     2639
3497. File   
3498. Created
3499.    
3500. C:\Boot\pt-BR\how_recover+sia.html
3501.     328      
3502. File   
3503. Close
3504.    
3505. C:\Boot\pt-BR\how_recover+sia.html
3506.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
3507.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
3508.     328     9372
3509. File   
3510. Created
3511.    
3512. C:\Boot\pt-PT\how_recover+sia.txt
3513.     328      
3514. File   
3515. Close
3516.    
3517. C:\Boot\pt-PT\how_recover+sia.txt
3518.  MD5:  dfd795e9766d0000c6b098809bd6eb64
3519.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
3520.     328     2639
3521. File   
3522. Created
3523.    
3524. C:\Boot\pt-PT\how_recover+sia.html
3525.     328      
3526. File   
3527. Close
3528.    
3529. C:\Boot\pt-PT\how_recover+sia.html
3530.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
3531.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
3532.     328     9372
3533. File   
3534. Created
3535.    
3536. C:\Boot\ru-RU\how_recover+sia.txt
3537.     328      
3538. File   
3539. Close
3540.    
3541. C:\Boot\ru-RU\how_recover+sia.txt
3542.  MD5:  dfd795e9766d0000c6b098809bd6eb64
3543.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
3544.     328     2639
3545. File   
3546. Created
3547.    
3548. C:\Boot\ru-RU\how_recover+sia.html
3549.     328      
3550. File   
3551. Close
3552.    
3553. C:\Boot\ru-RU\how_recover+sia.html
3554.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
3555.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
3556.     328     9372
3557. File   
3558. Created
3559.    
3560. C:\Boot\sv-SE\how_recover+sia.txt
3561.     328      
3562. File   
3563. Close
3564.    
3565. C:\Boot\sv-SE\how_recover+sia.txt
3566.  MD5:  dfd795e9766d0000c6b098809bd6eb64
3567.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
3568.     328     2639
3569. File   
3570. Created
3571.    
3572. C:\Boot\sv-SE\how_recover+sia.html
3573.     328      
3574. File   
3575. Close
3576.    
3577. C:\Boot\sv-SE\how_recover+sia.html
3578.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
3579.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
3580.     328     9372
3581. File   
3582. Created
3583.    
3584. C:\Boot\tr-TR\how_recover+sia.txt
3585.     328      
3586. File   
3587. Close
3588.    
3589. C:\Boot\tr-TR\how_recover+sia.txt
3590.  MD5:  dfd795e9766d0000c6b098809bd6eb64
3591.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
3592.     328     2639
3593. File   
3594. Created
3595.    
3596. C:\Boot\tr-TR\how_recover+sia.html
3597.     328      
3598. File   
3599. Close
3600.    
3601. C:\Boot\tr-TR\how_recover+sia.html
3602.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
3603.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
3604.     328     9372
3605. File   
3606. Created
3607.    
3608. C:\Boot\zh-CN\how_recover+sia.txt
3609.     328      
3610. File   
3611. Close
3612.    
3613. C:\Boot\zh-CN\how_recover+sia.txt
3614.  MD5:  dfd795e9766d0000c6b098809bd6eb64
3615.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
3616.     328     2639
3617. File   
3618. Created
3619.    
3620. C:\Boot\zh-CN\how_recover+sia.html
3621.     328      
3622. File   
3623. Close
3624.    
3625. C:\Boot\zh-CN\how_recover+sia.html
3626.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
3627.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
3628.     328     9372
3629. File   
3630. Created
3631.    
3632. C:\Boot\zh-HK\how_recover+sia.txt
3633.     328      
3634. File   
3635. Close
3636.    
3637. C:\Boot\zh-HK\how_recover+sia.txt
3638.  MD5:  dfd795e9766d0000c6b098809bd6eb64
3639.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
3640.     328     2639
3641. File   
3642. Created
3643.    
3644. C:\Boot\zh-HK\how_recover+sia.html
3645.     328      
3646. File   
3647. Close
3648.    
3649. C:\Boot\zh-HK\how_recover+sia.html
3650.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
3651.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
3652.     328     9372
3653. File   
3654. Created
3655.    
3656. C:\Boot\zh-TW\how_recover+sia.txt
3657.     328      
3658. File   
3659. Close
3660.    
3661. C:\Boot\zh-TW\how_recover+sia.txt
3662.  MD5:  dfd795e9766d0000c6b098809bd6eb64
3663.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
3664.     328     2639
3665. File   
3666. Created
3667.    
3668. C:\Boot\zh-TW\how_recover+sia.html
3669.     328      
3670. File   
3671. Close
3672.    
3673. C:\Boot\zh-TW\how_recover+sia.html
3674.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
3675.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
3676.     328     9372
3677. File   
3678. Created
3679.    
3680. C:\Boot\how_recover+sia.txt
3681.     328      
3682. File   
3683. Close
3684.    
3685. C:\Boot\how_recover+sia.txt
3686.  MD5:  dfd795e9766d0000c6b098809bd6eb64
3687.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
3688.     328     2639
3689. File   
3690. Created
3691.    
3692. C:\Boot\how_recover+sia.html
3693.     328      
3694. File   
3695. Close
3696.    
3697. C:\Boot\how_recover+sia.html
3698.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
3699.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
3700.     328     9372
3701. File   
3702. Failed
3703.    
3704. C:\Documents and Settings
3705.     328      
3706. File   
3707. Created
3708.    
3709. C:\Users\how_recover+sia.txt
3710.     328      
3711. File   
3712. Close
3713.    
3714. C:\Users\how_recover+sia.txt
3715.  MD5:  dfd795e9766d0000c6b098809bd6eb64
3716.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
3717.     328     2639
3718. File   
3719. Created
3720.    
3721. C:\Users\how_recover+sia.html
3722.     328      
3723. File   
3724. Close
3725.    
3726. C:\Users\how_recover+sia.html
3727.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
3728.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
3729.     328     9372
3730. File   
3731. Open
3732.    
3733. C:\eula.1028.txt
3734.     328     17734
3735. API Call   
3736.    
3737.  API Name:  Sleep   Address:  0x0041f00b
3738.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
3739.     328      
3740. File   
3741. Close
3742.    
3743. C:\eula.1028.txt
3744.  MD5:  dbba78363b471f259800b2b9c5b4e04a
3745.  SHA1: 02f49f2d0d182ae9bfc2bb652aa1c82825296668
3746.     328     18158
3747. File   
3748. Rename
3749.    
3750. Old Name:   C:\eula.1028.txt
3751. New Name:   C:\eula.1028.txt.vvv
3752.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
3753.  MD5:  dbba78363b471f259800b2b9c5b4e04a
3754.  SHA1: 02f49f2d0d182ae9bfc2bb652aa1c82825296668
3755.     328     18158
3756. File   
3757. Open
3758.    
3759. C:\eula.1031.txt
3760.     328     17734
3761. File   
3762. Close
3763.    
3764. C:\eula.1031.txt
3765.  MD5:  dbba78363b471f259800b2b9c5b4e04a
3766.  SHA1: 02f49f2d0d182ae9bfc2bb652aa1c82825296668
3767.     328     18158
3768. File   
3769. Rename
3770.    
3771. Old Name:   C:\eula.1031.txt
3772. New Name:   C:\eula.1031.txt.vvv
3773.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
3774.  MD5:  dbba78363b471f259800b2b9c5b4e04a
3775.  SHA1: 02f49f2d0d182ae9bfc2bb652aa1c82825296668
3776.     328     18158
3777. File   
3778. Open
3779.    
3780. C:\eula.1033.txt
3781.     328     10134
3782. File   
3783. Close
3784.    
3785. C:\eula.1033.txt
3786.  MD5:  f30c218d43d4b3baa388cfe67fb2375d
3787.  SHA1: c98af769e13e8d8ec8077aaf0ee8c60ab070fafd
3788.     328     10558
3789. File   
3790. Rename
3791.    
3792. Old Name:   C:\eula.1033.txt
3793. New Name:   C:\eula.1033.txt.vvv
3794.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
3795.  MD5:  f30c218d43d4b3baa388cfe67fb2375d
3796.  SHA1: c98af769e13e8d8ec8077aaf0ee8c60ab070fafd
3797.     328     10558
3798. File   
3799. Open
3800.    
3801. C:\eula.1036.txt
3802.     328     17734
3803. File   
3804. Close
3805.    
3806. C:\eula.1036.txt
3807.  MD5:  dbba78363b471f259800b2b9c5b4e04a
3808.  SHA1: 02f49f2d0d182ae9bfc2bb652aa1c82825296668
3809.     328     18158
3810. File   
3811. Rename
3812.    
3813. Old Name:   C:\eula.1036.txt
3814. New Name:   C:\eula.1036.txt.vvv
3815.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
3816.  MD5:  dbba78363b471f259800b2b9c5b4e04a
3817.  SHA1: 02f49f2d0d182ae9bfc2bb652aa1c82825296668
3818.     328     18158
3819. File   
3820. Open
3821.    
3822. C:\eula.1040.txt
3823.     328     17734
3824. File   
3825. Close
3826.    
3827. C:\eula.1040.txt
3828.  MD5:  dbba78363b471f259800b2b9c5b4e04a
3829.  SHA1: 02f49f2d0d182ae9bfc2bb652aa1c82825296668
3830.     328     18158
3831. File   
3832. Rename
3833.    
3834. Old Name:   C:\eula.1040.txt
3835. New Name:   C:\eula.1040.txt.vvv
3836.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
3837.  MD5:  dbba78363b471f259800b2b9c5b4e04a
3838.  SHA1: 02f49f2d0d182ae9bfc2bb652aa1c82825296668
3839.     328     18158
3840. File   
3841. Open
3842.    
3843. C:\eula.1041.txt
3844.     328     118
3845. File   
3846. Close
3847.    
3848. C:\eula.1041.txt
3849.  MD5:  dd1a6580d968551dabb54c5415b8da4c
3850.  SHA1: b51fcb1d2e6a6bdd13ad2b765ee886a476130488
3851.     328     542
3852. File   
3853. Rename
3854.    
3855. Old Name:   C:\eula.1041.txt
3856. New Name:   C:\eula.1041.txt.vvv
3857.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
3858.  MD5:  dd1a6580d968551dabb54c5415b8da4c
3859.  SHA1: b51fcb1d2e6a6bdd13ad2b765ee886a476130488
3860.     328     542
3861. API Call   
3862.    
3863.  API Name:  Sleep   Address:  0x0041f00b
3864.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
3865.     328      
3866. File   
3867. Open
3868.    
3869. C:\eula.1042.txt
3870.     328     17734
3871. File   
3872. Close
3873.    
3874. C:\eula.1042.txt
3875.  MD5:  dbba78363b471f259800b2b9c5b4e04a
3876.  SHA1: 02f49f2d0d182ae9bfc2bb652aa1c82825296668
3877.     328     18158
3878. File   
3879. Rename
3880.    
3881. Old Name:   C:\eula.1042.txt
3882. New Name:   C:\eula.1042.txt.vvv
3883.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
3884.  MD5:  dbba78363b471f259800b2b9c5b4e04a
3885.  SHA1: 02f49f2d0d182ae9bfc2bb652aa1c82825296668
3886.     328     18158
3887. File   
3888. Open
3889.    
3890. C:\eula.2052.txt
3891.     328     17734
3892. File   
3893. Close
3894.    
3895. C:\eula.2052.txt
3896.  MD5:  dbba78363b471f259800b2b9c5b4e04a
3897.  SHA1: 02f49f2d0d182ae9bfc2bb652aa1c82825296668
3898.     328     18158
3899. File   
3900. Rename
3901.    
3902. Old Name:   C:\eula.2052.txt
3903. New Name:   C:\eula.2052.txt.vvv
3904.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
3905.  MD5:  dbba78363b471f259800b2b9c5b4e04a
3906.  SHA1: 02f49f2d0d182ae9bfc2bb652aa1c82825296668
3907.     328     18158
3908. File   
3909. Open
3910.    
3911. C:\eula.3082.txt
3912.     328     17734
3913. API Call   
3914.    
3915.  API Name:  Sleep   Address:  0x0041f00b
3916.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
3917.     328      
3918. File   
3919. Close
3920.    
3921. C:\eula.3082.txt
3922.  MD5:  dbba78363b471f259800b2b9c5b4e04a
3923.  SHA1: 02f49f2d0d182ae9bfc2bb652aa1c82825296668
3924.     328     18158
3925. File   
3926. Rename
3927.    
3928. Old Name:   C:\eula.3082.txt
3929. New Name:   C:\eula.3082.txt.vvv
3930.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
3931.  MD5:  dbba78363b471f259800b2b9c5b4e04a
3932.  SHA1: 02f49f2d0d182ae9bfc2bb652aa1c82825296668
3933.     328     18158
3934. File   
3935. Created
3936.    
3937. C:\exec\how_recover+sia.txt
3938.     328      
3939. File   
3940. Close
3941.    
3942. C:\exec\how_recover+sia.txt
3943.  MD5:  dfd795e9766d0000c6b098809bd6eb64
3944.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
3945.     328     2639
3946. File   
3947. Created
3948.    
3949. C:\exec\how_recover+sia.html
3950.     328      
3951. File   
3952. Close
3953.    
3954. C:\exec\how_recover+sia.html
3955.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
3956.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
3957.     328     9372
3958. File   
3959. Find
3960.    
3961. C:\MSOCache\*
3962.     328      
3963. File   
3964. Find
3965.    
3966. C:\MSOCache\*\*
3967.     328      
3968. File   
3969. Created
3970.    
3971. C:\MSOCache\All Users\{90150000-0016-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
3972.     328      
3973. File   
3974. Close
3975.    
3976. C:\MSOCache\All Users\{90150000-0016-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
3977.  MD5:  dfd795e9766d0000c6b098809bd6eb64
3978.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
3979.     328     2639
3980. File   
3981. Created
3982.    
3983. C:\MSOCache\All Users\{90150000-0016-0409-1000-0000000FF1CE}-C\how_recover+sia.html
3984.     328      
3985. File   
3986. Close
3987.    
3988. C:\MSOCache\All Users\{90150000-0016-0409-1000-0000000FF1CE}-C\how_recover+sia.html
3989.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
3990.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
3991.     328     9372
3992. File   
3993. Created
3994.    
3995. C:\MSOCache\All Users\{90150000-0018-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
3996.     328      
3997. File   
3998. Close
3999.    
4000. C:\MSOCache\All Users\{90150000-0018-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
4001.  MD5:  dfd795e9766d0000c6b098809bd6eb64
4002.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
4003.     328     2639
4004. File   
4005. Created
4006.    
4007. C:\MSOCache\All Users\{90150000-0018-0409-1000-0000000FF1CE}-C\how_recover+sia.html
4008.     328      
4009. File   
4010. Close
4011.    
4012. C:\MSOCache\All Users\{90150000-0018-0409-1000-0000000FF1CE}-C\how_recover+sia.html
4013.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
4014.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
4015.     328     9372
4016. File   
4017. Created
4018.    
4019. C:\MSOCache\All Users\{90150000-0019-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
4020.     328      
4021. File   
4022. Close
4023.    
4024. C:\MSOCache\All Users\{90150000-0019-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
4025.  MD5:  dfd795e9766d0000c6b098809bd6eb64
4026.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
4027.     328     2639
4028. File   
4029. Created
4030.    
4031. C:\MSOCache\All Users\{90150000-0019-0409-1000-0000000FF1CE}-C\how_recover+sia.html
4032.     328      
4033. File   
4034. Close
4035.    
4036. C:\MSOCache\All Users\{90150000-0019-0409-1000-0000000FF1CE}-C\how_recover+sia.html
4037.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
4038.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
4039.     328     9372
4040. File   
4041. Created
4042.    
4043. C:\MSOCache\All Users\{90150000-001A-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
4044.     328      
4045. File   
4046. Close
4047.    
4048. C:\MSOCache\All Users\{90150000-001A-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
4049.  MD5:  dfd795e9766d0000c6b098809bd6eb64
4050.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
4051.     328     2639
4052. File   
4053. Created
4054.    
4055. C:\MSOCache\All Users\{90150000-001A-0409-1000-0000000FF1CE}-C\how_recover+sia.html
4056.     328      
4057. File   
4058. Close
4059.    
4060. C:\MSOCache\All Users\{90150000-001A-0409-1000-0000000FF1CE}-C\how_recover+sia.html
4061.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
4062.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
4063.     328     9372
4064. File   
4065. Created
4066.    
4067. C:\MSOCache\All Users\{90150000-001B-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
4068.     328      
4069. File   
4070. Close
4071.    
4072. C:\MSOCache\All Users\{90150000-001B-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
4073.  MD5:  dfd795e9766d0000c6b098809bd6eb64
4074.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
4075.     328     2639
4076. File   
4077. Created
4078.    
4079. C:\MSOCache\All Users\{90150000-001B-0409-1000-0000000FF1CE}-C\how_recover+sia.html
4080.     328      
4081. File   
4082. Close
4083.    
4084. C:\MSOCache\All Users\{90150000-001B-0409-1000-0000000FF1CE}-C\how_recover+sia.html
4085.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
4086.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
4087.     328     9372
4088. File   
4089. Created
4090.    
4091. C:\MSOCache\All Users\{90150000-002C-0409-1000-0000000FF1CE}-C\Proof.en\how_recover+sia.txt
4092.     328      
4093. File   
4094. Close
4095.    
4096. C:\MSOCache\All Users\{90150000-002C-0409-1000-0000000FF1CE}-C\Proof.en\how_recover+sia.txt
4097.  MD5:  dfd795e9766d0000c6b098809bd6eb64
4098.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
4099.     328     2639
4100. File   
4101. Created
4102.    
4103. C:\MSOCache\All Users\{90150000-002C-0409-1000-0000000FF1CE}-C\Proof.en\how_recover+sia.html
4104.     328      
4105. File   
4106. Close
4107.    
4108. C:\MSOCache\All Users\{90150000-002C-0409-1000-0000000FF1CE}-C\Proof.en\how_recover+sia.html
4109.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
4110.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
4111.     328     9372
4112. File   
4113. Created
4114.    
4115. C:\MSOCache\All Users\{90150000-002C-0409-1000-0000000FF1CE}-C\Proof.es\how_recover+sia.txt
4116.     328      
4117. File   
4118. Close
4119.    
4120. C:\MSOCache\All Users\{90150000-002C-0409-1000-0000000FF1CE}-C\Proof.es\how_recover+sia.txt
4121.  MD5:  dfd795e9766d0000c6b098809bd6eb64
4122.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
4123.     328     2639
4124. File   
4125. Created
4126.    
4127. C:\MSOCache\All Users\{90150000-002C-0409-1000-0000000FF1CE}-C\Proof.es\how_recover+sia.html
4128.     328      
4129. File   
4130. Close
4131.    
4132. C:\MSOCache\All Users\{90150000-002C-0409-1000-0000000FF1CE}-C\Proof.es\how_recover+sia.html
4133.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
4134.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
4135.     328     9372
4136. File   
4137. Created
4138.    
4139. C:\MSOCache\All Users\{90150000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\how_recover+sia.txt
4140.     328      
4141. File   
4142. Close
4143.    
4144. C:\MSOCache\All Users\{90150000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\how_recover+sia.txt
4145.  MD5:  dfd795e9766d0000c6b098809bd6eb64
4146.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
4147.     328     2639
4148. File   
4149. Created
4150.    
4151. C:\MSOCache\All Users\{90150000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\how_recover+sia.html
4152.     328      
4153. File   
4154. Close
4155.    
4156. C:\MSOCache\All Users\{90150000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\how_recover+sia.html
4157.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
4158.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
4159.     328     9372
4160. File   
4161. Created
4162.    
4163. C:\MSOCache\All Users\{90150000-002C-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
4164.     328      
4165. File   
4166. Close
4167.    
4168. C:\MSOCache\All Users\{90150000-002C-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
4169.  MD5:  dfd795e9766d0000c6b098809bd6eb64
4170.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
4171.     328     2639
4172. File   
4173. Created
4174.    
4175. C:\MSOCache\All Users\{90150000-002C-0409-1000-0000000FF1CE}-C\how_recover+sia.html
4176.     328      
4177. File   
4178. Close
4179.    
4180. C:\MSOCache\All Users\{90150000-002C-0409-1000-0000000FF1CE}-C\how_recover+sia.html
4181.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
4182.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
4183.     328     9372
4184. File   
4185. Created
4186.    
4187. C:\MSOCache\All Users\{90150000-0044-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
4188.     328      
4189. File   
4190. Close
4191.    
4192. C:\MSOCache\All Users\{90150000-0044-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
4193.  MD5:  dfd795e9766d0000c6b098809bd6eb64
4194.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
4195.     328     2639
4196. File   
4197. Created
4198.    
4199. C:\MSOCache\All Users\{90150000-0044-0409-1000-0000000FF1CE}-C\how_recover+sia.html
4200.     328      
4201. File   
4202. Close
4203.    
4204. C:\MSOCache\All Users\{90150000-0044-0409-1000-0000000FF1CE}-C\how_recover+sia.html
4205.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
4206.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
4207.     328     9372
4208. File   
4209. Created
4210.    
4211. C:\MSOCache\All Users\{90150000-0090-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
4212.     328      
4213. File   
4214. Close
4215.    
4216. C:\MSOCache\All Users\{90150000-0090-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
4217.  MD5:  dfd795e9766d0000c6b098809bd6eb64
4218.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
4219.     328     2639
4220. File   
4221. Created
4222.    
4223. C:\MSOCache\All Users\{90150000-0090-0409-1000-0000000FF1CE}-C\how_recover+sia.html
4224.     328      
4225. File   
4226. Close
4227.    
4228. C:\MSOCache\All Users\{90150000-0090-0409-1000-0000000FF1CE}-C\how_recover+sia.html
4229.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
4230.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
4231.     328     9372
4232. File   
4233. Created
4234.    
4235. C:\MSOCache\All Users\{90150000-00A1-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
4236.     328      
4237. File   
4238. Close
4239.    
4240. C:\MSOCache\All Users\{90150000-00A1-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
4241.  MD5:  dfd795e9766d0000c6b098809bd6eb64
4242.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
4243.     328     2639
4244. File   
4245. Created
4246.    
4247. C:\MSOCache\All Users\{90150000-00A1-0409-1000-0000000FF1CE}-C\how_recover+sia.html
4248.     328      
4249. File   
4250. Close
4251.    
4252. C:\MSOCache\All Users\{90150000-00A1-0409-1000-0000000FF1CE}-C\how_recover+sia.html
4253.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
4254.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
4255.     328     9372
4256. File   
4257. Created
4258.    
4259. C:\MSOCache\All Users\{90150000-00BA-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
4260.     328      
4261. File   
4262. Close
4263.    
4264. C:\MSOCache\All Users\{90150000-00BA-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
4265.  MD5:  dfd795e9766d0000c6b098809bd6eb64
4266.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
4267.     328     2639
4268. File   
4269. Created
4270.    
4271. C:\MSOCache\All Users\{90150000-00BA-0409-1000-0000000FF1CE}-C\how_recover+sia.html
4272.     328      
4273. File   
4274. Close
4275.    
4276. C:\MSOCache\All Users\{90150000-00BA-0409-1000-0000000FF1CE}-C\how_recover+sia.html
4277.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
4278.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
4279.     328     9372
4280. File   
4281. Created
4282.    
4283. C:\MSOCache\All Users\{90150000-00C1-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
4284.     328      
4285. File   
4286. Close
4287.    
4288. C:\MSOCache\All Users\{90150000-00C1-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
4289.  MD5:  dfd795e9766d0000c6b098809bd6eb64
4290.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
4291.     328     2639
4292. File   
4293. Created
4294.    
4295. C:\MSOCache\All Users\{90150000-00C1-0409-1000-0000000FF1CE}-C\how_recover+sia.html
4296.     328      
4297. File   
4298. Close
4299.    
4300. C:\MSOCache\All Users\{90150000-00C1-0409-1000-0000000FF1CE}-C\how_recover+sia.html
4301.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
4302.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
4303.     328     9372
4304. File   
4305. Created
4306.    
4307. C:\MSOCache\All Users\{90150000-00E1-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
4308.     328      
4309. File   
4310. Close
4311.    
4312. C:\MSOCache\All Users\{90150000-00E1-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
4313.  MD5:  dfd795e9766d0000c6b098809bd6eb64
4314.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
4315.     328     2639
4316. File   
4317. Created
4318.    
4319. C:\MSOCache\All Users\{90150000-00E1-0409-1000-0000000FF1CE}-C\how_recover+sia.html
4320.     328      
4321. File   
4322. Close
4323.    
4324. C:\MSOCache\All Users\{90150000-00E1-0409-1000-0000000FF1CE}-C\how_recover+sia.html
4325.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
4326.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
4327.     328     9372
4328. File   
4329. Created
4330.    
4331. C:\MSOCache\All Users\{90150000-00E2-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
4332.     328      
4333. File   
4334. Close
4335.    
4336. C:\MSOCache\All Users\{90150000-00E2-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
4337.  MD5:  dfd795e9766d0000c6b098809bd6eb64
4338.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
4339.     328     2639
4340. File   
4341. Created
4342.    
4343. C:\MSOCache\All Users\{90150000-00E2-0409-1000-0000000FF1CE}-C\how_recover+sia.html
4344.     328      
4345. File   
4346. Close
4347.    
4348. C:\MSOCache\All Users\{90150000-00E2-0409-1000-0000000FF1CE}-C\how_recover+sia.html
4349.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
4350.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
4351.     328     9372
4352. File   
4353. Created
4354.    
4355. C:\MSOCache\All Users\{90150000-0115-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
4356.     328      
4357. File   
4358. Close
4359.    
4360. C:\MSOCache\All Users\{90150000-0115-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
4361.  MD5:  dfd795e9766d0000c6b098809bd6eb64
4362.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
4363.     328     2639
4364. File   
4365. Created
4366.    
4367. C:\MSOCache\All Users\{90150000-0115-0409-1000-0000000FF1CE}-C\how_recover+sia.html
4368.     328      
4369. File   
4370. Close
4371.    
4372. C:\MSOCache\All Users\{90150000-0115-0409-1000-0000000FF1CE}-C\how_recover+sia.html
4373.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
4374.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
4375.     328     9372
4376. File   
4377. Created
4378.    
4379. C:\MSOCache\All Users\{90150000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\how_recover+sia.txt
4380.     328      
4381. File   
4382. Close
4383.    
4384. C:\MSOCache\All Users\{90150000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\how_recover+sia.txt
4385.  MD5:  dfd795e9766d0000c6b098809bd6eb64
4386.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
4387.     328     2639
4388. File   
4389. Created
4390.    
4391. C:\MSOCache\All Users\{90150000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\how_recover+sia.html
4392.     328      
4393. File   
4394. Close
4395.    
4396. C:\MSOCache\All Users\{90150000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\how_recover+sia.html
4397.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
4398.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
4399.     328     9372
4400. File   
4401. Created
4402.    
4403. C:\MSOCache\All Users\{90150000-0117-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
4404.     328      
4405. File   
4406. Close
4407.    
4408. C:\MSOCache\All Users\{90150000-0117-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
4409.  MD5:  dfd795e9766d0000c6b098809bd6eb64
4410.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
4411.     328     2639
4412. File   
4413. Created
4414.    
4415. C:\MSOCache\All Users\{90150000-0117-0409-1000-0000000FF1CE}-C\how_recover+sia.html
4416.     328      
4417. File   
4418. Close
4419.    
4420. C:\MSOCache\All Users\{90150000-0117-0409-1000-0000000FF1CE}-C\how_recover+sia.html
4421.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
4422.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
4423.     328     9372
4424. File   
4425. Created
4426.    
4427. C:\MSOCache\All Users\{90150000-012B-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
4428.     328      
4429. File   
4430. Close
4431.    
4432. C:\MSOCache\All Users\{90150000-012B-0409-1000-0000000FF1CE}-C\how_recover+sia.txt
4433.  MD5:  dfd795e9766d0000c6b098809bd6eb64
4434.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
4435.     328     2639
4436. File   
4437. Created
4438.    
4439. C:\MSOCache\All Users\{90150000-012B-0409-1000-0000000FF1CE}-C\how_recover+sia.html
4440.     328      
4441. File   
4442. Close
4443.    
4444. C:\MSOCache\All Users\{90150000-012B-0409-1000-0000000FF1CE}-C\how_recover+sia.html
4445.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
4446.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
4447.     328     9372
4448. File   
4449. Created
4450.    
4451. C:\MSOCache\All Users\{91150000-0011-0000-1000-0000000FF1CE}-C\how_recover+sia.txt
4452.     328      
4453. File   
4454. Close
4455.    
4456. C:\MSOCache\All Users\{91150000-0011-0000-1000-0000000FF1CE}-C\how_recover+sia.txt
4457.  MD5:  dfd795e9766d0000c6b098809bd6eb64
4458.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
4459.     328     2639
4460. File   
4461. Created
4462.    
4463. C:\MSOCache\All Users\{91150000-0011-0000-1000-0000000FF1CE}-C\how_recover+sia.html
4464.     328      
4465. File   
4466. Close
4467.    
4468. C:\MSOCache\All Users\{91150000-0011-0000-1000-0000000FF1CE}-C\how_recover+sia.html
4469.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
4470.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
4471.     328     9372
4472. File   
4473. Created
4474.    
4475. C:\MSOCache\All Users\how_recover+sia.txt
4476.     328      
4477. File   
4478. Close
4479.    
4480. C:\MSOCache\All Users\how_recover+sia.txt
4481.  MD5:  dfd795e9766d0000c6b098809bd6eb64
4482.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
4483.     328     2639
4484. File   
4485. Created
4486.    
4487. C:\MSOCache\All Users\how_recover+sia.html
4488.     328      
4489. File   
4490. Close
4491.    
4492. C:\MSOCache\All Users\how_recover+sia.html
4493.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
4494.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
4495.     328     9372
4496. File   
4497. Created
4498.    
4499. C:\MSOCache\how_recover+sia.txt
4500.     328      
4501. File   
4502. Close
4503.    
4504. C:\MSOCache\how_recover+sia.txt
4505.  MD5:  dfd795e9766d0000c6b098809bd6eb64
4506.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
4507.     328     2639
4508. File   
4509. Created
4510.    
4511. C:\MSOCache\how_recover+sia.html
4512.     328      
4513. File   
4514. Close
4515.    
4516. C:\MSOCache\how_recover+sia.html
4517.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
4518.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
4519.     328     9372
4520. File   
4521. Created
4522.    
4523. C:\PerfLogs\Admin\how_recover+sia.txt
4524.     328      
4525. File   
4526. Close
4527.    
4528. C:\PerfLogs\Admin\how_recover+sia.txt
4529.  MD5:  dfd795e9766d0000c6b098809bd6eb64
4530.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
4531.     328     2639
4532. File   
4533. Created
4534.    
4535. C:\PerfLogs\Admin\how_recover+sia.html
4536.     328      
4537. File   
4538. Close
4539.    
4540. C:\PerfLogs\Admin\how_recover+sia.html
4541.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
4542.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
4543.     328     9372
4544. File   
4545. Created
4546.    
4547. C:\PerfLogs\how_recover+sia.txt
4548.     328      
4549. File   
4550. Close
4551.    
4552. C:\PerfLogs\how_recover+sia.txt
4553.  MD5:  dfd795e9766d0000c6b098809bd6eb64
4554.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
4555.     328     2639
4556. File   
4557. Created
4558.    
4559. C:\PerfLogs\how_recover+sia.html
4560.     328      
4561. File   
4562. Close
4563.    
4564. C:\PerfLogs\how_recover+sia.html
4565.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
4566.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
4567.     328     9372
4568. File   
4569. Created
4570.    
4571. C:\Program Files\453ZBtMk\how_recover+sia.txt
4572.     328      
4573. File   
4574. Close
4575.    
4576. C:\Program Files\453ZBtMk\how_recover+sia.txt
4577.  MD5:  dfd795e9766d0000c6b098809bd6eb64
4578.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
4579.     328     2639
4580. File   
4581. Created
4582.    
4583. C:\Program Files\453ZBtMk\how_recover+sia.html
4584.     328      
4585. File   
4586. Close
4587.    
4588. C:\Program Files\453ZBtMk\how_recover+sia.html
4589.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
4590.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
4591.     328     9372
4592. File   
4593. Open
4594.    
4595. C:\Program Files\7-Zip\History.txt
4596.     328     32400
4597. File   
4598. Close
4599.    
4600. C:\Program Files\7-Zip\History.txt
4601.  MD5:  63405c67e90b02265cf63d9566abf590
4602.  SHA1: 28c7f799054fd5ebda49f2c624e4bb1cd5327315
4603.     328     32830
4604. File   
4605. Rename
4606.    
4607. Old Name:   C:\Program Files\7-Zip\History.txt
4608. New Name:   C:\Program Files\7-Zip\History.txt.vvv
4609.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
4610.  MD5:  63405c67e90b02265cf63d9566abf590
4611.  SHA1: 28c7f799054fd5ebda49f2c624e4bb1cd5327315
4612.     328     32830
4613. File   
4614. Open
4615.    
4616. C:\Program Files\7-Zip\Lang\af.txt
4617.     328     10348
4618. File   
4619. Close
4620.    
4621. C:\Program Files\7-Zip\Lang\af.txt
4622.  MD5:  807cdaf752ccbf51694d0901a16a9455
4623.  SHA1: 20e5a8551e246cf8a9850e2242608e9990023f3d
4624.     328     10766
4625. File   
4626. Rename
4627.    
4628. Old Name:   C:\Program Files\7-Zip\Lang\af.txt
4629. New Name:   C:\Program Files\7-Zip\Lang\af.txt.vvv
4630.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
4631.  MD5:  807cdaf752ccbf51694d0901a16a9455
4632.  SHA1: 20e5a8551e246cf8a9850e2242608e9990023f3d
4633.     328     10766
4634. File   
4635. Open
4636.    
4637. C:\Program Files\7-Zip\Lang\ar.txt
4638.     328     16900
4639. File   
4640. Close
4641.    
4642. C:\Program Files\7-Zip\Lang\ar.txt
4643.  MD5:  565620cfeaa0503f349142c6009e2ca8
4644.  SHA1: 82b9622fd295774afc11445bb54336d6f14fe31a
4645.     328     17326
4646. File   
4647. Rename
4648.    
4649. Old Name:   C:\Program Files\7-Zip\Lang\ar.txt
4650. New Name:   C:\Program Files\7-Zip\Lang\ar.txt.vvv
4651.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
4652.  MD5:  565620cfeaa0503f349142c6009e2ca8
4653.  SHA1: 82b9622fd295774afc11445bb54336d6f14fe31a
4654.     328     17326
4655. File   
4656. Open
4657.    
4658. C:\Program Files\7-Zip\Lang\ast.txt
4659.     328     10640
4660. File   
4661. Close
4662.    
4663. C:\Program Files\7-Zip\Lang\ast.txt
4664.  MD5:  aed620c46ebec17c10a234817f40a5ac
4665.  SHA1: 8e600bd26fcb410b9db4b8ea973edf183c05204e
4666.     328     11070
4667. File   
4668. Rename
4669.    
4670. Old Name:   C:\Program Files\7-Zip\Lang\ast.txt
4671. New Name:   C:\Program Files\7-Zip\Lang\ast.txt.vvv
4672.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
4673.  MD5:  aed620c46ebec17c10a234817f40a5ac
4674.  SHA1: 8e600bd26fcb410b9db4b8ea973edf183c05204e
4675.     328     11070
4676. File   
4677. Open
4678.    
4679. C:\Program Files\7-Zip\Lang\az.txt
4680.     328     13824
4681. File   
4682. Close
4683.    
4684. C:\Program Files\7-Zip\Lang\az.txt
4685.  MD5:  2481883d534cca041031fbecbfd07533
4686.  SHA1: 7dd78ef1929f5d07e2bf334a07f849fe656caedb
4687.     328     14254
4688. File   
4689. Rename
4690.    
4691. Old Name:   C:\Program Files\7-Zip\Lang\az.txt
4692. New Name:   C:\Program Files\7-Zip\Lang\az.txt.vvv
4693.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
4694.  MD5:  2481883d534cca041031fbecbfd07533
4695.  SHA1: 7dd78ef1929f5d07e2bf334a07f849fe656caedb
4696.     328     14254
4697. File   
4698. Open
4699.    
4700. C:\Program Files\7-Zip\Lang\ba.txt
4701.     328     18160
4702. File   
4703. Close
4704.    
4705. C:\Program Files\7-Zip\Lang\ba.txt
4706.  MD5:  0a897f9b7591d3437ad59c5d235d77e4
4707.  SHA1: a98df1db94abb5fbfc52942bad9643db4cd75470
4708.     328     18590
4709. File   
4710. Rename
4711.    
4712. Old Name:   C:\Program Files\7-Zip\Lang\ba.txt
4713. New Name:   C:\Program Files\7-Zip\Lang\ba.txt.vvv
4714.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
4715.  MD5:  0a897f9b7591d3437ad59c5d235d77e4
4716.  SHA1: a98df1db94abb5fbfc52942bad9643db4cd75470
4717.     328     18590
4718. File   
4719. Open
4720.    
4721. C:\Program Files\7-Zip\Lang\be.txt
4722.     328     18850
4723. File   
4724. Close
4725.    
4726. C:\Program Files\7-Zip\Lang\be.txt
4727.  MD5:  56b00b91b5406ce811fe3c135ac75a94
4728.  SHA1: 56e6d94a81ede6df2b6382303fb064fbacc531f6
4729.     328     19278
4730. File   
4731. Rename
4732.    
4733. Old Name:   C:\Program Files\7-Zip\Lang\be.txt
4734. New Name:   C:\Program Files\7-Zip\Lang\be.txt.vvv
4735.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
4736.  MD5:  56b00b91b5406ce811fe3c135ac75a94
4737.  SHA1: 56e6d94a81ede6df2b6382303fb064fbacc531f6
4738.     328     19278
4739. File   
4740. Open
4741.    
4742. C:\Program Files\7-Zip\Lang\bg.txt
4743.     328     20580
4744. File   
4745. Close
4746.    
4747. C:\Program Files\7-Zip\Lang\bg.txt
4748.  MD5:  66c2d332278461dc1629acb6c9910141
4749.  SHA1: a0787311b0a2deeca76454cd7d40a4c8f77eb502
4750.     328     21006
4751. File   
4752. Rename
4753.    
4754. Old Name:   C:\Program Files\7-Zip\Lang\bg.txt
4755. New Name:   C:\Program Files\7-Zip\Lang\bg.txt.vvv
4756.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
4757.  MD5:  66c2d332278461dc1629acb6c9910141
4758.  SHA1: a0787311b0a2deeca76454cd7d40a4c8f77eb502
4759.     328     21006
4760. File   
4761. Open
4762.    
4763. C:\Program Files\7-Zip\Lang\bn.txt
4764.     328     23005
4765. File   
4766. Close
4767.    
4768. C:\Program Files\7-Zip\Lang\bn.txt
4769.  MD5:  4f307b23da16c2777e2d823537d995c8
4770.  SHA1: d98b8cb613958cc106ac94717b8c7da8e2b74c53
4771.     328     23422
4772. File   
4773. Rename
4774.    
4775. Old Name:   C:\Program Files\7-Zip\Lang\bn.txt
4776. New Name:   C:\Program Files\7-Zip\Lang\bn.txt.vvv
4777.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
4778.  MD5:  4f307b23da16c2777e2d823537d995c8
4779.  SHA1: d98b8cb613958cc106ac94717b8c7da8e2b74c53
4780.     328     23422
4781. File   
4782. Open
4783.    
4784. C:\Program Files\7-Zip\Lang\br.txt
4785.     328     10645
4786. File   
4787. Close
4788.    
4789. C:\Program Files\7-Zip\Lang\br.txt
4790.  MD5:  9cc229901e84d6399313910cbdf4af33
4791.  SHA1: de396f16632e941c2986eac09bd82c146b7afeb5
4792.     328     11070
4793. File   
4794. Rename
4795.    
4796. Old Name:   C:\Program Files\7-Zip\Lang\br.txt
4797. New Name:   C:\Program Files\7-Zip\Lang\br.txt.vvv
4798.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
4799.  MD5:  9cc229901e84d6399313910cbdf4af33
4800.  SHA1: de396f16632e941c2986eac09bd82c146b7afeb5
4801.     328     11070
4802. File   
4803. Open
4804.    
4805. C:\Program Files\7-Zip\Lang\ca.txt
4806.     328     13798
4807. File   
4808. Close
4809.    
4810. C:\Program Files\7-Zip\Lang\ca.txt
4811.  MD5:  a2db5eee356d6a0f052ece13411d32ec
4812.  SHA1: 63ef84ca1b7b46a3a95b08815f168f670493a00b
4813.     328     14222
4814. File   
4815. Rename
4816.    
4817. Old Name:   C:\Program Files\7-Zip\Lang\ca.txt
4818. New Name:   C:\Program Files\7-Zip\Lang\ca.txt.vvv
4819.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
4820.  MD5:  a2db5eee356d6a0f052ece13411d32ec
4821.  SHA1: 63ef84ca1b7b46a3a95b08815f168f670493a00b
4822.     328     14222
4823. File   
4824. Open
4825.    
4826. C:\Program Files\7-Zip\Lang\cs.txt
4827.     328     14109
4828. File   
4829. Close
4830.    
4831. C:\Program Files\7-Zip\Lang\cs.txt
4832.  MD5:  bca7a240bd8ce8a920c802cce7e748d9
4833.  SHA1: fb70cdba397e24832ea7bde3fe581b342b331bd1
4834.     328     14526
4835. File   
4836. Rename
4837.    
4838. Old Name:   C:\Program Files\7-Zip\Lang\cs.txt
4839. New Name:   C:\Program Files\7-Zip\Lang\cs.txt.vvv
4840.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
4841.  MD5:  bca7a240bd8ce8a920c802cce7e748d9
4842.  SHA1: fb70cdba397e24832ea7bde3fe581b342b331bd1
4843.     328     14526
4844. File   
4845. Open
4846.    
4847. C:\Program Files\7-Zip\Lang\cy.txt
4848.     328     10645
4849. File   
4850. Close
4851.    
4852. C:\Program Files\7-Zip\Lang\cy.txt
4853.  MD5:  fd01ea496f1795ff593606c458206d48
4854.  SHA1: f12c2090cd2cfa7e68cb652f19a50707ad560737
4855.     328     11070
4856. File   
4857. Rename
4858.    
4859. Old Name:   C:\Program Files\7-Zip\Lang\cy.txt
4860. New Name:   C:\Program Files\7-Zip\Lang\cy.txt.vvv
4861.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
4862.  MD5:  fd01ea496f1795ff593606c458206d48
4863.  SHA1: f12c2090cd2cfa7e68cb652f19a50707ad560737
4864.     328     11070
4865. File   
4866. Open
4867.    
4868. C:\Program Files\7-Zip\Lang\da.txt
4869.     328     12946
4870. File   
4871. Close
4872.    
4873. C:\Program Files\7-Zip\Lang\da.txt
4874.  MD5:  d7dc348d2ef5b579fb75ff9eaa602078
4875.  SHA1: ceaab5e2174b1a2264b8147b01db9d5bb5f20c12
4876.     328     13374
4877. File   
4878. Rename
4879.    
4880. Old Name:   C:\Program Files\7-Zip\Lang\da.txt
4881. New Name:   C:\Program Files\7-Zip\Lang\da.txt.vvv
4882.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
4883.  MD5:  d7dc348d2ef5b579fb75ff9eaa602078
4884.  SHA1: ceaab5e2174b1a2264b8147b01db9d5bb5f20c12
4885.     328     13374
4886. File   
4887. Open
4888.    
4889. C:\Program Files\7-Zip\Lang\de.txt
4890.     328     14513
4891. File   
4892. Close
4893.    
4894. C:\Program Files\7-Zip\Lang\de.txt
4895.  MD5:  ac22c8e8482a9d626f18cef058314244
4896.  SHA1: 62defd2b824029328446e663313b457cea78051e
4897.     328     14942
4898. File   
4899. Rename
4900.    
4901. Old Name:   C:\Program Files\7-Zip\Lang\de.txt
4902. New Name:   C:\Program Files\7-Zip\Lang\de.txt.vvv
4903.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
4904.  MD5:  ac22c8e8482a9d626f18cef058314244
4905.  SHA1: 62defd2b824029328446e663313b457cea78051e
4906.     328     14942
4907. File   
4908. Open
4909.    
4910. C:\Program Files\7-Zip\Lang\el.txt
4911.     328     21536
4912. File   
4913. Close
4914.    
4915. C:\Program Files\7-Zip\Lang\el.txt
4916.  MD5:  e0dad4d5ef434c46724b492cc336df0f
4917.  SHA1: b90eebbf627bf11837b6659c35703ca95bcd630a
4918.     328     21966
4919. File   
4920. Rename
4921.    
4922. Old Name:   C:\Program Files\7-Zip\Lang\el.txt
4923. New Name:   C:\Program Files\7-Zip\Lang\el.txt.vvv
4924.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
4925.  MD5:  e0dad4d5ef434c46724b492cc336df0f
4926.  SHA1: b90eebbf627bf11837b6659c35703ca95bcd630a
4927.     328     21966
4928. File   
4929. Open
4930.    
4931. C:\Program Files\7-Zip\Lang\eo.txt
4932.     328     10637
4933. File   
4934. Close
4935.    
4936. C:\Program Files\7-Zip\Lang\eo.txt
4937.  MD5:  0a41ef683dfaffe3f744481c1c89e5bd
4938.  SHA1: c6c48883f47555773acfcdcb57c5ed23286ac34f
4939.     328     11054
4940. File   
4941. Rename
4942.    
4943. Old Name:   C:\Program Files\7-Zip\Lang\eo.txt
4944. New Name:   C:\Program Files\7-Zip\Lang\eo.txt.vvv
4945.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
4946.  MD5:  0a41ef683dfaffe3f744481c1c89e5bd
4947.  SHA1: c6c48883f47555773acfcdcb57c5ed23286ac34f
4948.     328     11054
4949. File   
4950. Open
4951.    
4952. C:\Program Files\7-Zip\Lang\es.txt
4953.     328     14521
4954. File   
4955. Close
4956.    
4957. C:\Program Files\7-Zip\Lang\es.txt
4958.  MD5:  730328d9e4a24b625368da5a224bb943
4959.  SHA1: a8005bff89ca6c901034d000f4532c9c7724c795
4960.     328     14942
4961. File   
4962. Rename
4963.    
4964. Old Name:   C:\Program Files\7-Zip\Lang\es.txt
4965. New Name:   C:\Program Files\7-Zip\Lang\es.txt.vvv
4966.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
4967.  MD5:  730328d9e4a24b625368da5a224bb943
4968.  SHA1: a8005bff89ca6c901034d000f4532c9c7724c795
4969.     328     14942
4970. File   
4971. Open
4972.    
4973. C:\Program Files\7-Zip\Lang\et.txt
4974.     328     13481
4975. File   
4976. Close
4977.    
4978. C:\Program Files\7-Zip\Lang\et.txt
4979.  MD5:  90a89e6e507ce89f5f7d964705ac5b29
4980.  SHA1: c8269bcd82772caa196c7af18c58737555c39e21
4981.     328     13902
4982. File   
4983. Rename
4984.    
4985. Old Name:   C:\Program Files\7-Zip\Lang\et.txt
4986. New Name:   C:\Program Files\7-Zip\Lang\et.txt.vvv
4987.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
4988.  MD5:  90a89e6e507ce89f5f7d964705ac5b29
4989.  SHA1: c8269bcd82772caa196c7af18c58737555c39e21
4990.     328     13902
4991. File   
4992. Open
4993.    
4994. C:\Program Files\7-Zip\Lang\eu.txt
4995.     328     12799
4996. File   
4997. Close
4998.    
4999. C:\Program Files\7-Zip\Lang\eu.txt
5000.  MD5:  cca51c87408fa2092b13417a4e6bdb09
5001.  SHA1: 892ef763e6a3ee87a121eac748f2f7486f5f3dfe
5002.     328     13214
5003. File   
5004. Rename
5005.    
5006. Old Name:   C:\Program Files\7-Zip\Lang\eu.txt
5007. New Name:   C:\Program Files\7-Zip\Lang\eu.txt.vvv
5008.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5009.  MD5:  cca51c87408fa2092b13417a4e6bdb09
5010.  SHA1: 892ef763e6a3ee87a121eac748f2f7486f5f3dfe
5011.     328     13214
5012. File   
5013. Open
5014.    
5015. C:\Program Files\7-Zip\Lang\ext.txt
5016.     328     14145
5017. File   
5018. Close
5019.    
5020. C:\Program Files\7-Zip\Lang\ext.txt
5021.  MD5:  29f336cbd30a6076b0214710d595a3d2
5022.  SHA1: 04faf2de1969aac56d3c9852690a6a6bac4d7710
5023.     328     14574
5024. File   
5025. Rename
5026.    
5027. Old Name:   C:\Program Files\7-Zip\Lang\ext.txt
5028. New Name:   C:\Program Files\7-Zip\Lang\ext.txt.vvv
5029.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5030.  MD5:  29f336cbd30a6076b0214710d595a3d2
5031.  SHA1: 04faf2de1969aac56d3c9852690a6a6bac4d7710
5032.     328     14574
5033. File   
5034. Open
5035.    
5036. C:\Program Files\7-Zip\Lang\fa.txt
5037.     328     16655
5038. File   
5039. Close
5040.    
5041. C:\Program Files\7-Zip\Lang\fa.txt
5042.  MD5:  48cfa62761d20646a6610898de4da689
5043.  SHA1: 69910f23000460c05afb5ae45756cf03240c5ce9
5044.     328     17070
5045. File   
5046. Rename
5047.    
5048. Old Name:   C:\Program Files\7-Zip\Lang\fa.txt
5049. New Name:   C:\Program Files\7-Zip\Lang\fa.txt.vvv
5050.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5051.  MD5:  48cfa62761d20646a6610898de4da689
5052.  SHA1: 69910f23000460c05afb5ae45756cf03240c5ce9
5053.     328     17070
5054. File   
5055. Open
5056.    
5057. C:\Program Files\7-Zip\Lang\fi.txt
5058.     328     14165
5059. File   
5060. Close
5061.    
5062. C:\Program Files\7-Zip\Lang\fi.txt
5063.  MD5:  cae2b41f4ac2f1877f420f2cc4542358
5064.  SHA1: 2ebcc782359b8e486ce14d00e71ee3909f4dd0b6
5065.     328     14590
5066. File   
5067. Rename
5068.    
5069. Old Name:   C:\Program Files\7-Zip\Lang\fi.txt
5070. New Name:   C:\Program Files\7-Zip\Lang\fi.txt.vvv
5071.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5072.  MD5:  cae2b41f4ac2f1877f420f2cc4542358
5073.  SHA1: 2ebcc782359b8e486ce14d00e71ee3909f4dd0b6
5074.     328     14590
5075. File   
5076. Open
5077.    
5078. C:\Program Files\7-Zip\Lang\fr.txt
5079.     328     14652
5080. File   
5081. Close
5082.    
5083. C:\Program Files\7-Zip\Lang\fr.txt
5084.  MD5:  adcfc47adf294fad8ff2e6f58bf0883b
5085.  SHA1: 8b3408b96f4df87f4707d914f8a677b11f27fb48
5086.     328     15070
5087. File   
5088. Rename
5089.    
5090. Old Name:   C:\Program Files\7-Zip\Lang\fr.txt
5091. New Name:   C:\Program Files\7-Zip\Lang\fr.txt.vvv
5092.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5093.  MD5:  adcfc47adf294fad8ff2e6f58bf0883b
5094.  SHA1: 8b3408b96f4df87f4707d914f8a677b11f27fb48
5095.     328     15070
5096. File   
5097. Open
5098.    
5099. C:\Program Files\7-Zip\Lang\fur.txt
5100.     328     13894
5101. File   
5102. Close
5103.    
5104. C:\Program Files\7-Zip\Lang\fur.txt
5105.  MD5:  3135e22cd0db2266a6f8c2d90451385e
5106.  SHA1: 751687b55911e1c5abc84b2d3d36c195b1353987
5107.     328     14318
5108. File   
5109. Rename
5110.    
5111. Old Name:   C:\Program Files\7-Zip\Lang\fur.txt
5112. New Name:   C:\Program Files\7-Zip\Lang\fur.txt.vvv
5113.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5114.  MD5:  3135e22cd0db2266a6f8c2d90451385e
5115.  SHA1: 751687b55911e1c5abc84b2d3d36c195b1353987
5116.     328     14318
5117. File   
5118. Open
5119.    
5120. C:\Program Files\7-Zip\Lang\fy.txt
5121.     328     12468
5122. File   
5123. Close
5124.    
5125. C:\Program Files\7-Zip\Lang\fy.txt
5126.  MD5:  aff8b6889005862e1cc060b1be074d00
5127.  SHA1: e4c2e36d7e6b26dae1e0c7e5e0d6af1edce94f72
5128.     328     12894
5129. File   
5130. Rename
5131.    
5132. Old Name:   C:\Program Files\7-Zip\Lang\fy.txt
5133. New Name:   C:\Program Files\7-Zip\Lang\fy.txt.vvv
5134.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5135.  MD5:  aff8b6889005862e1cc060b1be074d00
5136.  SHA1: e4c2e36d7e6b26dae1e0c7e5e0d6af1edce94f72
5137.     328     12894
5138. File   
5139. Open
5140.    
5141. C:\Program Files\7-Zip\Lang\gl.txt
5142.     328     10590
5143. File   
5144. Close
5145.    
5146. C:\Program Files\7-Zip\Lang\gl.txt
5147.  MD5:  548b92922cb0327fa6703290fb7e7fee
5148.  SHA1: dfc3c830d1b74bf4275017449fd4f1e1f2aa281a
5149.     328     11006
5150. File   
5151. Rename
5152.    
5153. Old Name:   C:\Program Files\7-Zip\Lang\gl.txt
5154. New Name:   C:\Program Files\7-Zip\Lang\gl.txt.vvv
5155.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5156.  MD5:  548b92922cb0327fa6703290fb7e7fee
5157.  SHA1: dfc3c830d1b74bf4275017449fd4f1e1f2aa281a
5158.     328     11006
5159. File   
5160. Open
5161.    
5162. C:\Program Files\7-Zip\Lang\gu.txt
5163.     328     26704
5164. File   
5165. Close
5166.    
5167. C:\Program Files\7-Zip\Lang\gu.txt
5168.  MD5:  94e7c58205246ef3f071a7b8d6cf0349
5169.  SHA1: 716a81d7d5de1b7c94deabd4369287bc2eb0ec61
5170.     328     27134
5171. File   
5172. Rename
5173.    
5174. Old Name:   C:\Program Files\7-Zip\Lang\gu.txt
5175. New Name:   C:\Program Files\7-Zip\Lang\gu.txt.vvv
5176.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5177.  MD5:  94e7c58205246ef3f071a7b8d6cf0349
5178.  SHA1: 716a81d7d5de1b7c94deabd4369287bc2eb0ec61
5179.     328     27134
5180. File   
5181. Open
5182.    
5183. C:\Program Files\7-Zip\Lang\he.txt
5184.     328     16419
5185. File   
5186. Close
5187.    
5188. C:\Program Files\7-Zip\Lang\he.txt
5189.  MD5:  defcdbaf7be4fcb29e0108f7d7715e7b
5190.  SHA1: 3994fcb792d8f17e0ca09d0cd8ab6076c1b0c0af
5191.     328     16846
5192. File   
5193. Rename
5194.    
5195. Old Name:   C:\Program Files\7-Zip\Lang\he.txt
5196. New Name:   C:\Program Files\7-Zip\Lang\he.txt.vvv
5197.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5198.  MD5:  defcdbaf7be4fcb29e0108f7d7715e7b
5199.  SHA1: 3994fcb792d8f17e0ca09d0cd8ab6076c1b0c0af
5200.     328     16846
5201. File   
5202. Open
5203.    
5204. C:\Program Files\7-Zip\Lang\hi.txt
5205.     328     26795
5206. File   
5207. Close
5208.    
5209. C:\Program Files\7-Zip\Lang\hi.txt
5210.  MD5:  7a7635f7fee901bedb15a18ef4ce07a3
5211.  SHA1: 68bf1907fb0f469ef845453ef104c4c4efb38568
5212.     328     27214
5213. File   
5214. Rename
5215.    
5216. Old Name:   C:\Program Files\7-Zip\Lang\hi.txt
5217. New Name:   C:\Program Files\7-Zip\Lang\hi.txt.vvv
5218.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5219.  MD5:  7a7635f7fee901bedb15a18ef4ce07a3
5220.  SHA1: 68bf1907fb0f469ef845453ef104c4c4efb38568
5221.     328     27214
5222. File   
5223. Open
5224.    
5225. C:\Program Files\7-Zip\Lang\hr.txt
5226.     328     13506
5227. File   
5228. Close
5229.    
5230. C:\Program Files\7-Zip\Lang\hr.txt
5231.  MD5:  ec31679ad1ebdd0c9689f2589bd56eac
5232.  SHA1: 92f062b7bcc0b4d5f6f8e76e4d44d8a8f68ccc9c
5233.     328     13934
5234. File   
5235. Rename
5236.    
5237. Old Name:   C:\Program Files\7-Zip\Lang\hr.txt
5238. New Name:   C:\Program Files\7-Zip\Lang\hr.txt.vvv
5239.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5240.  MD5:  ec31679ad1ebdd0c9689f2589bd56eac
5241.  SHA1: 92f062b7bcc0b4d5f6f8e76e4d44d8a8f68ccc9c
5242.     328     13934
5243. File   
5244. Open
5245.    
5246. C:\Program Files\7-Zip\Lang\hu.txt
5247.     328     14584
5248. File   
5249. Close
5250.    
5251. C:\Program Files\7-Zip\Lang\hu.txt
5252.  MD5:  00ac34924d2877358d658acb95837314
5253.  SHA1: 1aa7394d339e6eb7522bd21e0a2dfe06f1fec085
5254.     328     15006
5255. File   
5256. Rename
5257.    
5258. Old Name:   C:\Program Files\7-Zip\Lang\hu.txt
5259. New Name:   C:\Program Files\7-Zip\Lang\hu.txt.vvv
5260.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5261.  MD5:  00ac34924d2877358d658acb95837314
5262.  SHA1: 1aa7394d339e6eb7522bd21e0a2dfe06f1fec085
5263.     328     15006
5264. File   
5265. Open
5266.    
5267. C:\Program Files\7-Zip\Lang\hy.txt
5268.     328     18716
5269. File   
5270. Close
5271.    
5272. C:\Program Files\7-Zip\Lang\hy.txt
5273.  MD5:  d4e8bcaddf5a7d9a9c67eeb041392f76
5274.  SHA1: 950482eeb078163b8a499bc4ae3f082f20ca9f9a
5275.     328     19134
5276. File   
5277. Rename
5278.    
5279. Old Name:   C:\Program Files\7-Zip\Lang\hy.txt
5280. New Name:   C:\Program Files\7-Zip\Lang\hy.txt.vvv
5281.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5282.  MD5:  d4e8bcaddf5a7d9a9c67eeb041392f76
5283.  SHA1: 950482eeb078163b8a499bc4ae3f082f20ca9f9a
5284.     328     19134
5285. File   
5286. Open
5287.    
5288. C:\Program Files\7-Zip\Lang\id.txt
5289.     328     13337
5290. File   
5291. Close
5292.    
5293. C:\Program Files\7-Zip\Lang\id.txt
5294.  MD5:  57a51f4be45495b02530a60d8e3545ff
5295.  SHA1: d6f5a8643c6f849c2496e2a5cb0fef8c2fe67975
5296.     328     13758
5297. File   
5298. Rename
5299.    
5300. Old Name:   C:\Program Files\7-Zip\Lang\id.txt
5301. New Name:   C:\Program Files\7-Zip\Lang\id.txt.vvv
5302.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5303.  MD5:  57a51f4be45495b02530a60d8e3545ff
5304.  SHA1: d6f5a8643c6f849c2496e2a5cb0fef8c2fe67975
5305.     328     13758
5306. File   
5307. Open
5308.    
5309. C:\Program Files\7-Zip\Lang\io.txt
5310.     328     10115
5311. File   
5312. Close
5313.    
5314. C:\Program Files\7-Zip\Lang\io.txt
5315.  MD5:  8d7e3398097ba156bd872fde877923ae
5316.  SHA1: 6eae0e44d9513f99fe5c56b38406942ff2371034
5317.     328     10542
5318. File   
5319. Rename
5320.    
5321. Old Name:   C:\Program Files\7-Zip\Lang\io.txt
5322. New Name:   C:\Program Files\7-Zip\Lang\io.txt.vvv
5323.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5324.  MD5:  8d7e3398097ba156bd872fde877923ae
5325.  SHA1: 6eae0e44d9513f99fe5c56b38406942ff2371034
5326.     328     10542
5327. File   
5328. Open
5329.    
5330. C:\Program Files\7-Zip\Lang\is.txt
5331.     328     12293
5332. File   
5333. Close
5334.    
5335. C:\Program Files\7-Zip\Lang\is.txt
5336.  MD5:  725b2a12fa619a2c1e19b507937cddf8
5337.  SHA1: 477eaa1eab5c053a3505f01b80e8201f79d2287a
5338.     328     12718
5339. File   
5340. Rename
5341.    
5342. Old Name:   C:\Program Files\7-Zip\Lang\is.txt
5343. New Name:   C:\Program Files\7-Zip\Lang\is.txt.vvv
5344.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5345.  MD5:  725b2a12fa619a2c1e19b507937cddf8
5346.  SHA1: 477eaa1eab5c053a3505f01b80e8201f79d2287a
5347.     328     12718
5348. File   
5349. Open
5350.    
5351. C:\Program Files\7-Zip\Lang\it.txt
5352.     328     14153
5353. File   
5354. Close
5355.    
5356. C:\Program Files\7-Zip\Lang\it.txt
5357.  MD5:  3937198b37294f5d50434701670402c6
5358.  SHA1: 125c52c20a04386aab052ebda75fb2e9637ae17c
5359.     328     14574
5360. File   
5361. Rename
5362.    
5363. Old Name:   C:\Program Files\7-Zip\Lang\it.txt
5364. New Name:   C:\Program Files\7-Zip\Lang\it.txt.vvv
5365.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5366.  MD5:  3937198b37294f5d50434701670402c6
5367.  SHA1: 125c52c20a04386aab052ebda75fb2e9637ae17c
5368.     328     14574
5369. File   
5370. Open
5371.    
5372. C:\Program Files\7-Zip\Lang\ja.txt
5373.     328     15953
5374. File   
5375. Close
5376.    
5377. C:\Program Files\7-Zip\Lang\ja.txt
5378.  MD5:  ec9f3c49461351271fc8af7d65a50133
5379.  SHA1: 8a737ab4390543008869677be0cda9f4fd310279
5380.     328     16382
5381. File   
5382. Rename
5383.    
5384. Old Name:   C:\Program Files\7-Zip\Lang\ja.txt
5385. New Name:   C:\Program Files\7-Zip\Lang\ja.txt.vvv
5386.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5387.  MD5:  ec9f3c49461351271fc8af7d65a50133
5388.  SHA1: 8a737ab4390543008869677be0cda9f4fd310279
5389.     328     16382
5390. File   
5391. Open
5392.    
5393. C:\Program Files\7-Zip\Lang\ka.txt
5394.     328     19733
5395. File   
5396. Close
5397.    
5398. C:\Program Files\7-Zip\Lang\ka.txt
5399.  MD5:  b3834d7955145abab12ebb97446a6c73
5400.  SHA1: b0f79f27d4fb2a777fb380b91a131a67435c4025
5401.     328     20158
5402. File   
5403. Rename
5404.    
5405. Old Name:   C:\Program Files\7-Zip\Lang\ka.txt
5406. New Name:   C:\Program Files\7-Zip\Lang\ka.txt.vvv
5407.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5408.  MD5:  b3834d7955145abab12ebb97446a6c73
5409.  SHA1: b0f79f27d4fb2a777fb380b91a131a67435c4025
5410.     328     20158
5411. File   
5412. Open
5413.    
5414. C:\Program Files\7-Zip\Lang\kk.txt
5415.     328     17704
5416. File   
5417. Close
5418.    
5419. C:\Program Files\7-Zip\Lang\kk.txt
5420.  MD5:  f1f3b8eec1f6875469e2df93af9d28b2
5421.  SHA1: 79b947f14009ef0c06fdaa1267c1885249e8d2ab
5422.     328     18126
5423. File   
5424. Rename
5425.    
5426. Old Name:   C:\Program Files\7-Zip\Lang\kk.txt
5427. New Name:   C:\Program Files\7-Zip\Lang\kk.txt.vvv
5428.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5429.  MD5:  f1f3b8eec1f6875469e2df93af9d28b2
5430.  SHA1: 79b947f14009ef0c06fdaa1267c1885249e8d2ab
5431.     328     18126
5432. File   
5433. Open
5434.    
5435. C:\Program Files\7-Zip\Lang\ko.txt
5436.     328     14742
5437. File   
5438. Close
5439.    
5440. C:\Program Files\7-Zip\Lang\ko.txt
5441.  MD5:  81aa80c3f6a82aa31302909b0c05a49f
5442.  SHA1: eb578e3680ce3c8be71b62d8a1b199cbdd037c29
5443.     328     15166
5444. File   
5445. Rename
5446.    
5447. Old Name:   C:\Program Files\7-Zip\Lang\ko.txt
5448. New Name:   C:\Program Files\7-Zip\Lang\ko.txt.vvv
5449.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5450.  MD5:  81aa80c3f6a82aa31302909b0c05a49f
5451.  SHA1: eb578e3680ce3c8be71b62d8a1b199cbdd037c29
5452.     328     15166
5453. File   
5454. Open
5455.    
5456. C:\Program Files\7-Zip\Lang\ku-ckb.txt
5457.     328     19711
5458. File   
5459. Close
5460.    
5461. C:\Program Files\7-Zip\Lang\ku-ckb.txt
5462.  MD5:  ed3f85623f4a70c4c8032da046563358
5463.  SHA1: 7762e3bdafe7f90826b274934b4b47e2de83f37e
5464.     328     20126
5465. File   
5466. Rename
5467.    
5468. Old Name:   C:\Program Files\7-Zip\Lang\ku-ckb.txt
5469. New Name:   C:\Program Files\7-Zip\Lang\ku-ckb.txt.vvv
5470.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5471.  MD5:  ed3f85623f4a70c4c8032da046563358
5472.  SHA1: 7762e3bdafe7f90826b274934b4b47e2de83f37e
5473.     328     20126
5474. File   
5475. Open
5476.    
5477. C:\Program Files\7-Zip\Lang\ku.txt
5478.     328     11198
5479. File   
5480. Close
5481.    
5482. C:\Program Files\7-Zip\Lang\ku.txt
5483.  MD5:  650d7019db102e6e1116264ddcf88e28
5484.  SHA1: af38e3b87ebd1bab0a947a0b872bd3f55f8bdb07
5485.     328     11614
5486. File   
5487. Rename
5488.    
5489. Old Name:   C:\Program Files\7-Zip\Lang\ku.txt
5490. New Name:   C:\Program Files\7-Zip\Lang\ku.txt.vvv
5491.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5492.  MD5:  650d7019db102e6e1116264ddcf88e28
5493.  SHA1: af38e3b87ebd1bab0a947a0b872bd3f55f8bdb07
5494.     328     11614
5495. File   
5496. Open
5497.    
5498. C:\Program Files\7-Zip\Lang\lt.txt
5499.     328     13239
5500. File   
5501. Close
5502.    
5503. C:\Program Files\7-Zip\Lang\lt.txt
5504.  MD5:  eef5d61bfcb1f6472a9de7ee5da85fbd
5505.  SHA1: 714f1349bb554c2875a45f3dffb76de41bb0b507
5506.     328     13662
5507. File   
5508. Rename
5509.    
5510. Old Name:   C:\Program Files\7-Zip\Lang\lt.txt
5511. New Name:   C:\Program Files\7-Zip\Lang\lt.txt.vvv
5512.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5513.  MD5:  eef5d61bfcb1f6472a9de7ee5da85fbd
5514.  SHA1: 714f1349bb554c2875a45f3dffb76de41bb0b507
5515.     328     13662
5516. File   
5517. Open
5518.    
5519. C:\Program Files\7-Zip\Lang\lv.txt
5520.     328     10690
5521. File   
5522. Close
5523.    
5524. C:\Program Files\7-Zip\Lang\lv.txt
5525.  MD5:  fe83a4672ca04694f26299501e75c769
5526.  SHA1: ee7626a71e54c81045018db5aa53344367644b77
5527.     328     11118
5528. File   
5529. Rename
5530.    
5531. Old Name:   C:\Program Files\7-Zip\Lang\lv.txt
5532. New Name:   C:\Program Files\7-Zip\Lang\lv.txt.vvv
5533.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5534.  MD5:  fe83a4672ca04694f26299501e75c769
5535.  SHA1: ee7626a71e54c81045018db5aa53344367644b77
5536.     328     11118
5537. File   
5538. Open
5539.    
5540. C:\Program Files\7-Zip\Lang\mk.txt
5541.     328     15080
5542. File   
5543. Close
5544.    
5545. C:\Program Files\7-Zip\Lang\mk.txt
5546.  MD5:  8d253e2a99e5366aade6163e64a4ebc8
5547.  SHA1: e7b52661a0584c4504074a99c22280de29ef5126
5548.     328     15502
5549. File   
5550. Rename
5551.    
5552. Old Name:   C:\Program Files\7-Zip\Lang\mk.txt
5553. New Name:   C:\Program Files\7-Zip\Lang\mk.txt.vvv
5554.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5555.  MD5:  8d253e2a99e5366aade6163e64a4ebc8
5556.  SHA1: e7b52661a0584c4504074a99c22280de29ef5126
5557.     328     15502
5558. File   
5559. Open
5560.    
5561. C:\Program Files\7-Zip\Lang\mn.txt
5562.     328     14657
5563. File   
5564. Close
5565.    
5566. C:\Program Files\7-Zip\Lang\mn.txt
5567.  MD5:  859cce0f31c8a075ead75c0843ce6552
5568.  SHA1: c1f9f5a00b76546204f4edc657159ccca51d270e
5569.     328     15086
5570. File   
5571. Rename
5572.    
5573. Old Name:   C:\Program Files\7-Zip\Lang\mn.txt
5574. New Name:   C:\Program Files\7-Zip\Lang\mn.txt.vvv
5575.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5576.  MD5:  859cce0f31c8a075ead75c0843ce6552
5577.  SHA1: c1f9f5a00b76546204f4edc657159ccca51d270e
5578.     328     15086
5579. File   
5580. Open
5581.    
5582. C:\Program Files\7-Zip\Lang\mr.txt
5583.     328     17597
5584. File   
5585. Close
5586.    
5587. C:\Program Files\7-Zip\Lang\mr.txt
5588.  MD5:  715c6b2a6b6d24d3549b3a558ac54039
5589.  SHA1: 7a8f0bfb7b8785723a4d0974eb94ee265b3f6a9f
5590.     328     18014
5591. File   
5592. Rename
5593.    
5594. Old Name:   C:\Program Files\7-Zip\Lang\mr.txt
5595. New Name:   C:\Program Files\7-Zip\Lang\mr.txt.vvv
5596.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5597.  MD5:  715c6b2a6b6d24d3549b3a558ac54039
5598.  SHA1: 7a8f0bfb7b8785723a4d0974eb94ee265b3f6a9f
5599.     328     18014
5600. File   
5601. Open
5602.    
5603. C:\Program Files\7-Zip\Lang\ms.txt
5604.     328     10409
5605. File   
5606. Close
5607.    
5608. C:\Program Files\7-Zip\Lang\ms.txt
5609.  MD5:  e7b53445783445bada3e3a7289e4f7ed
5610.  SHA1: 135c56cc0bf5bee7f88bd0ad197cf5dba59764ea
5611.     328     10830
5612. File   
5613. Rename
5614.    
5615. Old Name:   C:\Program Files\7-Zip\Lang\ms.txt
5616. New Name:   C:\Program Files\7-Zip\Lang\ms.txt.vvv
5617.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5618.  MD5:  e7b53445783445bada3e3a7289e4f7ed
5619.  SHA1: 135c56cc0bf5bee7f88bd0ad197cf5dba59764ea
5620.     328     10830
5621. File   
5622. Open
5623.    
5624. C:\Program Files\7-Zip\Lang\nb.txt
5625.     328     11767
5626. File   
5627. Close
5628.    
5629. C:\Program Files\7-Zip\Lang\nb.txt
5630.  MD5:  f4453f890e41e078e5e9bc10dcdaea52
5631.  SHA1: 261de0bccaceec4ffbf97607999847ddd5d7a663
5632.     328     12190
5633. File   
5634. Rename
5635.    
5636. Old Name:   C:\Program Files\7-Zip\Lang\nb.txt
5637. New Name:   C:\Program Files\7-Zip\Lang\nb.txt.vvv
5638.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5639.  MD5:  f4453f890e41e078e5e9bc10dcdaea52
5640.  SHA1: 261de0bccaceec4ffbf97607999847ddd5d7a663
5641.     328     12190
5642. File   
5643. Open
5644.    
5645. C:\Program Files\7-Zip\Lang\ne.txt
5646.     328     21822
5647. File   
5648. Close
5649.    
5650. C:\Program Files\7-Zip\Lang\ne.txt
5651.  MD5:  880b35da9aefd077d0893a2b34b0de90
5652.  SHA1: 61bcd05a4e099be830b9674b0a52184df2599459
5653.     328     22238
5654. File   
5655. Rename
5656.    
5657. Old Name:   C:\Program Files\7-Zip\Lang\ne.txt
5658. New Name:   C:\Program Files\7-Zip\Lang\ne.txt.vvv
5659.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5660.  MD5:  880b35da9aefd077d0893a2b34b0de90
5661.  SHA1: 61bcd05a4e099be830b9674b0a52184df2599459
5662.     328     22238
5663. File   
5664. Open
5665.    
5666. C:\Program Files\7-Zip\Lang\nl.txt
5667.     328     14213
5668. File   
5669. Close
5670.    
5671. C:\Program Files\7-Zip\Lang\nl.txt
5672.  MD5:  ecb27bed9bbd6e60e92f7e43fd66eecb
5673.  SHA1: e375150c927eb0592cf1e694101f6e8623550a9a
5674.     328     14638
5675. File   
5676. Rename
5677.    
5678. Old Name:   C:\Program Files\7-Zip\Lang\nl.txt
5679. New Name:   C:\Program Files\7-Zip\Lang\nl.txt.vvv
5680.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5681.  MD5:  ecb27bed9bbd6e60e92f7e43fd66eecb
5682.  SHA1: e375150c927eb0592cf1e694101f6e8623550a9a
5683.     328     14638
5684. File   
5685. Open
5686.    
5687. C:\Program Files\7-Zip\Lang\nn.txt
5688.     328     11500
5689. File   
5690. Close
5691.    
5692. C:\Program Files\7-Zip\Lang\nn.txt
5693.  MD5:  9b27aae1ba98fa8114115972a172c832
5694.  SHA1: e7a8b4a79c7fbaeff7632da97d387001a1cff487
5695.     328     11918
5696. File   
5697. Rename
5698.    
5699. Old Name:   C:\Program Files\7-Zip\Lang\nn.txt
5700. New Name:   C:\Program Files\7-Zip\Lang\nn.txt.vvv
5701.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5702.  MD5:  9b27aae1ba98fa8114115972a172c832
5703.  SHA1: e7a8b4a79c7fbaeff7632da97d387001a1cff487
5704.     328     11918
5705. File   
5706. Open
5707.    
5708. C:\Program Files\7-Zip\Lang\pa-in.txt
5709.     328     22849
5710. File   
5711. Close
5712.    
5713. C:\Program Files\7-Zip\Lang\pa-in.txt
5714.  MD5:  1746514f6e78d9b18aaf1eabd9674197
5715.  SHA1: 34b03796b5152d1192f65755ff74bb0462dc5241
5716.     328     23278
5717. File   
5718. Rename
5719.    
5720. Old Name:   C:\Program Files\7-Zip\Lang\pa-in.txt
5721. New Name:   C:\Program Files\7-Zip\Lang\pa-in.txt.vvv
5722.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5723.  MD5:  1746514f6e78d9b18aaf1eabd9674197
5724.  SHA1: 34b03796b5152d1192f65755ff74bb0462dc5241
5725.     328     23278
5726. File   
5727. Open
5728.    
5729. C:\Program Files\7-Zip\Lang\pl.txt
5730.     328     14102
5731. File   
5732. Close
5733.    
5734. C:\Program Files\7-Zip\Lang\pl.txt
5735.  MD5:  d3cd4e3f351a678ec61aa874f76bef36
5736.  SHA1: 17b6eab7596148566f7c02c104be6aa98b3c9762
5737.     328     14526
5738. File   
5739. Rename
5740.    
5741. Old Name:   C:\Program Files\7-Zip\Lang\pl.txt
5742. New Name:   C:\Program Files\7-Zip\Lang\pl.txt.vvv
5743.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5744.  MD5:  d3cd4e3f351a678ec61aa874f76bef36
5745.  SHA1: 17b6eab7596148566f7c02c104be6aa98b3c9762
5746.     328     14526
5747. File   
5748. Open
5749.    
5750. C:\Program Files\7-Zip\Lang\ps.txt
5751.     328     15131
5752. File   
5753. Close
5754.    
5755. C:\Program Files\7-Zip\Lang\ps.txt
5756.  MD5:  301a6645c6932c59f8e6af3fdc408e6a
5757.  SHA1: 20c9a0a92913610f62019c8dc3df85d6274dadd5
5758.     328     15550
5759. File   
5760. Rename
5761.    
5762. Old Name:   C:\Program Files\7-Zip\Lang\ps.txt
5763. New Name:   C:\Program Files\7-Zip\Lang\ps.txt.vvv
5764.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5765.  MD5:  301a6645c6932c59f8e6af3fdc408e6a
5766.  SHA1: 20c9a0a92913610f62019c8dc3df85d6274dadd5
5767.     328     15550
5768. File   
5769. Open
5770.    
5771. C:\Program Files\7-Zip\Lang\pt-br.txt
5772.     328     13864
5773. File   
5774. Close
5775.    
5776. C:\Program Files\7-Zip\Lang\pt-br.txt
5777.  MD5:  221874611cbacd205464ed53a83db9e7
5778.  SHA1: 729abbe1099d2acf468856d2510c63b26218e0d4
5779.     328     14286
5780. File   
5781. Rename
5782.    
5783. Old Name:   C:\Program Files\7-Zip\Lang\pt-br.txt
5784. New Name:   C:\Program Files\7-Zip\Lang\pt-br.txt.vvv
5785.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5786.  MD5:  221874611cbacd205464ed53a83db9e7
5787.  SHA1: 729abbe1099d2acf468856d2510c63b26218e0d4
5788.     328     14286
5789. File   
5790. Open
5791.    
5792. C:\Program Files\7-Zip\Lang\pt.txt
5793.     328     14007
5794. File   
5795. Close
5796.    
5797. C:\Program Files\7-Zip\Lang\pt.txt
5798.  MD5:  02b6ff8aa4dae4eea729b2e84cbceb7d
5799.  SHA1: d62a614ae4c8fdef62a7a2ea62fec4fe8ab90a03
5800.     328     14430
5801. File   
5802. Rename
5803.    
5804. Old Name:   C:\Program Files\7-Zip\Lang\pt.txt
5805. New Name:   C:\Program Files\7-Zip\Lang\pt.txt.vvv
5806.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5807.  MD5:  02b6ff8aa4dae4eea729b2e84cbceb7d
5808.  SHA1: d62a614ae4c8fdef62a7a2ea62fec4fe8ab90a03
5809.     328     14430
5810. File   
5811. Open
5812.    
5813. C:\Program Files\7-Zip\Lang\ro.txt
5814.     328     13994
5815. File   
5816. Close
5817.    
5818. C:\Program Files\7-Zip\Lang\ro.txt
5819.  MD5:  019852f1b33e4cfe20b35c78151cc893
5820.  SHA1: c359e3b2c4b24c42f4d381b83092383c21a0eef2
5821.     328     14414
5822. File   
5823. Rename
5824.    
5825. Old Name:   C:\Program Files\7-Zip\Lang\ro.txt
5826. New Name:   C:\Program Files\7-Zip\Lang\ro.txt.vvv
5827.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5828.  MD5:  019852f1b33e4cfe20b35c78151cc893
5829.  SHA1: c359e3b2c4b24c42f4d381b83092383c21a0eef2
5830.     328     14414
5831. File   
5832. Open
5833.    
5834. C:\Program Files\7-Zip\Lang\ru.txt
5835.     328     19107
5836. File   
5837. Close
5838.    
5839. C:\Program Files\7-Zip\Lang\ru.txt
5840.  MD5:  7a71b2a81b4475381513f79188f8b52d
5841.  SHA1: 063147c8ddfcfcf8f757baab1c96427b97dfddba
5842.     328     19534
5843. File   
5844. Rename
5845.    
5846. Old Name:   C:\Program Files\7-Zip\Lang\ru.txt
5847. New Name:   C:\Program Files\7-Zip\Lang\ru.txt.vvv
5848.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5849.  MD5:  7a71b2a81b4475381513f79188f8b52d
5850.  SHA1: 063147c8ddfcfcf8f757baab1c96427b97dfddba
5851.     328     19534
5852. File   
5853. Open
5854.    
5855. C:\Program Files\7-Zip\Lang\sa.txt
5856.     328     28434
5857. File   
5858. Close
5859.    
5860. C:\Program Files\7-Zip\Lang\sa.txt
5861.  MD5:  6f5e1bdd3e14761d8d1579b6bcc59b97
5862.  SHA1: e18b47425da207d278f8ec27ec086a4bfb56577a
5863.     328     28862
5864. File   
5865. Rename
5866.    
5867. Old Name:   C:\Program Files\7-Zip\Lang\sa.txt
5868. New Name:   C:\Program Files\7-Zip\Lang\sa.txt.vvv
5869.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5870.  MD5:  6f5e1bdd3e14761d8d1579b6bcc59b97
5871.  SHA1: e18b47425da207d278f8ec27ec086a4bfb56577a
5872.     328     28862
5873. File   
5874. Open
5875.    
5876. C:\Program Files\7-Zip\Lang\si.txt
5877.     328     25126
5878. File   
5879. Close
5880.    
5881. C:\Program Files\7-Zip\Lang\si.txt
5882.  MD5:  ce66c0e092912e3321341acc39e77f4a
5883.  SHA1: f3b2fae989367d6d34fe6994a127a7a154fc15bd
5884.     328     25550
5885. File   
5886. Rename
5887.    
5888. Old Name:   C:\Program Files\7-Zip\Lang\si.txt
5889. New Name:   C:\Program Files\7-Zip\Lang\si.txt.vvv
5890.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5891.  MD5:  ce66c0e092912e3321341acc39e77f4a
5892.  SHA1: f3b2fae989367d6d34fe6994a127a7a154fc15bd
5893.     328     25550
5894. File   
5895. Open
5896.    
5897. C:\Program Files\7-Zip\Lang\sk.txt
5898.     328     14323
5899. File   
5900. Close
5901.    
5902. C:\Program Files\7-Zip\Lang\sk.txt
5903.  MD5:  d3a53836aa67fe47659c538a95b58384
5904.  SHA1: 0de4300e1d1f81a3799cee8abadd3c77927fb83b
5905.     328     14750
5906. File   
5907. Rename
5908.    
5909. Old Name:   C:\Program Files\7-Zip\Lang\sk.txt
5910. New Name:   C:\Program Files\7-Zip\Lang\sk.txt.vvv
5911.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5912.  MD5:  d3a53836aa67fe47659c538a95b58384
5913.  SHA1: 0de4300e1d1f81a3799cee8abadd3c77927fb83b
5914.     328     14750
5915. File   
5916. Open
5917.    
5918. C:\Program Files\7-Zip\Lang\sl.txt
5919.     328     12419
5920. API Call   
5921.    
5922.  API Name:  Sleep   Address:  0x0041f00b
5923.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
5924.     328      
5925. File   
5926. Close
5927.    
5928. C:\Program Files\7-Zip\Lang\sl.txt
5929.  MD5:  cb1cebed2166b115407314d52bdbd1bb
5930.  SHA1: 4f4721186b076873ce21d2ba4d4743812ad0b9fe
5931.     328     12846
5932. File   
5933. Rename
5934.    
5935. Old Name:   C:\Program Files\7-Zip\Lang\sl.txt
5936. New Name:   C:\Program Files\7-Zip\Lang\sl.txt.vvv
5937.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5938.  MD5:  cb1cebed2166b115407314d52bdbd1bb
5939.  SHA1: 4f4721186b076873ce21d2ba4d4743812ad0b9fe
5940.     328     12846
5941. File   
5942. Open
5943.    
5944. C:\Program Files\7-Zip\Lang\sq.txt
5945.     328     11588
5946. File   
5947. Close
5948.    
5949. C:\Program Files\7-Zip\Lang\sq.txt
5950.  MD5:  0f966e618693cce9b666467e135f90d8
5951.  SHA1: 994755a929d92283fb5abe5ad782757bfe78d9da
5952.     328     12014
5953. File   
5954. Rename
5955.    
5956. Old Name:   C:\Program Files\7-Zip\Lang\sq.txt
5957. New Name:   C:\Program Files\7-Zip\Lang\sq.txt.vvv
5958.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5959.  MD5:  0f966e618693cce9b666467e135f90d8
5960.  SHA1: 994755a929d92283fb5abe5ad782757bfe78d9da
5961.     328     12014
5962. File   
5963. Open
5964.    
5965. C:\Program Files\7-Zip\Lang\sr-spc.txt
5966.     328     19089
5967. File   
5968. Close
5969.    
5970. C:\Program Files\7-Zip\Lang\sr-spc.txt
5971.  MD5:  14122f46273218d2905cbd66d5cfec2f
5972.  SHA1: 8c3bf669081e81f4bf0ccdb2c0604ab067f97720
5973.     328     19518
5974. File   
5975. Rename
5976.    
5977. Old Name:   C:\Program Files\7-Zip\Lang\sr-spc.txt
5978. New Name:   C:\Program Files\7-Zip\Lang\sr-spc.txt.vvv
5979.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
5980.  MD5:  14122f46273218d2905cbd66d5cfec2f
5981.  SHA1: 8c3bf669081e81f4bf0ccdb2c0604ab067f97720
5982.     328     19518
5983. File   
5984. Open
5985.    
5986. C:\Program Files\7-Zip\Lang\sr-spl.txt
5987.     328     13378
5988. File   
5989. Close
5990.    
5991. C:\Program Files\7-Zip\Lang\sr-spl.txt
5992.  MD5:  10608f4764b85e090afe2bab152709a2
5993.  SHA1: ba532e0aadc9162d35f8f6179929b0c9b659df2e
5994.     328     13806
5995. File   
5996. Rename
5997.    
5998. Old Name:   C:\Program Files\7-Zip\Lang\sr-spl.txt
5999. New Name:   C:\Program Files\7-Zip\Lang\sr-spl.txt.vvv
6000.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
6001.  MD5:  10608f4764b85e090afe2bab152709a2
6002.  SHA1: ba532e0aadc9162d35f8f6179929b0c9b659df2e
6003.     328     13806
6004. File   
6005. Open
6006.    
6007. C:\Program Files\7-Zip\Lang\sv.txt
6008.     328     13743
6009. File   
6010. Close
6011.    
6012. C:\Program Files\7-Zip\Lang\sv.txt
6013.  MD5:  aece2f7edc30454542fb482949f82d62
6014.  SHA1: 31677decedeb435b488e0d5250c097bb3d2af83c
6015.     328     14158
6016. File   
6017. Rename
6018.    
6019. Old Name:   C:\Program Files\7-Zip\Lang\sv.txt
6020. New Name:   C:\Program Files\7-Zip\Lang\sv.txt.vvv
6021.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
6022.  MD5:  aece2f7edc30454542fb482949f82d62
6023.  SHA1: 31677decedeb435b488e0d5250c097bb3d2af83c
6024.     328     14158
6025. File   
6026. Open
6027.    
6028. C:\Program Files\7-Zip\Lang\ta.txt
6029.     328     20476
6030. File   
6031. Close
6032.    
6033. C:\Program Files\7-Zip\Lang\ta.txt
6034.  MD5:  c00bf69096c8abb699fb4c84dc82b183
6035.  SHA1: 45a6810ba4331c77bcdfe2cb5fb7de410bc268cc
6036.     328     20894
6037. File   
6038. Rename
6039.    
6040. Old Name:   C:\Program Files\7-Zip\Lang\ta.txt
6041. New Name:   C:\Program Files\7-Zip\Lang\ta.txt.vvv
6042.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
6043.  MD5:  c00bf69096c8abb699fb4c84dc82b183
6044.  SHA1: 45a6810ba4331c77bcdfe2cb5fb7de410bc268cc
6045.     328     20894
6046. File   
6047. Open
6048.    
6049. C:\Program Files\7-Zip\Lang\th.txt
6050.     328     24112
6051. File   
6052. Close
6053.    
6054. C:\Program Files\7-Zip\Lang\th.txt
6055.  MD5:  5834b70466f62f28f46b72c2284b2144
6056.  SHA1: b0f964590e1f6cfcf5ae6efa4893a4fbb4d2a0de
6057.     328     24542
6058. File   
6059. Rename
6060.    
6061. Old Name:   C:\Program Files\7-Zip\Lang\th.txt
6062. New Name:   C:\Program Files\7-Zip\Lang\th.txt.vvv
6063.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
6064.  MD5:  5834b70466f62f28f46b72c2284b2144
6065.  SHA1: b0f964590e1f6cfcf5ae6efa4893a4fbb4d2a0de
6066.     328     24542
6067. File   
6068. Open
6069.    
6070. C:\Program Files\7-Zip\Lang\tr.txt
6071.     328     13497
6072. File   
6073. Close
6074.    
6075. C:\Program Files\7-Zip\Lang\tr.txt
6076.  MD5:  712ed51f3e4058f3ed4d5fee2b594891
6077.  SHA1: 6f798aef72295aab1851d2b50bb34ba84900a96b
6078.     328     13918
6079. File   
6080. Rename
6081.    
6082. Old Name:   C:\Program Files\7-Zip\Lang\tr.txt
6083. New Name:   C:\Program Files\7-Zip\Lang\tr.txt.vvv
6084.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
6085.  MD5:  712ed51f3e4058f3ed4d5fee2b594891
6086.  SHA1: 6f798aef72295aab1851d2b50bb34ba84900a96b
6087.     328     13918
6088. File   
6089. Open
6090.    
6091. C:\Program Files\7-Zip\Lang\tt.txt
6092.     328     18409
6093. File   
6094. Close
6095.    
6096. C:\Program Files\7-Zip\Lang\tt.txt
6097.  MD5:  ff5bcc1448b87e0a31808adbf34e1811
6098.  SHA1: 6f32d342a7551310121a0d9442231f6c28f8b8c5
6099.     328     18830
6100. File   
6101. Rename
6102.    
6103. Old Name:   C:\Program Files\7-Zip\Lang\tt.txt
6104. New Name:   C:\Program Files\7-Zip\Lang\tt.txt.vvv
6105.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
6106.  MD5:  ff5bcc1448b87e0a31808adbf34e1811
6107.  SHA1: 6f32d342a7551310121a0d9442231f6c28f8b8c5
6108.     328     18830
6109. File   
6110. Open
6111.    
6112. C:\Program Files\7-Zip\Lang\ug.txt
6113.     328     18785
6114. File   
6115. Close
6116.    
6117. C:\Program Files\7-Zip\Lang\ug.txt
6118.  MD5:  6ece79be54176e15c34fe87b4cae9898
6119.  SHA1: 2a157a30e3919bf5b31c01d56f74a4f1ac1ce93a
6120.     328     19214
6121. File   
6122. Rename
6123.    
6124. Old Name:   C:\Program Files\7-Zip\Lang\ug.txt
6125. New Name:   C:\Program Files\7-Zip\Lang\ug.txt.vvv
6126.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
6127.  MD5:  6ece79be54176e15c34fe87b4cae9898
6128.  SHA1: 2a157a30e3919bf5b31c01d56f74a4f1ac1ce93a
6129.     328     19214
6130. File   
6131. Open
6132.    
6133. C:\Program Files\7-Zip\Lang\uk.txt
6134.     328     19729
6135. File   
6136. Close
6137.    
6138. C:\Program Files\7-Zip\Lang\uk.txt
6139.  MD5:  2a975ad79f6fb301e657f8879f22b60a
6140.  SHA1: 7a2d9f95e7713f2204edf3509d252ade2d3f993f
6141.     328     20158
6142. File   
6143. Rename
6144.    
6145. Old Name:   C:\Program Files\7-Zip\Lang\uk.txt
6146. New Name:   C:\Program Files\7-Zip\Lang\uk.txt.vvv
6147.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
6148.  MD5:  2a975ad79f6fb301e657f8879f22b60a
6149.  SHA1: 7a2d9f95e7713f2204edf3509d252ade2d3f993f
6150.     328     20158
6151. File   
6152. Open
6153.    
6154. C:\Program Files\7-Zip\Lang\uz.txt
6155.     328     10679
6156. File   
6157. Close
6158.    
6159. C:\Program Files\7-Zip\Lang\uz.txt
6160.  MD5:  e0446951590b90ae6d8ed54058455396
6161.  SHA1: f5bb3c30a7a5ce2ffccfd24ee8695d86d1152e11
6162.     328     11102
6163. File   
6164. Rename
6165.    
6166. Old Name:   C:\Program Files\7-Zip\Lang\uz.txt
6167. New Name:   C:\Program Files\7-Zip\Lang\uz.txt.vvv
6168.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
6169.  MD5:  e0446951590b90ae6d8ed54058455396
6170.  SHA1: f5bb3c30a7a5ce2ffccfd24ee8695d86d1152e11
6171.     328     11102
6172. File   
6173. Open
6174.    
6175. C:\Program Files\7-Zip\Lang\va.txt
6176.     328     12179
6177. File   
6178. Close
6179.    
6180. C:\Program Files\7-Zip\Lang\va.txt
6181.  MD5:  bf4ef27b4b43f749fb1398b9e3ca430e
6182.  SHA1: 6696717fa37cbef4cede653d9a6791a08e5554e5
6183.     328     12606
6184. File   
6185. Rename
6186.    
6187. Old Name:   C:\Program Files\7-Zip\Lang\va.txt
6188. New Name:   C:\Program Files\7-Zip\Lang\va.txt.vvv
6189.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
6190.  MD5:  bf4ef27b4b43f749fb1398b9e3ca430e
6191.  SHA1: 6696717fa37cbef4cede653d9a6791a08e5554e5
6192.     328     12606
6193. File   
6194. Open
6195.    
6196. C:\Program Files\7-Zip\Lang\vi.txt
6197.     328     13716
6198. File   
6199. Close
6200.    
6201. C:\Program Files\7-Zip\Lang\vi.txt
6202.  MD5:  70e859bd5433ea291b92184969d0de30
6203.  SHA1: 211b9548eb9f6d98adade16cfe122c543393d614
6204.     328     14142
6205. File   
6206. Rename
6207.    
6208. Old Name:   C:\Program Files\7-Zip\Lang\vi.txt
6209. New Name:   C:\Program Files\7-Zip\Lang\vi.txt.vvv
6210.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
6211.  MD5:  70e859bd5433ea291b92184969d0de30
6212.  SHA1: 211b9548eb9f6d98adade16cfe122c543393d614
6213.     328     14142
6214. File   
6215. Open
6216.    
6217. C:\Program Files\7-Zip\Lang\zh-cn.txt
6218.     328     13000
6219. File   
6220. Close
6221.    
6222. C:\Program Files\7-Zip\Lang\zh-cn.txt
6223.  MD5:  dbe72c4e03c7344b0c632f1c6998f4d1
6224.  SHA1: 9e0be61ad3ee18c25946b00efc0d71ed83a279af
6225.     328     13422
6226. File   
6227. Rename
6228.    
6229. Old Name:   C:\Program Files\7-Zip\Lang\zh-cn.txt
6230. New Name:   C:\Program Files\7-Zip\Lang\zh-cn.txt.vvv
6231.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
6232.  MD5:  dbe72c4e03c7344b0c632f1c6998f4d1
6233.  SHA1: 9e0be61ad3ee18c25946b00efc0d71ed83a279af
6234.     328     13422
6235. File   
6236. Open
6237.    
6238. C:\Program Files\7-Zip\Lang\zh-tw.txt
6239.     328     13087
6240. File   
6241. Close
6242.    
6243. C:\Program Files\7-Zip\Lang\zh-tw.txt
6244.  MD5:  ed8d5061fd728b88685f174486e9ac9f
6245.  SHA1: e1bbf0d6b13a69b9d8775df3a6a800b4241db4f3
6246.     328     13502
6247. File   
6248. Rename
6249.    
6250. Old Name:   C:\Program Files\7-Zip\Lang\zh-tw.txt
6251. New Name:   C:\Program Files\7-Zip\Lang\zh-tw.txt.vvv
6252.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
6253.  MD5:  ed8d5061fd728b88685f174486e9ac9f
6254.  SHA1: e1bbf0d6b13a69b9d8775df3a6a800b4241db4f3
6255.     328     13502
6256. File   
6257. Created
6258.    
6259. C:\Program Files\7-Zip\Lang\how_recover+sia.txt
6260.     328      
6261. File   
6262. Close
6263.    
6264. C:\Program Files\7-Zip\Lang\how_recover+sia.txt
6265.  MD5:  dfd795e9766d0000c6b098809bd6eb64
6266.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
6267.     328     2639
6268. File   
6269. Created
6270.    
6271. C:\Program Files\7-Zip\Lang\how_recover+sia.html
6272.     328      
6273. File   
6274. Close
6275.    
6276. C:\Program Files\7-Zip\Lang\how_recover+sia.html
6277.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
6278.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
6279.     328     9372
6280. File   
6281. Open
6282.    
6283. C:\Program Files\7-Zip\License.txt
6284.     328     1927
6285. File   
6286. Close
6287.    
6288. C:\Program Files\7-Zip\License.txt
6289.  MD5:  51906a38eee425125ec189f12e81ba5a
6290.  SHA1: c070ef300ed43d440f21d547e81e0c30285abba8
6291.     328     2350
6292. File   
6293. Rename
6294.    
6295. Old Name:   C:\Program Files\7-Zip\License.txt
6296. New Name:   C:\Program Files\7-Zip\License.txt.vvv
6297.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
6298.  MD5:  51906a38eee425125ec189f12e81ba5a
6299.  SHA1: c070ef300ed43d440f21d547e81e0c30285abba8
6300.     328     2350
6301. File   
6302. Open
6303.    
6304. C:\Program Files\7-Zip\readme.txt
6305.     328     1565
6306. File   
6307. Close
6308.    
6309. C:\Program Files\7-Zip\readme.txt
6310.  MD5:  b39d31a3e29a2e245be14696c20474ff
6311.  SHA1: 22477278bd1d23c4d16b6904d55f40b10e408716
6312.     328     1982
6313. File   
6314. Rename
6315.    
6316. Old Name:   C:\Program Files\7-Zip\readme.txt
6317. New Name:   C:\Program Files\7-Zip\readme.txt.vvv
6318.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
6319.  MD5:  b39d31a3e29a2e245be14696c20474ff
6320.  SHA1: 22477278bd1d23c4d16b6904d55f40b10e408716
6321.     328     1982
6322. File   
6323. Created
6324.    
6325. C:\Program Files\7-Zip\how_recover+sia.txt
6326.     328      
6327. File   
6328. Close
6329.    
6330. C:\Program Files\7-Zip\how_recover+sia.txt
6331.  MD5:  dfd795e9766d0000c6b098809bd6eb64
6332.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
6333.     328     2639
6334. File   
6335. Created
6336.    
6337. C:\Program Files\7-Zip\how_recover+sia.html
6338.     328      
6339. File   
6340. Close
6341.    
6342. C:\Program Files\7-Zip\how_recover+sia.html
6343.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
6344.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
6345.     328     9372
6346. File   
6347. Created
6348.    
6349. C:\Program Files\Common Files\DESIGNER\how_recover+sia.txt
6350.     328      
6351. File   
6352. Close
6353.    
6354. C:\Program Files\Common Files\DESIGNER\how_recover+sia.txt
6355.  MD5:  dfd795e9766d0000c6b098809bd6eb64
6356.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
6357.     328     2639
6358. File   
6359. Created
6360.    
6361. C:\Program Files\Common Files\DESIGNER\how_recover+sia.html
6362.     328      
6363. File   
6364. Close
6365.    
6366. C:\Program Files\Common Files\DESIGNER\how_recover+sia.html
6367.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
6368.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
6369.     328     9372
6370. File   
6371. Created
6372.    
6373. C:\Program Files\Common Files\Microsoft Shared\DW\how_recover+sia.txt
6374.     328      
6375. File   
6376. Close
6377.    
6378. C:\Program Files\Common Files\Microsoft Shared\DW\how_recover+sia.txt
6379.  MD5:  dfd795e9766d0000c6b098809bd6eb64
6380.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
6381.     328     2639
6382. File   
6383. Created
6384.    
6385. C:\Program Files\Common Files\Microsoft Shared\DW\how_recover+sia.html
6386.     328      
6387. File   
6388. Close
6389.    
6390. C:\Program Files\Common Files\Microsoft Shared\DW\how_recover+sia.html
6391.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
6392.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
6393.     328     9372
6394. File   
6395. Created
6396.    
6397. C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\how_recover+sia.txt
6398.     328      
6399. File   
6400. Close
6401.    
6402. C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\how_recover+sia.txt
6403.  MD5:  dfd795e9766d0000c6b098809bd6eb64
6404.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
6405.     328     2639
6406. File   
6407. Created
6408.    
6409. C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\how_recover+sia.html
6410.     328      
6411. File   
6412. Close
6413.    
6414. C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\how_recover+sia.html
6415.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
6416.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
6417.     328     9372
6418. File   
6419. Created
6420.    
6421. C:\Program Files\Common Files\Microsoft Shared\EQUATION\how_recover+sia.txt
6422.     328      
6423. File   
6424. Close
6425.    
6426. C:\Program Files\Common Files\Microsoft Shared\EQUATION\how_recover+sia.txt
6427.  MD5:  dfd795e9766d0000c6b098809bd6eb64
6428.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
6429.     328     2639
6430. File   
6431. Created
6432.    
6433. C:\Program Files\Common Files\Microsoft Shared\EQUATION\how_recover+sia.html
6434.     328      
6435. File   
6436. Close
6437.    
6438. C:\Program Files\Common Files\Microsoft Shared\EQUATION\how_recover+sia.html
6439.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
6440.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
6441.     328     9372
6442. File   
6443. Created
6444.    
6445. C:\Program Files\Common Files\Microsoft Shared\EURO\how_recover+sia.txt
6446.     328      
6447. File   
6448. Close
6449.    
6450. C:\Program Files\Common Files\Microsoft Shared\EURO\how_recover+sia.txt
6451.  MD5:  dfd795e9766d0000c6b098809bd6eb64
6452.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
6453.     328     2639
6454. File   
6455. Created
6456.    
6457. C:\Program Files\Common Files\Microsoft Shared\EURO\how_recover+sia.html
6458.     328      
6459. File   
6460. Close
6461.    
6462. C:\Program Files\Common Files\Microsoft Shared\EURO\how_recover+sia.html
6463.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
6464.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
6465.     328     9372
6466. File   
6467. Created
6468.    
6469. C:\Program Files\Common Files\Microsoft Shared\Filters\how_recover+sia.txt
6470.     328      
6471. File   
6472. Close
6473.    
6474. C:\Program Files\Common Files\Microsoft Shared\Filters\how_recover+sia.txt
6475.  MD5:  dfd795e9766d0000c6b098809bd6eb64
6476.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
6477.     328     2639
6478. File   
6479. Created
6480.    
6481. C:\Program Files\Common Files\Microsoft Shared\Filters\how_recover+sia.html
6482.     328      
6483. File   
6484. Close
6485.    
6486. C:\Program Files\Common Files\Microsoft Shared\Filters\how_recover+sia.html
6487.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
6488.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
6489.     328     9372
6490. File   
6491. Open
6492.    
6493. C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS
6494.     328     15067
6495. File   
6496. Close
6497.    
6498. C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS
6499.  MD5:  d3007c3e7b0e5b30dfc1295e449f440f
6500.  SHA1: a1022e7b674ab0d235791f4910f4c368b673288e
6501.     328     15486
6502. File   
6503. Rename
6504.    
6505. Old Name:   C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS
6506. New Name:   C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.vvv
6507.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
6508.  MD5:  d3007c3e7b0e5b30dfc1295e449f440f
6509.  SHA1: a1022e7b674ab0d235791f4910f4c368b673288e
6510.     328     15486
6511. File   
6512. Open
6513.    
6514. C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG
6515.     328     1061
6516. File   
6517. Close
6518.    
6519. C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG
6520.  MD5:  fb07fd36bd0824911a539ecc66364d04
6521.  SHA1: 90f55ec08f6b654ce022e46c9c01ed85797f43a4
6522.     328     1486
6523. File   
6524. Rename
6525.    
6526. Old Name:   C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG
6527. New Name:   C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.vvv
6528.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
6529.  MD5:  fb07fd36bd0824911a539ecc66364d04
6530.  SHA1: 90f55ec08f6b654ce022e46c9c01ed85797f43a4
6531.     328     1486
6532. File   
6533. Open
6534.    
6535. C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG
6536.     328     1682
6537. File   
6538. Close
6539.    
6540. C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG
6541.  MD5:  91c663e38812ffe892bc660c83e69597
6542.  SHA1: 26fa5da4c53031a1c61d6a3029a38b1f15f6e556
6543.     328     2110
6544. File   
6545. Rename
6546.    
6547. Old Name:   C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG
6548. New Name:   C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG.vvv
6549.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
6550.  MD5:  91c663e38812ffe892bc660c83e69597
6551.  SHA1: 26fa5da4c53031a1c61d6a3029a38b1f15f6e556
6552.     328     2110
6553. File   
6554. Created
6555.    
6556. C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\how_recover+sia.txt
6557.     328      
6558. File   
6559. Close
6560.    
6561. C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\how_recover+sia.txt
6562.  MD5:  dfd795e9766d0000c6b098809bd6eb64
6563.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
6564.     328     2639
6565. File   
6566. Created
6567.    
6568. C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\how_recover+sia.html
6569.     328      
6570. File   
6571. Close
6572.    
6573. C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\how_recover+sia.html
6574.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
6575.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
6576.     328     9372
6577. File   
6578. Created
6579.    
6580. C:\Program Files\Common Files\Microsoft Shared\Help\how_recover+sia.txt
6581.     328      
6582. File   
6583. Close
6584.    
6585. C:\Program Files\Common Files\Microsoft Shared\Help\how_recover+sia.txt
6586.  MD5:  dfd795e9766d0000c6b098809bd6eb64
6587.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
6588.     328     2639
6589. File   
6590. Created
6591.    
6592. C:\Program Files\Common Files\Microsoft Shared\Help\how_recover+sia.html
6593.     328      
6594. File   
6595. Close
6596.    
6597. C:\Program Files\Common Files\Microsoft Shared\Help\how_recover+sia.html
6598.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
6599.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
6600.     328     9372
6601. File   
6602. Created
6603.    
6604. C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\how_recover+sia.txt
6605.     328      
6606. File   
6607. Close
6608.    
6609. C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\how_recover+sia.txt
6610.  MD5:  dfd795e9766d0000c6b098809bd6eb64
6611.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
6612.     328     2639
6613. File   
6614. Created
6615.    
6616. C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\how_recover+sia.html
6617.     328      
6618. File   
6619. Close
6620.    
6621. C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\how_recover+sia.html
6622.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
6623.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
6624.     328     9372
6625. File   
6626. Created
6627.    
6628. C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\how_recover+sia.txt
6629.     328      
6630. File   
6631. Close
6632.    
6633. C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\how_recover+sia.txt
6634.  MD5:  dfd795e9766d0000c6b098809bd6eb64
6635.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
6636.     328     2639
6637. File   
6638. Created
6639.    
6640. C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\how_recover+sia.html
6641.     328      
6642. File   
6643. Close
6644.    
6645. C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\how_recover+sia.html
6646.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
6647.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
6648.     328     9372
6649. File   
6650. Created
6651.    
6652. C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\how_recover+sia.txt
6653.     328      
6654. File   
6655. Close
6656.    
6657. C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\how_recover+sia.txt
6658.  MD5:  dfd795e9766d0000c6b098809bd6eb64
6659.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
6660.     328     2639
6661. File   
6662. Created
6663.    
6664. C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\how_recover+sia.html
6665.     328      
6666. File   
6667. Close
6668.    
6669. C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\how_recover+sia.html
6670.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
6671.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
6672.     328     9372
6673. File   
6674. Created
6675.    
6676. C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\how_recover+sia.txt
6677.     328      
6678. File   
6679. Close
6680.    
6681. C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\how_recover+sia.txt
6682.  MD5:  dfd795e9766d0000c6b098809bd6eb64
6683.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
6684.     328     2639
6685. File   
6686. Created
6687.    
6688. C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\how_recover+sia.html
6689.     328      
6690. File   
6691. Close
6692.    
6693. C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\how_recover+sia.html
6694.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
6695.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
6696.     328     9372
6697. File   
6698. Created
6699.    
6700. C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\how_recover+sia.txt
6701.     328      
6702. File   
6703. Close
6704.    
6705. C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\how_recover+sia.txt
6706.  MD5:  dfd795e9766d0000c6b098809bd6eb64
6707.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
6708.     328     2639
6709. File   
6710. Created
6711.    
6712. C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\how_recover+sia.html
6713.     328      
6714. File   
6715. Close
6716.    
6717. C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\how_recover+sia.html
6718.  MD5:  cc8771cf3419bf0f5d9086c5e24dbba0
6719.  SHA1: 597094f82fc2949d527748bf1385e60405437d1d
6720.     328     9372
6721. File   
6722. Created
6723.    
6724. C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\how_recover+sia.txt
6725.     328      
6726. File   
6727. Close
6728.    
6729. C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\how_recover+sia.txt
6730.  MD5:  dfd795e9766d0000c6b098809bd6eb64
6731.  SHA1: 27a30f8981fe9229c0b20a1b4e2818fe5516673e
6732.     328     2639
6733. 1014 Repeated items skipped
6734. API Call   
6735.    
6736.  API Name:  Sleep   Address:  0x0041f00b
6737.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
6738.     328      
6739. File   
6740. Rename
6741.    
6742. Old Name:   C:\Program Files\Java\jre1.7.0_0\lib\jvm.hprof.txt
6743. New Name:   C:\Program Files\Java\jre1.7.0_0\lib\jvm.hprof.txt.vvv
6744.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
6745.     328     4654
6746. API Call   
6747.    
6748.  API Name:  Sleep   Address:  0x0041f00b
6749.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  kernel32.dll
6750.     328      
6751. Malicious  Alert   
6752. High Repeated Sleep Calls
6753.    
6754. Message:   High repeated sleep calls    Detail:   High repeated number of sleep calls  
6755.              
6756. 591 Repeated items skipped
6757. API Call   
6758.    
6759.  API Name:  ShellExecuteW   Address:  0x0041f74d
6760.  Params:  [0x0, open, C:\Users\Administrator\Desktop\Howto_RESTORE_FILES
6761.   .txt, NULL, NULL, 1]
6762.  Imagepath:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe   DLL Name:  Shell32.dll
6763.     328      
6764. Process
6765. Opened
6766.    
6767.  
6768. Target:   N\AB    Source:   C:\Users\Administrator\AppData\Roaming\icwyx-a.exe  
6769.    
6770. 2232
6771. 328
6772.          
6773. Process
6774. Started
6775.    
6776. C:\Windows\SysWOW64\notepad.exe
6777.  Parentname:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
6778.  Command Line:  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Administrator\Desktop\Howto_RESTORE_FILES.txt
6779. MD5:  d378bffb70923139d6a4f546864aa61c
6780.     2232    328  
6781. Malicious  Alert   
6782. Decoy  Activity
6783.    
6784. Message:   Decoy Application Started    Detail:   Decoy Application Started  
6785.              
6786. Malicious  Alert   
6787. Misc  Anom
6788.    
6789. Message:   Suspicious Decoy Activity    Detail:   Suspicious Decoy Activity  
6790.              
6791. 52 Repeated items skipped
6792. Process
6793. Terminated
6794.    
6795. C:\Windows\System32\vssadmin.exe
6796.  Parentname:  C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
6797.  Command Line:  N/A
6798.     2340    328  
6799. Process
6800. Terminated
6801.    
6802. C:\Users\Administrator\AppData\Roaming\icwyx-a.exe
6803.  Parentname:  C:\Users\Administrator\AppData\Local\Temp\73.exe
6804.  Command Line:  N/A
6805.     328 2252     
6806. Malicious  Alert   
6807. Suspicious  Persistance  Activity
6808.    
6809. Message:   New file in AppData added to Run regkey    Detail:   Process drops a file in AppData then adds to Run regkey  
6810.              
6811. Malicious  Alert   
6812. Misc  Anom
6813.    
6814. Message:   Suspicious Persistence Activity    Detail:   Suspicious Persistence Activity  
6815.              
6816. Malicious  Alert   
6817. Generic  Anomalous  Activity
6818.    
6819. Message:   Process Opening explorer    Detail:   Process Opening Explorer  
6820.              
6821. Malicious  Alert   
6822. Misc  Anom
6823.    
6824. Message:   Process Open with Root process deleted    Detail:   Process deleting itself  
6825.              
6826. Malicious  Alert   
6827. Suspicious  Persistance  Activity
6828.    
6829. Message:   Startup services added for file    Detail:   Process adding itself (non-DLL) to windows startup areas for file  
6830.              
6831. OS Change Detail   (version: 1.1290)     | Items: 961  | OS Info: Microsoft WindowsXP 32-bit 5.1 sp3 15.0826   Top
6832. Type    Mode/Class  Details (Path/Message/Protocol/Hostname/Qtype/ListenPort etc.)  Process ID  Parent ID   File Size
6833. Analysis   
6834. Malware
6835.    
6836.              
6837. Application
6838.    
6839.              
6840. 3 Repeated items skipped
6841. Config  Update 
6842.    
6843.              
6844. Uac
6845. Service
6846.    
6847. Telephony
6848.              
6849. Uac
6850. Service
6851.    
6852. Remote Access Connection Manager
6853.              
6854. Process
6855. Started
6856.    
6857. C:\Documents and Settings\admin\Local Settings\Temp\73.exe
6858.  Parentname:  C:\WINDOWS\explorer.exe
6859.  Command Line:  "C:\DOCUME~1\admin\LOCALS~1\Temp\73.exe"
6860.  MD5:  446071be407efeb4e0d7c83bb504774a
6861.  SHA1: ef06d2b504ce08b2d6570ca4b4f923a1ad428f7a
6862.     1240    2684    400384
6863. File   
6864. Failed
6865.    
6866. C:\DOCUME~1\admin\LOCALS~1\Temp\LPK.DLL
6867.     1240         
6868. File   
6869. Failed
6870.    
6871. C:\DOCUME~1\admin\LOCALS~1\Temp\USP10.dll
6872.     1240         
6873. Regkey 
6874. Queryvalue
6875.    
6876. \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\"ComputerName"
6877.     1240         
6878. File   
6879. Failed
6880.    
6881. C:\DOCUME~1\admin\LOCALS~1\Temp\a.Config
6882.     1240         
6883. API Call   
6884.    
6885.   API Name:  GetSystemDirectoryA   Address:  0x77121df1
6886.   Params:  [0x771a1290, 260]
6887.   Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  kernel32.dll
6888.     1240         
6889. Process
6890. Duplicate  Opened
6891.    
6892.  
6893. Target:   C:\Documents and Settings\admin\Local Settings\Temp\73.exe    Source:   C:\Documents and Settings\admin\Local Settings\Temp\73.exe  
6894.    
6895. 1240
6896. 1240
6897. 1240
6898. 1240
6899.          
6900. API Call   
6901.    
6902.   API Name:  GetSystemTime   Address:  0x63004857
6903.   Params:  [0x128c3c]
6904.   Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  kernel32.dll
6905.     1240         
6906. API Call   
6907.    
6908.   API Name:  SystemTimeToFileTime   Address:  0x63004862
6909.   Params:  [0x128c3c, 0x630b19f8]
6910.   Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  kernel32.dll
6911.     1240         
6912. Regkey 
6913. Added
6914.    
6915. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersio
6916.    n\Internet Settings
6917.     1240         
6918. Regkey 
6919. Added
6920.    
6921. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
6922.    n\Explorer\User Shell Folders
6923.     1240         
6924. Regkey 
6925. Added
6926.    
6927. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
6928.    n\Explorer\Shell Folders
6929.     1240         
6930. Regkey 
6931. Setval
6932.    
6933. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
6934.    n\Explorer\Shell Folders\"AppData" = C:\Documents and Settings\admin\Application Data
6935.     1240         
6936. API Call   
6937.    
6938.  API Name:  Sleep   Address:  0x0042232d
6939.  Params:  [15]
6940.  Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  kernel32.dll
6941.     1240         
6942. API Call   
6943.    
6944.  API Name:  Sleep   Address:  0x0042232d
6945.  Params:  [15]
6946.  Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  kernel32.dll
6947.     1240         
6948. 8 Repeated items skipped
6949. File   
6950. Failed
6951.    
6952. C:\DOCUME~1\admin\LOCALS~1\Temp\CLBCATQ.DLL
6953.     1240         
6954. File   
6955. Failed
6956.    
6957. C:\DOCUME~1\admin\LOCALS~1\Temp\COMRes.dll
6958.     1240         
6959. API Call   
6960.    
6961.  API Name:  GetSystemDirectoryW   Address:  0x76fd7ee4
6962.  Params:  [0x77043650, 261]
6963.  Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  kernel32.dll
6964.     1240         
6965. Mutex  
6966.    
6967. \BaseNamedObjects\AMResourceMutex2
6968.     1240         
6969. Mutex  
6970.    
6971. \BaseNamedObjects\VideoRenderer
6972.     1240         
6973. API Call   
6974.    
6975.  API Name:  GetSystemDirectoryA   Address:  0x74723c7f
6976.  Params:  [0xfcf568, 261]
6977.  Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  kernel32.dll
6978.     1240         
6979. API Call   
6980.    
6981.  API Name:  GetSystemDirectoryA   Address:  0x74723c7f
6982.  Params:  [0xfcf570, 261]
6983.  Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  kernel32.dll
6984.     1240         
6985. Mutex  
6986.    
6987. \BaseNamedObjects\CTF.LBES.MutexDefaultS-1-5-21-1409082233-688789844-725345543-1003
6988.     1240         
6989. Mutex  
6990.    
6991. \BaseNamedObjects\CTF.Compart.MutexDefaultS-1-5-21-1409082233-688789844-725345543-1003
6992.     1240         
6993. Mutex  
6994.    
6995. \BaseNamedObjects\CTF.Asm.MutexDefaultS-1-5-21-1409082233-688789844-725345543-1003
6996.     1240         
6997. Mutex  
6998.    
6999. \BaseNamedObjects\CTF.Layouts.MutexDefaultS-1-5-21-1409082233-688789844-725345543-1003
7000.     1240         
7001. Mutex  
7002.    
7003. \BaseNamedObjects\CTF.TMD.MutexDefaultS-1-5-21-1409082233-688789844-725345543-1003
7004.     1240         
7005. API Call   
7006.    
7007.  API Name:  GetSystemDirectoryA   Address:  0x74723c7f
7008.  Params:  [0xfcf4bc, 261]
7009.  Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  kernel32.dll
7010.     1240         
7011. Mutex  
7012.    
7013. \BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-1409082233-688789844-725345543-1003MUTEX.Defau
7014.   ltS-1-5-21-1409082233-688789844-725345543-1003
7015.     1240         
7016. API Call   
7017.    
7018.  API Name:  SetWindowsHookExA   Address:  0x7473097c
7019.  Params:  [2, 0x747307c3, 0x74720000, 736]
7020.  Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  user32.dll
7021.     1240         
7022. API Call   
7023.    
7024.  API Name:  SetWindowsHookExA   Address:  0x7473099a
7025.  Params:  [7, 0x747304cd, 0x74720000, 736]
7026.  Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  user32.dll
7027.     1240         
7028. API Call   
7029.    
7030.  API Name:  GetSystemDirectoryW   Address:  0x763982be
7031.  Params:  [0xfcef98, 260]
7032.  Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  kernel32.dll
7033.     1240         
7034. API Call   
7035.    
7036.  API Name:  GetSystemDirectoryW   Address:  0x763982be
7037.  Params:  [0xfcf548, 260]
7038.  Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  kernel32.dll
7039.     1240         
7040. API Call   
7041.    
7042.  API Name:  GetSystemDirectoryA   Address:  0x755dd289
7043.  Params:  [0xfceb8c, 261]
7044.  Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  kernel32.dll
7045.     1240         
7046. API Call   
7047.    
7048.  API Name:  GetSystemDirectoryA   Address:  0x755dd289
7049.  Params:  [0xfcf630, 261]
7050.  Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  kernel32.dll
7051.     1240         
7052. API Call   
7053.    
7054.  API Name:  GetSystemDirectoryW   Address:  0x763982be
7055.  Params:  [0xfcf1b8, 260]
7056.  Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  kernel32.dll
7057.     1240         
7058. File   
7059. Failed
7060.    
7061. C:\DOCUME~1\admin\LOCALS~1\Temp\MSVFW32.dll
7062.     1240         
7063. Regkey 
7064. Added
7065.    
7066. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
7067.   n\Explorer\Shell Folders
7068.     1240         
7069. Regkey 
7070. Setval
7071.    
7072. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
7073.   n\Explorer\Shell Folders\"CD Burning" = C:\Documents and Settings\admin\Local Settings\Applicatio
7074.    n Data\Microsoft\CD Burning
7075.     1240         
7076. Regkey 
7077. Added
7078.    
7079. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
7080.    n\Explorer\User Shell Folders
7081.     1240         
7082. Folder 
7083. Open
7084.    
7085. C:\Documents and Settings\admin\My Documents
7086.     1240         
7087. Regkey 
7088. Added
7089.    
7090. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
7091.    n\Explorer\Shell Folders
7092.     1240         
7093. Regkey 
7094. Setval
7095.    
7096. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
7097.    n\Explorer\Shell Folders\"Personal" = C:\Documents and Settings\admin\My Documents
7098.     1240         
7099. Regkey 
7100. Added
7101.    
7102. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
7103.   n\Explorer\User Shell Folders
7104.     1240         
7105. Regkey 
7106. Added
7107.    
7108. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
7109.   n\Explorer\Shell Folders
7110.     1240         
7111. Regkey 
7112. Setval
7113.    
7114. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
7115.   n\Explorer\Shell Folders\"Desktop" = C:\Documents and Settings\admin\Desktop
7116.     1240         
7117. Regkey 
7118. Added
7119.    
7120. \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
7121.     1240         
7122. Regkey 
7123. Added
7124.    
7125. \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
7126.     1240         
7127. Regkey 
7128. Setval
7129.    
7130. \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\"Common Desktop"
7131.   = C:\Documents and Settings\All Users\Desktop
7132.     1240         
7133. Regkey 
7134. Added
7135.    
7136. \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
7137.     1240         
7138. Regkey 
7139. Setval
7140.    
7141. \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\"Common AppData"
7142.    = C:\Documents and Settings\All Users\Application Data
7143.     1240         
7144. API Call   
7145.    
7146.   API Name:  NtAdjustPrivilegesToken   Address:  0x77ddf01a
7147.   Params:  [SeDebugPrivilege, Enabled]
7148.   Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  ntdll.dll
7149.     1240         
7150. API Call   
7151.    
7152.   API Name:  GetTokenInformation   Address:  0x0041e934
7153.   Params:  [0x1c4, 0x19]
7154.   Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  advapi32.dll
7155.     1240         
7156. API Call   
7157.    
7158.   API Name:  Sleep   Address:  0x0042232d
7159.   Params:  [15]
7160.   Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  kernel32.dll
7161.     1240         
7162. API Call   
7163.    
7164.   API Name:  Sleep   Address:  0x0042232d
7165.   Params:  [15]
7166.   Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  kernel32.dll
7167.     1240         
7168. 4 Repeated items skipped
7169. File   
7170. Failed
7171.    
7172. C:\Documents and Settings\admin\Application Data\73.exe
7173.     1240         
7174. File   
7175. Created
7176.    
7177. C:\Documents and Settings\admin\Application Data\ignmy-a.exe
7178.     1240         
7179. Malicious  Alert   
7180. Malicious  Directory
7181.    
7182. Message:   Executable file created in suspicious location    Detail:   Process creating executable file in suspicious location  
7183.              
7184. Malicious  Alert   
7185. Misc  Anom
7186.    
7187. Message:   Generic Trojan Behavior    Detail:   Generic Trojan Behavior  
7188.              
7189. File   
7190. Date  Change
7191.    
7192. C:\Documents and Settings\admin\Application Data\ignmy-a.exe
7193.     1240        400384
7194. File   
7195. Close
7196.    
7197. C:\Documents and Settings\admin\Application Data\ignmy-a.exe
7198.   MD5:  446071be407efeb4e0d7c83bb504774a
7199.   SHA1: ef06d2b504ce08b2d6570ca4b4f923a1ad428f7a
7200.     1240        400384
7201. File   
7202. Failed
7203.    
7204. C:\Documents
7205.     1240         
7206. File   
7207. Failed
7208.    
7209. C:\Documents.exe
7210.     1240         
7211. File   
7212. Failed
7213.    
7214. C:\Documents and
7215.     1240         
7216. File   
7217. Failed
7218.    
7219. C:\Documents and.exe
7220.     1240         
7221. File   
7222. Failed
7223.    
7224. C:\Documents and Settings\admin\Application
7225.     1240         
7226. File   
7227. Failed
7228.    
7229. C:\Documents and Settings\admin\Application.exe
7230.     1240         
7231. Process
7232. Started
7233.    
7234. C:\Documents and Settings\admin\Application Data\ignmy-a.exe
7235.   Parentname:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe
7236.   Command Line:  "C:\Documents and Settings\admin\Application Data\ignmy-a.exe"
7237.   MD5:  446071be407efeb4e0d7c83bb504774a
7238.   SHA1: ef06d2b504ce08b2d6570ca4b4f923a1ad428f7a
7239.     828 1240    400384
7240. Malicious  Alert   
7241. Process  Cloned
7242.    
7243. Message:   Process clones and starts itself    Detail:   Process clones and starts itself  
7244.              
7245. API Call   
7246.    
7247.   API Name:  ShellExecuteW   Address:  0x0041f88d
7248.   Params:  [0x0, NULL, C:\WINDOWS\system32\cmd.exe, /c DEL C:\DOCUME~1\admin\LOCALS~1\Temp\73.exe, NULL, 0]
7249.   Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  Shell32.dll
7250.     1240         
7251. Malicious  Alert   
7252. Generic  Anomalous  Activity
7253.    
7254. Message:   Hidden ShellExecute call made    Detail:   Hidden ShellExecute call made  
7255.              
7256. File   
7257. Failed
7258.    
7259. C:\DOCUME~1\admin\LOCALS~1\Temp\netapi32.dll
7260.     1240         
7261. File   
7262. Failed
7263.    
7264. C:\DOCUME~1\admin\LOCALS~1\Temp\SETUPAPI.dll
7265.     1240         
7266. File   
7267. Failed
7268.    
7269. C:\Documents and Settings\admin\Application Data\LPK.DLL
7270.     828      
7271. File   
7272. Failed
7273.    
7274. C:\Documents and Settings\admin\Application Data\USP10.dll
7275.     828      
7276. Regkey 
7277. Queryvalue
7278.    
7279. \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\"ComputerName"
7280.     1240         
7281. Regkey 
7282. Setval
7283.    
7284. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
7285.   n\Explorer\MountPoints2\{e319f02e-31a9-11e1-9a3f-806d6172696f}\"BaseClass" = Drive
7286.     1240         
7287. Regkey 
7288. Setval
7289.    
7290. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
7291.    n\Explorer\MountPoints2\{e319f02c-31a9-11e1-9a3f-806d6172696f}\"BaseClass" = Drive
7292.     1240         
7293. Regkey 
7294. Queryvalue
7295.    
7296. \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\"ComputerName"
7297.     828      
7298. Regkey 
7299. Added
7300.    
7301. \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
7302.     1240         
7303. Regkey 
7304. Setval
7305.    
7306. \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\"Common Documents
7307.    " = C:\Documents and Settings\All Users\Documents
7308.     1240         
7309. Mutex  
7310.    
7311. \BaseNamedObjects\ZonesCounterMutex
7312.     1240         
7313. Mutex  
7314.    
7315. \BaseNamedObjects\ZoneAttributeCacheCounterMutex
7316.     1240         
7317. Mutex  
7318.    
7319. \BaseNamedObjects\ZonesCacheCounterMutex
7320.     1240         
7321. Regkey 
7322. Setval
7323.    
7324. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
7325.   n\Internet Settings\ZoneMap\"ProxyBypass" = 0x00000001
7326.     1240         
7327. Regkey 
7328. Setval
7329.    
7330. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
7331.    n\Internet Settings\ZoneMap\"IntranetName" = 0x00000001
7332.     1240         
7333. Regkey 
7334. Setval
7335.    
7336. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
7337.   n\Internet Settings\ZoneMap\"UNCAsIntranet" = 0x00000001
7338.     1240         
7339. Regkey 
7340. Setval
7341.    
7342. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
7343.    n\Internet Settings\ZoneMap\"AutoDetect" = 0x00000001
7344.     1240         
7345. Mutex  
7346.    
7347. \BaseNamedObjects\ZoneAttributeCacheCounterMutex
7348.     1240         
7349. Mutex  
7350.    
7351. \BaseNamedObjects\ZonesLockedCacheCounterMutex
7352.     1240         
7353. Regkey 
7354. Setval
7355.    
7356. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
7357.   n\Internet Settings\ZoneMap\"ProxyBypass" = 0x00000001
7358.     1240         
7359. Regkey 
7360. Setval
7361.    
7362. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
7363.    n\Internet Settings\ZoneMap\"IntranetName" = 0x00000001
7364.     1240         
7365. Regkey 
7366. Setval
7367.    
7368. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
7369.   n\Internet Settings\ZoneMap\"UNCAsIntranet" = 0x00000001
7370.     1240         
7371. Regkey 
7372. Setval
7373.    
7374. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
7375.    n\Internet Settings\ZoneMap\"AutoDetect" = 0x00000001
7376.     1240         
7377. Regkey 
7378. Added
7379.    
7380. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
7381.   n\Explorer\Shell Folders
7382.     1240         
7383. Regkey 
7384. Setval
7385.    
7386. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
7387.   n\Explorer\Shell Folders\"Cache" = C:\Documents and Settings\admin\Local Settings\Temporary Inter
7388.    net Files
7389.     1240         
7390. Regkey 
7391. Added
7392.    
7393. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
7394.    n\Explorer\User Shell Folders
7395.     1240         
7396. Folder 
7397. Open
7398.    
7399. C:\Documents and Settings\admin\Cookies
7400.     1240         
7401. Regkey 
7402. Added
7403.    
7404. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
7405.    n\Explorer\Shell Folders
7406.     1240         
7407. Regkey 
7408. Setval
7409.    
7410. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
7411.    n\Explorer\Shell Folders\"Cookies" = C:\Documents and Settings\admin\Cookies
7412.     1240         
7413. File   
7414. Failed
7415.    
7416. C:\DOCUME~1\admin\LOCALS~1\Temp\a.Config
7417.     828      
7418. API Call   
7419.    
7420.  API Name:  GetSystemDirectoryA   Address:  0x77121df1
7421.  Params:  [0x771a1290, 260]
7422.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
7423.     828      
7424. Process
7425. Duplicate  Opened
7426.    
7427.  
7428. Target:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
7429.    
7430. 828
7431. 828
7432. 828
7433. 828
7434.          
7435. API Call   
7436.    
7437.  API Name:  GetSystemTime   Address:  0x63004857
7438.  Params:  [0x128c3c]
7439.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
7440.     828      
7441. API Call   
7442.    
7443.  API Name:  SystemTimeToFileTime   Address:  0x63004862
7444.  Params:  [0x128c3c, 0x630b19f8]
7445.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
7446.     828      
7447. Regkey 
7448. Added
7449.    
7450. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersio
7451.   n\Internet Settings
7452.     828      
7453. Regkey 
7454. Added
7455.    
7456. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
7457.   n\Explorer\User Shell Folders
7458.     828      
7459. Regkey 
7460. Added
7461.    
7462. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
7463.   n\Explorer\Shell Folders
7464.     828      
7465. Regkey 
7466. Setval
7467.    
7468. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
7469.   n\Explorer\Shell Folders\"AppData" = C:\Documents and Settings\admin\Application Data
7470.     828      
7471. API Call   
7472.    
7473.   API Name:  Sleep   Address:  0x0042232d
7474.   Params:  [15]
7475.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
7476.     828      
7477. API Call   
7478.    
7479.   API Name:  Sleep   Address:  0x0042232d
7480.   Params:  [15]
7481.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
7482.     828      
7483. Process
7484. Started
7485.    
7486. C:\WINDOWS\system32\cmd.exe
7487.   Parentname:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe
7488.   Command Line:  "C:\WINDOWS\system32\cmd.exe" /c DEL C:\DOCUME~1\admin\LOCALS~1\Temp\73.exe
7489.   MD5:  6d778e0f95447e6546553eeea709d03c
7490.   SHA1: 811a005cf787c6ccbe0d9f1c36c1d49a9cb71fd1
7491.     1268    1240    389120
7492. API Call   
7493.    
7494.   API Name:  GetSystemDirectoryW   Address:  0x755dd323
7495.   Params:  [0x12fab4, 261]
7496.   Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  kernel32.dll
7497.     1240         
7498. API Call   
7499.    
7500.   API Name:  GetSystemDirectoryW   Address:  0x755dd323
7501.   Params:  [0x12fab4, 261]
7502.   Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe   DLL Name:  kernel32.dll
7503.     1240         
7504. Mutex  
7505.    
7506. \BaseNamedObjects\VideoRenderer
7507.     1240         
7508. API Call   
7509.    
7510.   API Name:  Sleep   Address:  0x0042232d
7511.   Params:  [15]
7512.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
7513.     828      
7514. API Call   
7515.    
7516.   API Name:  Sleep   Address:  0x0042232d
7517.   Params:  [15]
7518.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
7519.     828      
7520. 3 Repeated items skipped
7521. Mutex  
7522.    
7523. \BaseNamedObjects\SHIMLIB_LOG_MUTEX
7524.     1268         
7525. API Call   
7526.    
7527.   API Name:  Sleep   Address:  0x0042232d
7528.   Params:  [15]
7529.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
7530.     828      
7531. Regkey 
7532. Added
7533.    
7534. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Multimedia\Audio
7535.     1268         
7536. Regkey 
7537. Added
7538.    
7539. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Multimedia\Audio Comp
7540.    ression Manager\
7541.     1268         
7542. API Call   
7543.    
7544.   API Name:  Sleep   Address:  0x0042232d
7545.   Params:  [15]
7546.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
7547.     828      
7548. Regkey 
7549. Added
7550.    
7551. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Multimedia\Audio Comp
7552.    ression Manager\MSACM
7553.     1268         
7554. Regkey 
7555. Added
7556.    
7557. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Multimedia\Audio Comp
7558.    ression Manager\
7559.     1268         
7560. Regkey 
7561. Added
7562.    
7563. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Multimedia\Audio Comp
7564.    ression Manager\Priority v4.00
7565.     1268         
7566. API Call   
7567.    
7568.   API Name:  Sleep   Address:  0x0042232d
7569.   Params:  [15]
7570.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
7571.     828      
7572. Process
7573. Terminated
7574.    
7575. C:\Documents and Settings\admin\Local Settings\Temp\73.exe
7576.   Parentname:  C:\WINDOWS\explorer.exe
7577.   Command Line:  N/A
7578.     1240    2684     
7579. File   
7580. Failed
7581.    
7582. C:\Documents and Settings\admin\Application Data\CLBCATQ.DLL
7583.     828      
7584. File   
7585. Failed
7586.    
7587. C:\Documents and Settings\admin\Application Data\COMRes.dll
7588.     828      
7589. API Call   
7590.    
7591.   API Name:  GetSystemDirectoryW   Address:  0x76fd7ee4
7592.   Params:  [0x77043650, 261]
7593.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
7594.     828      
7595. Mutex  
7596.    
7597. \BaseNamedObjects\AMResourceMutex2
7598.     828      
7599. Mutex  
7600.    
7601. \BaseNamedObjects\VideoRenderer
7602.     828      
7603. Regkey 
7604. Queryvalue
7605.    
7606. \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\"ComputerName"
7607.     1268         
7608. API Call   
7609.    
7610.  API Name:  GetSystemDirectoryA   Address:  0x74723c7f
7611.  Params:  [0xfcf568, 261]
7612.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
7613.     828      
7614. API Call   
7615.    
7616.  API Name:  GetSystemDirectoryA   Address:  0x74723c7f
7617.  Params:  [0xfcf570, 261]
7618.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
7619.     828      
7620. Mutex  
7621.    
7622. \BaseNamedObjects\CTF.LBES.MutexDefaultS-1-5-21-1409082233-688789844-725345543-1003
7623.     828      
7624. Mutex  
7625.    
7626. \BaseNamedObjects\CTF.Compart.MutexDefaultS-1-5-21-1409082233-688789844-725345543-1003
7627.     828      
7628. Mutex  
7629.    
7630. \BaseNamedObjects\CTF.Asm.MutexDefaultS-1-5-21-1409082233-688789844-725345543-1003
7631.     828      
7632. Mutex  
7633.    
7634. \BaseNamedObjects\CTF.Layouts.MutexDefaultS-1-5-21-1409082233-688789844-725345543-1003
7635.     828      
7636. Mutex  
7637.    
7638. \BaseNamedObjects\CTF.TMD.MutexDefaultS-1-5-21-1409082233-688789844-725345543-1003
7639.     828      
7640. API Call   
7641.    
7642.  API Name:  GetSystemDirectoryA   Address:  0x74723c7f
7643.  Params:  [0xfcf4bc, 261]
7644.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
7645.     828      
7646. Mutex  
7647.    
7648. \BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-1409082233-688789844-725345543-1003MUTEX.Defau
7649.   ltS-1-5-21-1409082233-688789844-725345543-1003
7650.     828      
7651. API Call   
7652.    
7653.  API Name:  SetWindowsHookExA   Address:  0x7473097c
7654.  Params:  [2, 0x747307c3, 0x74720000, 856]
7655.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  user32.dll
7656.     828      
7657. API Call   
7658.    
7659.  API Name:  SetWindowsHookExA   Address:  0x7473099a
7660.  Params:  [7, 0x747304cd, 0x74720000, 856]
7661.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  user32.dll
7662.     828      
7663. API Call   
7664.    
7665.  API Name:  GetSystemDirectoryW   Address:  0x763982be
7666.  Params:  [0xfcef98, 260]
7667.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
7668.     828      
7669. API Call   
7670.    
7671.  API Name:  GetSystemDirectoryW   Address:  0x763982be
7672.  Params:  [0xfcf548, 260]
7673.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
7674.     828      
7675. API Call   
7676.    
7677.  API Name:  GetSystemDirectoryA   Address:  0x755dd289
7678.  Params:  [0xfceb8c, 261]
7679.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
7680.     828      
7681. API Call   
7682.    
7683.  API Name:  GetSystemDirectoryA   Address:  0x755dd289
7684.  Params:  [0xfcf630, 261]
7685.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
7686.     828      
7687. API Call   
7688.    
7689.  API Name:  GetSystemDirectoryW   Address:  0x763982be
7690.  Params:  [0xfcf1b8, 260]
7691.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
7692.     828      
7693. File   
7694. Failed
7695.    
7696. C:\Documents and Settings\admin\Application Data\MSVFW32.dll
7697.     828      
7698. File   
7699. Delete
7700.    
7701. C:\Documents and Settings\admin\Local Settings\Temp\73.exe
7702.  MD5:  446071be407efeb4e0d7c83bb504774a
7703.  SHA1: ef06d2b504ce08b2d6570ca4b4f923a1ad428f7a
7704.     1268        400384
7705. Malicious  Alert   
7706. Self  Delete
7707.    
7708. Message:   Self deletion using batch file    Detail:   Process deleting itself using a batch file  
7709.              
7710. Malicious  Alert   
7711. Self  Delete
7712.    
7713. Message:   Root process deleted    Detail:   Process deleting itself  
7714.              
7715. Process
7716. Terminated
7717.    
7718. C:\WINDOWS\system32\cmd.exe
7719.  Parentname:  C:\DOCUME~1\admin\LOCALS~1\Temp\73.exe
7720.  Command Line:  N/A
7721.     1268    1240     
7722. Regkey 
7723. Added
7724.    
7725. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
7726.   n\Explorer\Shell Folders
7727.     828      
7728. Regkey 
7729. Setval
7730.    
7731. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
7732.   n\Explorer\Shell Folders\"CD Burning" = C:\Documents and Settings\admin\Local Settings\Applicatio
7733.    n Data\Microsoft\CD Burning
7734.     828      
7735. Regkey 
7736. Added
7737.    
7738. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
7739.    n\Explorer\User Shell Folders
7740.     828      
7741. Folder 
7742. Open
7743.    
7744. C:\Documents and Settings\admin\My Documents
7745.     828      
7746. Regkey 
7747. Added
7748.    
7749. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
7750.    n\Explorer\Shell Folders
7751.     828      
7752. Regkey 
7753. Setval
7754.    
7755. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
7756.    n\Explorer\Shell Folders\"Personal" = C:\Documents and Settings\admin\My Documents
7757.     828      
7758. Regkey 
7759. Added
7760.    
7761. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
7762.   n\Explorer\User Shell Folders
7763.     828      
7764. Regkey 
7765. Added
7766.    
7767. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
7768.   n\Explorer\Shell Folders
7769.     828      
7770. Regkey 
7771. Setval
7772.    
7773. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
7774.   n\Explorer\Shell Folders\"Desktop" = C:\Documents and Settings\admin\Desktop
7775.     828      
7776. Regkey 
7777. Added
7778.    
7779. \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
7780.     828      
7781. Regkey 
7782. Added
7783.    
7784. \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
7785.     828      
7786. Regkey 
7787. Setval
7788.    
7789. \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\"Common Desktop"
7790.   = C:\Documents and Settings\All Users\Desktop
7791.     828      
7792. Regkey 
7793. Added
7794.    
7795. \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
7796.     828      
7797. Regkey 
7798. Setval
7799.    
7800. \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\"Common AppData"
7801.    = C:\Documents and Settings\All Users\Application Data
7802.     828      
7803. API Call   
7804.    
7805.   API Name:  NtAdjustPrivilegesToken   Address:  0x77ddf01a
7806.   Params:  [SeDebugPrivilege, Enabled]
7807.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  ntdll.dll
7808.     828      
7809. API Call   
7810.    
7811.   API Name:  GetTokenInformation   Address:  0x0041e934
7812.   Params:  [0x1c4, 0x19]
7813.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  advapi32.dll
7814.     828      
7815. API Call   
7816.    
7817.   API Name:  Sleep   Address:  0x0042232d
7818.   Params:  [15]
7819.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
7820.     828      
7821. API Call   
7822.    
7823.   API Name:  Sleep   Address:  0x0042232d
7824.   Params:  [15]
7825.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
7826.     828      
7827. 4 Repeated items skipped
7828. Mutex  
7829.    
7830. \BaseNamedObjects\78456214324124
7831.     828      
7832. File   
7833. Failed
7834.    
7835. C:\Documents and Settings\admin\Application Data\bcdedit.exe
7836.     828      
7837. File   
7838. Failed
7839.    
7840. C:\DOCUME~1\admin\LOCALS~1\Temp\bcdedit.exe
7841.     828      
7842. File   
7843. Failed
7844.    
7845. C:\WINDOWS\system32\bcdedit.exe
7846.     828      
7847. File   
7848. Failed
7849.    
7850. C:\WINDOWS\system\bcdedit.exe
7851.     828      
7852. File   
7853. Failed
7854.    
7855. C:\WINDOWS\bcdedit.exe
7856.     828      
7857. File   
7858. Failed
7859.    
7860. C:\WINDOWS\system32\wbem\bcdedit.exe
7861.     828      
7862. File   
7863. Failed
7864.    
7865. C:\Program Files\QuickTime\QTSystem\bcdedit.exe
7866.     828      
7867. File   
7868. Failed
7869.    
7870. C:\WINDOWS\system32\WindowsPowerShell\v1.0\bcdedit.exe
7871.     828      
7872. File   
7873. Failed
7874.    
7875. C:\Program Files\Debugging Tools for Windows (x86)\bcdedit.exe
7876.     828      
7877. File   
7878. Failed
7879.    
7880. C:\Documents and Settings\admin\Application Data\BCDEDIT.EXE \SET.EXE
7881.     828      
7882. File   
7883. Failed
7884.    
7885. C:\DOCUME~1\admin\LOCALS~1\Temp\bcdedit.exe \set.exe
7886.     828      
7887. File   
7888. Failed
7889.    
7890. C:\WINDOWS\system32\BCDEDIT.EXE \SET.EXE
7891.     828      
7892. File   
7893. Failed
7894.    
7895. C:\WINDOWS\system\BCDEDIT.EXE \SET.EXE
7896.     828      
7897. File   
7898. Failed
7899.    
7900. C:\WINDOWS\BCDEDIT.EXE \SET.EXE
7901.     828      
7902. File   
7903. Failed
7904.    
7905. C:\WINDOWS\system32\wbem\BCDEDIT.EXE \SET.EXE
7906.     828      
7907. File   
7908. Failed
7909.    
7910. C:\Program Files\QuickTime\QTSystem\BCDEDIT.EXE \SET.EXE
7911.     828      
7912. File   
7913. Failed
7914.    
7915. C:\WINDOWS\system32\WindowsPowerShell\v1.0\BCDEDIT.EXE \SET.EXE
7916.     828      
7917. File   
7918. Failed
7919.    
7920. C:\Program Files\Debugging Tools for Windows (x86)\BCDEDIT.EXE \SET.EXE
7921.     828      
7922. File   
7923. Failed
7924.    
7925. C:\Documents and Settings\admin\Application Data\BCDEDIT.EXE \SET {CURRENT}.EXE
7926.     828      
7927. File   
7928. Failed
7929.    
7930. C:\DOCUME~1\admin\LOCALS~1\Temp\bcdedit.exe \set {current}.exe
7931.     828      
7932. File   
7933. Failed
7934.    
7935. C:\WINDOWS\system32\BCDEDIT.EXE \SET {CURRENT}.EXE
7936.     828      
7937. File   
7938. Failed
7939.    
7940. C:\WINDOWS\system\BCDEDIT.EXE \SET {CURRENT}.EXE
7941.     828      
7942. File   
7943. Failed
7944.    
7945. C:\WINDOWS\BCDEDIT.EXE \SET {CURRENT}.EXE
7946.     828      
7947. File   
7948. Failed
7949.    
7950. C:\WINDOWS\system32\wbem\BCDEDIT.EXE \SET {CURRENT}.EXE
7951.     828      
7952. File   
7953. Failed
7954.    
7955. C:\Program Files\QuickTime\QTSystem\BCDEDIT.EXE \SET {CURRENT}.EXE
7956.     828      
7957. File   
7958. Failed
7959.    
7960. C:\WINDOWS\system32\WindowsPowerShell\v1.0\BCDEDIT.EXE \SET {CURRENT}.EXE
7961.     828      
7962. File   
7963. Failed
7964.    
7965. C:\Program Files\Debugging Tools for Windows (x86)\BCDEDIT.EXE \SET {CURRENT}.EXE
7966.     828      
7967. File   
7968. Failed
7969.    
7970. C:\Documents and Settings\admin\Application Data\BCDEDIT.EXE \SET {CURRENT} BOOTEMS.EXE
7971.     828      
7972. File   
7973. Failed
7974.    
7975. C:\DOCUME~1\admin\LOCALS~1\Temp\bcdedit.exe \set {current} bootems.exe
7976.     828      
7977. File   
7978. Failed
7979.    
7980. C:\WINDOWS\system32\BCDEDIT.EXE \SET {CURRENT} BOOTEMS.EXE
7981.     828      
7982. File   
7983. Failed
7984.    
7985. C:\WINDOWS\system\BCDEDIT.EXE \SET {CURRENT} BOOTEMS.EXE
7986.     828      
7987. File   
7988. Failed
7989.    
7990. C:\WINDOWS\BCDEDIT.EXE \SET {CURRENT} BOOTEMS.EXE
7991.     828      
7992. File   
7993. Failed
7994.    
7995. C:\WINDOWS\system32\wbem\BCDEDIT.EXE \SET {CURRENT} BOOTEMS.EXE
7996.     828      
7997. File   
7998. Failed
7999.    
8000. C:\Program Files\QuickTime\QTSystem\BCDEDIT.EXE \SET {CURRENT} BOOTEMS.EXE
8001.     828      
8002. File   
8003. Failed
8004.    
8005. C:\WINDOWS\system32\WindowsPowerShell\v1.0\BCDEDIT.EXE \SET {CURRENT} BOOTEMS.EXE
8006.     828      
8007. File   
8008. Failed
8009.    
8010. C:\Program Files\Debugging Tools for Windows (x86)\BCDEDIT.EXE \SET {CURRENT} BOOTEMS.EXE
8011.     828      
8012. File   
8013. Failed
8014.    
8015. C:\Documents and Settings\admin\Application Data\BCDEDIT.EXE \SET {CURRENT} BOOTEMS OFF.EXE
8016.     828      
8017. File   
8018. Failed
8019.    
8020. C:\DOCUME~1\admin\LOCALS~1\Temp\bcdedit.exe \set {current} bootems off.exe
8021.     828      
8022. File   
8023. Failed
8024.    
8025. C:\WINDOWS\system32\BCDEDIT.EXE \SET {CURRENT} BOOTEMS OFF.EXE
8026.     828      
8027. File   
8028. Failed
8029.    
8030. C:\WINDOWS\system\BCDEDIT.EXE \SET {CURRENT} BOOTEMS OFF.EXE
8031.     828      
8032. File   
8033. Failed
8034.    
8035. C:\WINDOWS\BCDEDIT.EXE \SET {CURRENT} BOOTEMS OFF.EXE
8036.     828      
8037. File   
8038. Failed
8039.    
8040. C:\WINDOWS\system32\wbem\BCDEDIT.EXE \SET {CURRENT} BOOTEMS OFF.EXE
8041.     828      
8042. File   
8043. Failed
8044.    
8045. C:\Program Files\QuickTime\QTSystem\BCDEDIT.EXE \SET {CURRENT} BOOTEMS OFF.EXE
8046.     828      
8047. File   
8048. Failed
8049.    
8050. C:\WINDOWS\system32\WindowsPowerShell\v1.0\BCDEDIT.EXE \SET {CURRENT} BOOTEMS OFF.EXE
8051.     828      
8052. File   
8053. Failed
8054.    
8055. C:\Program Files\Debugging Tools for Windows (x86)\BCDEDIT.EXE \SET {CURRENT} BOOTEMS OFF.EXE
8056.     828      
8057. API Call   
8058.    
8059.   API Name:  ProcessCreate_Failure   Address:  0x7c81d627
8060.   Params:  [NULL, bcdedit.exe /set {current} bootems off, 32, NULL]
8061.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  dummy.dll
8062.     828      
8063. API Call   
8064.    
8065.   API Name:  Sleep   Address:  0x0041df48
8066.   Params:  [1000]
8067.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
8068.     828      
8069. File   
8070. Failed
8071.    
8072. C:\Documents and Settings\admin\Application Data\BCDEDIT.EXE \SET {CURRENT} ADVANCEDOPTIONS.EXE
8073.     828      
8074. File   
8075. Failed
8076.    
8077. C:\DOCUME~1\admin\LOCALS~1\Temp\bcdedit.exe \set {current} advancedoptions.exe
8078.     828      
8079. File   
8080. Failed
8081.    
8082. C:\WINDOWS\system32\BCDEDIT.EXE \SET {CURRENT} ADVANCEDOPTIONS.EXE
8083.     828      
8084. File   
8085. Failed
8086.    
8087. C:\WINDOWS\system\BCDEDIT.EXE \SET {CURRENT} ADVANCEDOPTIONS.EXE
8088.     828      
8089. File   
8090. Failed
8091.    
8092. C:\WINDOWS\BCDEDIT.EXE \SET {CURRENT} ADVANCEDOPTIONS.EXE
8093.     828      
8094. File   
8095. Failed
8096.    
8097. C:\WINDOWS\system32\wbem\BCDEDIT.EXE \SET {CURRENT} ADVANCEDOPTIONS.EXE
8098.     828      
8099. File   
8100. Failed
8101.    
8102. C:\Program Files\QuickTime\QTSystem\BCDEDIT.EXE \SET {CURRENT} ADVANCEDOPTIONS.EXE
8103.     828      
8104. File   
8105. Failed
8106.    
8107. C:\WINDOWS\system32\WindowsPowerShell\v1.0\BCDEDIT.EXE \SET {CURRENT} ADVANCEDOPTIONS.EXE
8108.     828      
8109. File   
8110. Failed
8111.    
8112. C:\Program Files\Debugging Tools for Windows (x86)\BCDEDIT.EXE \SET {CURRENT} ADVANCEDOPTIONS.EXE
8113.     828      
8114. File   
8115. Failed
8116.    
8117. C:\Documents and Settings\admin\Application Data\BCDEDIT.EXE \SET {CURRENT} ADVANCEDOPTIONS OFF.EXE
8118.     828      
8119. File   
8120. Failed
8121.    
8122. C:\DOCUME~1\admin\LOCALS~1\Temp\bcdedit.exe \set {current} advancedoptions off.exe
8123.     828      
8124. File   
8125. Failed
8126.    
8127. C:\WINDOWS\system32\BCDEDIT.EXE \SET {CURRENT} ADVANCEDOPTIONS OFF.EXE
8128.     828      
8129. File   
8130. Failed
8131.    
8132. C:\WINDOWS\system\BCDEDIT.EXE \SET {CURRENT} ADVANCEDOPTIONS OFF.EXE
8133.     828      
8134. File   
8135. Failed
8136.    
8137. C:\WINDOWS\BCDEDIT.EXE \SET {CURRENT} ADVANCEDOPTIONS OFF.EXE
8138.     828      
8139. File   
8140. Failed
8141.    
8142. C:\WINDOWS\system32\wbem\BCDEDIT.EXE \SET {CURRENT} ADVANCEDOPTIONS OFF.EXE
8143.     828      
8144. File   
8145. Failed
8146.    
8147. C:\Program Files\QuickTime\QTSystem\BCDEDIT.EXE \SET {CURRENT} ADVANCEDOPTIONS OFF.EXE
8148.     828      
8149. File   
8150. Failed
8151.    
8152. C:\WINDOWS\system32\WindowsPowerShell\v1.0\BCDEDIT.EXE \SET {CURRENT} ADVANCEDOPTIONS OFF.EXE
8153.     828      
8154. File   
8155. Failed
8156.    
8157. C:\Program Files\Debugging Tools for Windows (x86)\BCDEDIT.EXE \SET {CURRENT} ADVANCEDOPTIONS OFF.EX
8158.    E
8159.     828      
8160. API Call   
8161.    
8162.   API Name:  ProcessCreate_Failure   Address:  0x7c81d627
8163.   Params:  [NULL, bcdedit.exe /set {current} advancedoptions off, 32, NULL]
8164.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  dummy.dll
8165.     828      
8166. API Call   
8167.    
8168.   API Name:  Sleep   Address:  0x0041df48
8169.   Params:  [1000]
8170.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
8171.     828      
8172. File   
8173. Failed
8174.    
8175. C:\Documents and Settings\admin\Application Data\BCDEDIT.EXE \SET {CURRENT} OPTIONSEDIT.EXE
8176.     828      
8177. File   
8178. Failed
8179.    
8180. C:\DOCUME~1\admin\LOCALS~1\Temp\bcdedit.exe \set {current} optionsedit.exe
8181.     828      
8182. File   
8183. Failed
8184.    
8185. C:\WINDOWS\system32\BCDEDIT.EXE \SET {CURRENT} OPTIONSEDIT.EXE
8186.     828      
8187. File   
8188. Failed
8189.    
8190. C:\WINDOWS\system\BCDEDIT.EXE \SET {CURRENT} OPTIONSEDIT.EXE
8191.     828      
8192. File   
8193. Failed
8194.    
8195. C:\WINDOWS\BCDEDIT.EXE \SET {CURRENT} OPTIONSEDIT.EXE
8196.     828      
8197. File   
8198. Failed
8199.    
8200. C:\WINDOWS\system32\wbem\BCDEDIT.EXE \SET {CURRENT} OPTIONSEDIT.EXE
8201.     828      
8202. File   
8203. Failed
8204.    
8205. C:\Program Files\QuickTime\QTSystem\BCDEDIT.EXE \SET {CURRENT} OPTIONSEDIT.EXE
8206.     828      
8207. File   
8208. Failed
8209.    
8210. C:\WINDOWS\system32\WindowsPowerShell\v1.0\BCDEDIT.EXE \SET {CURRENT} OPTIONSEDIT.EXE
8211.     828      
8212. File   
8213. Failed
8214.    
8215. C:\Program Files\Debugging Tools for Windows (x86)\BCDEDIT.EXE \SET {CURRENT} OPTIONSEDIT.EXE
8216.     828      
8217. File   
8218. Failed
8219.    
8220. C:\Documents and Settings\admin\Application Data\BCDEDIT.EXE \SET {CURRENT} OPTIONSEDIT OFF.EXE
8221.     828      
8222. File   
8223. Failed
8224.    
8225. C:\DOCUME~1\admin\LOCALS~1\Temp\bcdedit.exe \set {current} optionsedit off.exe
8226.     828      
8227. File   
8228. Failed
8229.    
8230. C:\WINDOWS\system32\BCDEDIT.EXE \SET {CURRENT} OPTIONSEDIT OFF.EXE
8231.     828      
8232. File   
8233. Failed
8234.    
8235. C:\WINDOWS\system\BCDEDIT.EXE \SET {CURRENT} OPTIONSEDIT OFF.EXE
8236.     828      
8237. File   
8238. Failed
8239.    
8240. C:\WINDOWS\BCDEDIT.EXE \SET {CURRENT} OPTIONSEDIT OFF.EXE
8241.     828      
8242. File   
8243. Failed
8244.    
8245. C:\WINDOWS\system32\wbem\BCDEDIT.EXE \SET {CURRENT} OPTIONSEDIT OFF.EXE
8246.     828      
8247. File   
8248. Failed
8249.    
8250. C:\Program Files\QuickTime\QTSystem\BCDEDIT.EXE \SET {CURRENT} OPTIONSEDIT OFF.EXE
8251.     828      
8252. File   
8253. Failed
8254.    
8255. C:\WINDOWS\system32\WindowsPowerShell\v1.0\BCDEDIT.EXE \SET {CURRENT} OPTIONSEDIT OFF.EXE
8256.     828      
8257. File   
8258. Failed
8259.    
8260. C:\Program Files\Debugging Tools for Windows (x86)\BCDEDIT.EXE \SET {CURRENT} OPTIONSEDIT OFF.EXE
8261.     828      
8262. API Call   
8263.    
8264.   API Name:  ProcessCreate_Failure   Address:  0x7c81d627
8265.   Params:  [NULL, bcdedit.exe /set {current} optionsedit off, 32, NULL]
8266.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  dummy.dll
8267.     828      
8268. API Call   
8269.    
8270.   API Name:  Sleep   Address:  0x0041df48
8271.   Params:  [1000]
8272.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
8273.     828      
8274. API Call   
8275.    
8276.   API Name:  ProcessCreate_Failure   Address:  0x7c81d627
8277.   Params:  [NULL, bcdedit.exe /set {current} bootstatuspolicy Ignore
8278.    AllFailures, 32, NULL]
8279.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  dummy.dll
8280.     828      
8281. File   
8282. Failed
8283.    
8284. C:\Documents and Settings\admin\Application Data\BCDEDIT.EXE \SET {CURRENT} BOOTSTATUSPOLICY.EXE
8285.     828      
8286. File   
8287. Failed
8288.    
8289. C:\DOCUME~1\admin\LOCALS~1\Temp\bcdedit.exe \set {current} bootstatuspolicy.exe
8290.     828      
8291. File   
8292. Failed
8293.    
8294. C:\WINDOWS\system32\BCDEDIT.EXE \SET {CURRENT} BOOTSTATUSPOLICY.EXE
8295.     828      
8296. File   
8297. Failed
8298.    
8299. C:\WINDOWS\system\BCDEDIT.EXE \SET {CURRENT} BOOTSTATUSPOLICY.EXE
8300.     828      
8301. File   
8302. Failed
8303.    
8304. C:\WINDOWS\BCDEDIT.EXE \SET {CURRENT} BOOTSTATUSPOLICY.EXE
8305.     828      
8306. File   
8307. Failed
8308.    
8309. C:\WINDOWS\system32\wbem\BCDEDIT.EXE \SET {CURRENT} BOOTSTATUSPOLICY.EXE
8310.     828      
8311. API Call   
8312.    
8313.   API Name:  Sleep   Address:  0x0041df48
8314.   Params:  [1000]
8315.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
8316.     828      
8317. File   
8318. Failed
8319.    
8320. C:\Program Files\QuickTime\QTSystem\BCDEDIT.EXE \SET {CURRENT} BOOTSTATUSPOLICY.EXE
8321.     828      
8322. File   
8323. Failed
8324.    
8325. C:\WINDOWS\system32\WindowsPowerShell\v1.0\BCDEDIT.EXE \SET {CURRENT} BOOTSTATUSPOLICY.EXE
8326.     828      
8327. File   
8328. Failed
8329.    
8330. C:\Program Files\Debugging Tools for Windows (x86)\BCDEDIT.EXE \SET {CURRENT} BOOTSTATUSPOLICY.EXE
8331.     828      
8332. File   
8333. Failed
8334.    
8335. C:\Documents and Settings\admin\Application Data\BCDEDIT.EXE \SET {CURRENT} BOOTSTATUSPOLICY IGNOREA
8336.    LLFAILURES.EXE
8337.     828      
8338. File   
8339. Failed
8340.    
8341. C:\DOCUME~1\admin\LOCALS~1\Temp\bcdedit.exe \set {current} bootstatuspolicy IgnoreAllFailures.exe
8342.     828      
8343. File   
8344. Failed
8345.    
8346. C:\WINDOWS\system32\BCDEDIT.EXE \SET {CURRENT} BOOTSTATUSPOLICY IGNOREALLFAILURES.EXE
8347.     828      
8348. File   
8349. Failed
8350.    
8351. C:\WINDOWS\system\BCDEDIT.EXE \SET {CURRENT} BOOTSTATUSPOLICY IGNOREALLFAILURES.EXE
8352.     828      
8353. File   
8354. Failed
8355.    
8356. C:\WINDOWS\BCDEDIT.EXE \SET {CURRENT} BOOTSTATUSPOLICY IGNOREALLFAILURES.EXE
8357.     828      
8358. File   
8359. Failed
8360.    
8361. C:\WINDOWS\system32\wbem\BCDEDIT.EXE \SET {CURRENT} BOOTSTATUSPOLICY IGNOREALLFAILURES.EXE
8362.     828      
8363. File   
8364. Failed
8365.    
8366. C:\Program Files\QuickTime\QTSystem\BCDEDIT.EXE \SET {CURRENT} BOOTSTATUSPOLICY IGNOREALLFAILURES.EX
8367.    E
8368.     828      
8369. File   
8370. Failed
8371.    
8372. C:\WINDOWS\system32\WindowsPowerShell\v1.0\BCDEDIT.EXE \SET {CURRENT} BOOTSTATUSPOLICY IGNOREALLFAIL
8373.    URES.EXE
8374.     828      
8375. File   
8376. Failed
8377.    
8378. C:\Program Files\Debugging Tools for Windows (x86)\BCDEDIT.EXE \SET {CURRENT} BOOTSTATUSPOLICY IGNOR
8379.    EALLFAILURES.EXE
8380.     828      
8381. File   
8382. Failed
8383.    
8384. C:\Documents and Settings\admin\Application Data\BCDEDIT.EXE \SET {CURRENT} RECOVERYENABLED.EXE
8385.     828      
8386. File   
8387. Failed
8388.    
8389. C:\DOCUME~1\admin\LOCALS~1\Temp\bcdedit.exe \set {current} recoveryenabled.exe
8390.     828      
8391. File   
8392. Failed
8393.    
8394. C:\WINDOWS\system32\BCDEDIT.EXE \SET {CURRENT} RECOVERYENABLED.EXE
8395.     828      
8396. File   
8397. Failed
8398.    
8399. C:\WINDOWS\system\BCDEDIT.EXE \SET {CURRENT} RECOVERYENABLED.EXE
8400.     828      
8401. File   
8402. Failed
8403.    
8404. C:\WINDOWS\BCDEDIT.EXE \SET {CURRENT} RECOVERYENABLED.EXE
8405.     828      
8406. File   
8407. Failed
8408.    
8409. C:\WINDOWS\system32\wbem\BCDEDIT.EXE \SET {CURRENT} RECOVERYENABLED.EXE
8410.     828      
8411. File   
8412. Failed
8413.    
8414. C:\Program Files\QuickTime\QTSystem\BCDEDIT.EXE \SET {CURRENT} RECOVERYENABLED.EXE
8415.     828      
8416. File   
8417. Failed
8418.    
8419. C:\WINDOWS\system32\WindowsPowerShell\v1.0\BCDEDIT.EXE \SET {CURRENT} RECOVERYENABLED.EXE
8420.     828      
8421. File   
8422. Failed
8423.    
8424. C:\Program Files\Debugging Tools for Windows (x86)\BCDEDIT.EXE \SET {CURRENT} RECOVERYENABLED.EXE
8425.     828      
8426. File   
8427. Failed
8428.    
8429. C:\Documents and Settings\admin\Application Data\BCDEDIT.EXE \SET {CURRENT} RECOVERYENABLED OFF.EXE
8430.     828      
8431. File   
8432. Failed
8433.    
8434. C:\DOCUME~1\admin\LOCALS~1\Temp\bcdedit.exe \set {current} recoveryenabled off.exe
8435.     828      
8436. File   
8437. Failed
8438.    
8439. C:\WINDOWS\system32\BCDEDIT.EXE \SET {CURRENT} RECOVERYENABLED OFF.EXE
8440.     828      
8441. File   
8442. Failed
8443.    
8444. C:\WINDOWS\system\BCDEDIT.EXE \SET {CURRENT} RECOVERYENABLED OFF.EXE
8445.     828      
8446. File   
8447. Failed
8448.    
8449. C:\WINDOWS\BCDEDIT.EXE \SET {CURRENT} RECOVERYENABLED OFF.EXE
8450.     828      
8451. File   
8452. Failed
8453.    
8454. C:\WINDOWS\system32\wbem\BCDEDIT.EXE \SET {CURRENT} RECOVERYENABLED OFF.EXE
8455.     828      
8456. File   
8457. Failed
8458.    
8459. C:\Program Files\QuickTime\QTSystem\BCDEDIT.EXE \SET {CURRENT} RECOVERYENABLED OFF.EXE
8460.     828      
8461. File   
8462. Failed
8463.    
8464. C:\WINDOWS\system32\WindowsPowerShell\v1.0\BCDEDIT.EXE \SET {CURRENT} RECOVERYENABLED OFF.EXE
8465.     828      
8466. File   
8467. Failed
8468.    
8469. C:\Program Files\Debugging Tools for Windows (x86)\BCDEDIT.EXE \SET {CURRENT} RECOVERYENABLED OFF.EX
8470.    E
8471.     828      
8472. API Call   
8473.    
8474.   API Name:  ProcessCreate_Failure   Address:  0x7c81d627
8475.   Params:  [NULL, bcdedit.exe /set {current} recoveryenabled off, 32, NULL]
8476.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  dummy.dll
8477.     828      
8478. API Call   
8479.    
8480.   API Name:  Sleep   Address:  0x0041df48
8481.   Params:  [1000]
8482.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
8483.     828      
8484. Regkey 
8485. Added
8486.    
8487. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\zsys\
8488.     828      
8489. File   
8490. Failed
8491.    
8492. C:\Documents and Settings\admin\Application Data\NETAPI32.DLL
8493.     828      
8494. API Call   
8495.    
8496.   API Name:  CryptAcquireContextW   Address:  0x0041baf8
8497.   Params:  [NULL, NULL, 1, 4026531840]
8498.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  advapi32.dll
8499.     828      
8500. File   
8501. Failed
8502.    
8503. C:\Documents and Settings\admin\Application Data\rsaenh.dll
8504.     828      
8505. File   
8506. Failed
8507.    
8508. C:\DOCUME~1\admin\LOCALS~1\Temp\rsaenh.dll
8509.     828      
8510. File   
8511. Failed
8512.    
8513. C:\Documents and Settings\admin\Application Data\crypt32.dll
8514.     828      
8515. API Call   
8516.    
8517.   API Name:  CryptAcquireContextW   Address:  0x0041bb4c
8518.   Params:  [NULL, Intel Hardware Cryptographic Service Provider, 22, 0]
8519.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  advapi32.dll
8520.     828      
8521. API Call   
8522.    
8523.   API Name:  Process32First   Address:  0x0041bda4
8524.   Params:  [0x1d4, 0x12d488]
8525.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
8526.     828      
8527. Malicious  Alert   
8528. Generic  Anomalous  Activity
8529.    
8530. Message:   Enumerating running processes    Detail:   Process is enumerating running processes  
8531.              
8532. Regkey 
8533. Setval
8534.    
8535. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\zsys\"ID" = 93 dc 43 d8 a6 62 c
8536.   9 f2
8537.     828      
8538. Regkey 
8539. Added
8540.    
8541. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\93DC43D8A662C9F2
8542.     828      
8543. Regkey 
8544. Setval
8545.    
8546. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\93DC43D8A662C9F2\"data" = 31 4c
8547.     64 52 4b 70 31 67 63 48 4c 47 67 6b 58 34 6f 33 64 6b 59 66 57 68 38 4d 6e 79 46 52 4a 33 77 38
8548.    00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 d5 ea aa e5 0e 4b 19 24 b8 03 93 90 cb 11 2f aa 98 9
8549.    6 6f c0 87 32 a7 bb 69 92 e4 54 be 10 a5 c9 61 23 a5 8f 1d 4d cc bc d7 d6 b1 01 26 14 8f c2 8e fd
8550.     1d 43 21 51 7c ba 81 af 47 f0 92 aa 40 0f 00 00 35 32 39 37 37 36 31 35 42 34 38 45 46 42 39 35
8551.    45 38 31 35 32 34 33 37 44 30 30 46 34 37 36 35 30 30 33 38 43 45 41 37 31 38 34 37 37 43 30 39 3
8552.    8 46 31 43 41 34 46 44 33 30 36 45 33 31 43 45 46 35 45 46 30 39 31 35 35 38 36 35 33 42 33 35 37
8553.     32 44 46 43 33 44 42 45 31 45 34 46 45 46 33 44 32 31 34 38 33 30 38 38 44 34 34 36 33 33 39 36
8554.    33 30 34 36 43 35 38 36 31 31 45 38 34 31 33 00 00 00 00 04 86 87 1a 27 46 b0 11 1d 8d d4 bc aa 6
8555.    7 a5 db 04 0f 61 63 07 31 36 b9 c8 28 0f a6 7e 38 a8 49 d8 01 ca c2 d9 26 94 4f cb 47 37 aa a7 92
8556.     d5 19 b5 28 a8 66 90 66 9e bd dd 6a 61 92 b0 52 a5 73 e2 00 00 00 00 00 00 00 00 d3 4d 61 56 00
8557.    00 00 00
8558.     828      
8559. Regkey 
8560. Added
8561.    
8562. \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
8563.     828      
8564. Regkey 
8565. Setval
8566.    
8567. \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"EnableLinkedConnections
8568.    " = 0x00000001
8569.     828      
8570. Malicious  Alert   
8571. Misc  Anom
8572.    
8573. Message:   Process deleting itself    Detail:   Process deleting itself in any manor  
8574.              
8575. Regkey 
8576. Added
8577.    
8578. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
8579.   n\Run
8580.     828      
8581. Regkey 
8582. Setval
8583.    
8584. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
8585.   n\Run\"Acronis" = C:\Documents and Settings\admin\Application Data\ignmy-a.exe
8586.     828      
8587. Malicious  Alert   
8588. Suspicious  Persistance  Activity
8589.    
8590. Message:   Startup services added for file in suspicious folder    Detail:   Process adding itself (non-DLL) to windows startup areas for file in suspicious folder  
8591.              
8592. Malicious  Alert   
8593. Misc  Anom
8594.    
8595. Message:   Suspicious Persistence Activity    Detail:   Suspicious Persistence Activity  
8596.              
8597. API Call   
8598.    
8599.   API Name:  CryptAcquireContextA   Address:  0x00412c1f
8600.   Params:  [NULL, NULL, 1, 4026531840]
8601.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  advapi32.dll
8602.     828      
8603. API Call   
8604.    
8605.   API Name:  SetWindowsHookExA   Address:  0x7473097c
8606.   Params:  [2, 0x747307c3, 0x74720000, 1248]
8607.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  user32.dll
8608.     828      
8609. API Call   
8610.    
8611.   API Name:  SetWindowsHookExA   Address:  0x7473099a
8612.   Params:  [7, 0x747304cd, 0x74720000, 1248]
8613.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  user32.dll
8614.     828      
8615. File   
8616. Failed
8617.    
8618. C:\DOCUME~1\admin\LOCALS~1\Temp\vssadmin.exe
8619.     828      
8620. Regkey 
8621. Added
8622.    
8623. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
8624.    n\Explorer
8625.     828      
8626. Regkey 
8627. Added
8628.    
8629. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
8630.    n\Explorer\SessionInfo\00000000000096c5
8631.     828      
8632. API Call   
8633.    
8634.   API Name:  CryptAcquireContextA   Address:  0x00412c1f
8635.   Params:  [NULL, NULL, 1, 4026531840]
8636.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  advapi32.dll
8637.     828      
8638. API Call   
8639.    
8640.   API Name:  CryptAcquireContextA   Address:  0x00412c1f
8641.   Params:  [NULL, NULL, 1, 4026531840]
8642.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  advapi32.dll
8643.     828      
8644. 15 Repeated items skipped
8645. Regkey 
8646. Added
8647.    
8648. \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
8649.     828      
8650. Regkey 
8651. Added
8652.    
8653. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
8654.    n\Shell Extensions\Blocked
8655.     828      
8656. Regkey 
8657. Added
8658.    
8659. \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
8660.     828      
8661. Regkey 
8662. Added
8663.    
8664. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
8665.    n\Shell Extensions\Cached
8666.     828      
8667. API Call   
8668.    
8669.   API Name:  CryptAcquireContextA   Address:  0x00412c1f
8670.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  advapi32.dll
8671.     828      
8672. API Call   
8673.    
8674.   API Name:  CryptAcquireContextA   Address:  0x00412c1f
8675.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  advapi32.dll
8676.     828      
8677. 9 Repeated items skipped
8678. File   
8679. Created
8680.    
8681. C:\Documents and Settings\admin\My Documents\recover_file_mlybivbbx.txt
8682.     828      
8683. File   
8684. Close
8685.    
8686. C:\Documents and Settings\admin\My Documents\recover_file_mlybivbbx.txt
8687.   MD5:  68762e4c1ea6cb0f69be439806dddb61
8688.   SHA1: 226922713f62c2df0d0dc38705e51479861ae10a
8689.     828     254
8690. Process
8691. Opened
8692.    
8693.  
8694. Target:   System    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
8695.    
8696. 4
8697. 828
8698.          
8699. Process
8700. Opened
8701.    
8702.  
8703. Target:   C:\WINDOWS\system32\smss.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
8704.    
8705. 316
8706. 828
8707.          
8708. Process
8709. Opened
8710.    
8711.  
8712. Target:   C:\WINDOWS\system32\csrss.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
8713.    
8714. 420
8715. 828
8716.          
8717. Process
8718. Opened
8719.    
8720.  
8721. Target:   C:\WINDOWS\system32\winlogon.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
8722.    
8723. 444
8724. 828
8725.          
8726. API Call   
8727.    
8728.   API Name:  Sleep   Address:  0x0041f00b
8729.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
8730.     828      
8731. API Call   
8732.    
8733.   API Name:  GetSystemDirectoryW   Address:  0x77f78688
8734.   Params:  [0x113e938, 260]
8735.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
8736.     828      
8737. Process
8738. Opened
8739.    
8740.  
8741. Target:   C:\WINDOWS\system32\services.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
8742.    
8743. 552
8744. 828
8745.          
8746. Process
8747. Opened
8748.    
8749.  
8750. Target:   C:\WINDOWS\system32\lsass.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
8751.    
8752. 564
8753. 828
8754.          
8755. Process
8756. Opened
8757.    
8758.  
8759. Target:   C:\WINDOWS\system32\svchost.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
8760.    
8761. 716
8762. 828
8763.          
8764. Process
8765. Opened
8766.    
8767.  
8768. Target:   C:\WINDOWS\system32\svchost.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
8769.    
8770. 776
8771. 828
8772.          
8773. Process
8774. Opened
8775.    
8776.  
8777. Target:   C:\WINDOWS\system32\svchost.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
8778.    
8779. 840
8780. 828
8781.          
8782. Process
8783. Opened
8784.    
8785.  
8786. Target:   C:\WINDOWS\system32\svchost.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
8787.    
8788. 892
8789. 828
8790.          
8791. Process
8792. Opened
8793.    
8794.  
8795. Target:   C:\WINDOWS\system32\spoolsv.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
8796.    
8797. 1164
8798. 828
8799.          
8800. Process
8801. Opened
8802.    
8803.  
8804. Target:   C:\WINDOWS\system32\alg.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
8805.    
8806. 1800
8807. 828
8808.          
8809. Process
8810. Opened
8811.    
8812.  
8813. Target:   C:\WINDOWS\system32\wscntfy.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
8814.    
8815. 1864
8816. 828
8817.          
8818. Process
8819. Opened
8820.    
8821.  
8822. Target:   C:\Program Files\Messenger\msmsgs.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
8823.    
8824. 1900
8825. 828
8826.          
8827. Process
8828. Opened
8829.    
8830.  
8831. Target:   C:\WINDOWS\system32\ctfmon.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
8832.    
8833. 1924
8834. 828
8835.          
8836. Process
8837. Opened
8838.    
8839.  
8840. Target:   C:\WINDOWS\explorer.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
8841.    
8842. 2684
8843. 828
8844.          
8845. Process
8846. Opened
8847.    
8848.  
8849. Target:   C:\Program Files\Internet Explorer\iexplore.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
8850.    
8851. 2768
8852. 828
8853.          
8854. Process
8855. Opened
8856.    
8857.  
8858. Target:   C:\Program Files\Internet Explorer\iexplore.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
8859.    
8860. 3048
8861. 828
8862.          
8863. Process
8864. Opened
8865.    
8866.  
8867. Target:   C:\Program Files\Internet Explorer7\iexplore.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
8868.    
8869. 3132
8870. 828
8871.          
8872. Process
8873. Opened
8874.    
8875.  
8876. Target:   C:\Program Files\Internet Explorer6\IEXPLORE.EXE    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
8877.    
8878. 3184
8879. 828
8880.          
8881. Process
8882. Opened
8883.    
8884.  
8885. Target:   C:\WINDOWS\system32\wbem\wmiprvse.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
8886.    
8887. 908
8888. 828
8889.          
8890. Regkey 
8891. Added
8892.    
8893. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
8894.    n\Explorer\Shell Folders
8895.     828      
8896. Regkey 
8897. Setval
8898.    
8899. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
8900.    n\Explorer\Shell Folders\"Cache" = C:\Documents and Settings\admin\Local Settings\Temporary Inter
8901.   net Files
8902.     828      
8903. Mutex  
8904.    
8905. \BaseNamedObjects\ZonesCounterMutex
8906.     828      
8907. Mutex  
8908.    
8909. \BaseNamedObjects\ZoneAttributeCacheCounterMutex
8910.     828      
8911. Mutex  
8912.    
8913. \BaseNamedObjects\ZonesCacheCounterMutex
8914.     828      
8915. Regkey 
8916. Setval
8917.    
8918. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
8919.   n\Internet Settings\ZoneMap\"ProxyBypass" = 0x00000001
8920.     828      
8921. Regkey 
8922. Setval
8923.    
8924. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
8925.    n\Internet Settings\ZoneMap\"IntranetName" = 0x00000001
8926.     828      
8927. Regkey 
8928. Setval
8929.    
8930. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
8931.   n\Internet Settings\ZoneMap\"UNCAsIntranet" = 0x00000001
8932.     828      
8933. Regkey 
8934. Setval
8935.    
8936. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
8937.    n\Internet Settings\ZoneMap\"AutoDetect" = 0x00000001
8938.     828      
8939. Mutex  
8940.    
8941. \BaseNamedObjects\ZoneAttributeCacheCounterMutex
8942.     828      
8943. Mutex  
8944.    
8945. \BaseNamedObjects\ZonesLockedCacheCounterMutex
8946.     828      
8947. Regkey 
8948. Setval
8949.    
8950. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
8951.   n\Internet Settings\ZoneMap\"ProxyBypass" = 0x00000001
8952.     828      
8953. Regkey 
8954. Setval
8955.    
8956. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
8957.    n\Internet Settings\ZoneMap\"IntranetName" = 0x00000001
8958.     828      
8959. Regkey 
8960. Setval
8961.    
8962. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
8963.   n\Internet Settings\ZoneMap\"UNCAsIntranet" = 0x00000001
8964.     828      
8965. Regkey 
8966. Setval
8967.    
8968. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
8969.    n\Internet Settings\ZoneMap\"AutoDetect" = 0x00000001
8970.     828      
8971. Folder 
8972. Hide
8973.    
8974. C:\Documents and Settings\admin\Local Settings\Temporary Internet Files
8975.     828      
8976. Folder 
8977. Open
8978.    
8979. C:\Documents and Settings\admin\Cookies
8980.     828      
8981. Regkey 
8982. Added
8983.    
8984. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
8985.   n\Explorer\Shell Folders
8986.     828      
8987. Regkey 
8988. Setval
8989.    
8990. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
8991.   n\Explorer\Shell Folders\"Cookies" = C:\Documents and Settings\admin\Cookies
8992.     828      
8993. Process
8994. Opened
8995.    
8996.  
8997. Target:   System    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
8998.    
8999. 4
9000. 828
9001.          
9002. Process
9003. Opened
9004.    
9005.  
9006. Target:   C:\WINDOWS\system32\smss.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9007.    
9008. 316
9009. 828
9010.          
9011. Process
9012. Opened
9013.    
9014.  
9015. Target:   C:\WINDOWS\system32\csrss.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9016.    
9017. 420
9018. 828
9019.          
9020. Process
9021. Opened
9022.    
9023.  
9024. Target:   C:\WINDOWS\system32\winlogon.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9025.    
9026. 444
9027. 828
9028.          
9029. Process
9030. Opened
9031.    
9032.  
9033. Target:   C:\WINDOWS\system32\services.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9034.    
9035. 552
9036. 828
9037.          
9038. Process
9039. Opened
9040.    
9041.  
9042. Target:   C:\WINDOWS\system32\lsass.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9043.    
9044. 564
9045. 828
9046.          
9047. Process
9048. Opened
9049.    
9050.  
9051. Target:   C:\WINDOWS\system32\svchost.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9052.    
9053. 716
9054. 828
9055.          
9056. Process
9057. Opened
9058.    
9059.  
9060. Target:   C:\WINDOWS\system32\svchost.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9061.    
9062. 776
9063. 828
9064.          
9065. Process
9066. Opened
9067.    
9068.  
9069. Target:   C:\WINDOWS\system32\svchost.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9070.    
9071. 840
9072. 828
9073.          
9074. Process
9075. Opened
9076.    
9077.  
9078. Target:   C:\WINDOWS\system32\svchost.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9079.    
9080. 892
9081. 828
9082.          
9083. Process
9084. Opened
9085.    
9086.  
9087. Target:   C:\WINDOWS\system32\spoolsv.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9088.    
9089. 1164
9090. 828
9091.          
9092. Process
9093. Opened
9094.    
9095.  
9096. Target:   C:\WINDOWS\system32\alg.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9097.    
9098. 1800
9099. 828
9100.          
9101. Process
9102. Opened
9103.    
9104.  
9105. Target:   C:\WINDOWS\system32\wscntfy.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9106.    
9107. 1864
9108. 828
9109.          
9110. Process
9111. Opened
9112.    
9113.  
9114. Target:   C:\Program Files\Messenger\msmsgs.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9115.    
9116. 1900
9117. 828
9118.          
9119. Process
9120. Opened
9121.    
9122.  
9123. Target:   C:\WINDOWS\system32\ctfmon.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9124.    
9125. 1924
9126. 828
9127.          
9128. Process
9129. Opened
9130.    
9131.  
9132. Target:   C:\WINDOWS\explorer.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9133.    
9134. 2684
9135. 828
9136.          
9137. Process
9138. Opened
9139.    
9140.  
9141. Target:   C:\Program Files\Internet Explorer\iexplore.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9142.    
9143. 2768
9144. 828
9145.          
9146. Process
9147. Opened
9148.    
9149.  
9150. Target:   C:\Program Files\Internet Explorer\iexplore.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9151.    
9152. 3048
9153. 828
9154.          
9155. Process
9156. Opened
9157.    
9158.  
9159. Target:   C:\Program Files\Internet Explorer7\iexplore.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9160.    
9161. 3132
9162. 828
9163.          
9164. Process
9165. Opened
9166.    
9167.  
9168. Target:   C:\Program Files\Internet Explorer6\IEXPLORE.EXE    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9169.    
9170. 3184
9171. 828
9172.          
9173. Process
9174. Opened
9175.    
9176.  
9177. Target:   C:\WINDOWS\system32\wbem\wmiprvse.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9178.    
9179. 908
9180. 828
9181.          
9182. Folder 
9183. Hide
9184.    
9185. C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5
9186.     828      
9187. File   
9188. Failed
9189.    
9190. C:\Documents and Settings\admin\Application Data\SETUPAPI.dll
9191.     828      
9192. API Call   
9193.    
9194.   API Name:  GetSystemDirectoryW   Address:  0x77927324
9195.   Params:  [0x113dde8, 260]
9196.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
9197.     828      
9198. API Call   
9199.    
9200.   API Name:  GetComputerNameExW   Address:  0x77927048
9201.   Params:  [0, 0x113de1c, 0x113de18]
9202.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
9203.     828      
9204. Regkey 
9205. Queryvalue
9206.    
9207. \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\"ComputerName"
9208.     828      
9209. API Call   
9210.    
9211.  API Name:  GetComputerNameExW   Address:  0x779270ab
9212.  Params:  [3, 0x113de1c, 0x113de18]
9213.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
9214.     828      
9215. Regkey 
9216. Added
9217.    
9218. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
9219.   n\Explorer\Shell Folders
9220.     828      
9221. Regkey 
9222. Setval
9223.    
9224. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
9225.   n\Explorer\Shell Folders\"History" = C:\Documents and Settings\admin\Local Settings\History
9226.     828      
9227. API Call   
9228.    
9229.   API Name:  GetVolumeNameForVolumeMountPointW   Address:  0x7ca3f17e
9230.   Params:  [NULL, \\?\Volume{e319f02c-31a9-11e1-9a3f-806d6172696f}\]
9231.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
9232.     828      
9233. API Call   
9234.    
9235.   API Name:  GetVolumeNameForVolumeMountPointW   Address:  0x7ca3f17e
9236.   Params:  [NULL, \\?\Volume{e319f02e-31a9-11e1-9a3f-806d6172696f}\]
9237.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
9238.     828      
9239. Regkey 
9240. Setval
9241.    
9242. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
9243.    n\Explorer\MountPoints2\{e319f02e-31a9-11e1-9a3f-806d6172696f}\"BaseClass" = Drive
9244.     828      
9245. Regkey 
9246. Setval
9247.    
9248. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
9249.   n\Explorer\MountPoints2\{e319f02c-31a9-11e1-9a3f-806d6172696f}\"BaseClass" = Drive
9250.     828      
9251. Folder 
9252. Hide
9253.    
9254. C:\Documents and Settings\admin\Local Settings\History
9255.     828      
9256. Process
9257. Opened
9258.    
9259.  
9260. Target:   System    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9261.    
9262. 4
9263. 828
9264.          
9265. Process
9266. Opened
9267.    
9268.  
9269. Target:   C:\WINDOWS\system32\smss.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9270.    
9271. 316
9272. 828
9273.          
9274. Process
9275. Opened
9276.    
9277.  
9278. Target:   C:\WINDOWS\system32\csrss.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9279.    
9280. 420
9281. 828
9282.          
9283. Process
9284. Opened
9285.    
9286.  
9287. Target:   C:\WINDOWS\system32\winlogon.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9288.    
9289. 444
9290. 828
9291.          
9292. Process
9293. Opened
9294.    
9295.  
9296. Target:   C:\WINDOWS\system32\services.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9297.    
9298. 552
9299. 828
9300.          
9301. Process
9302. Opened
9303.    
9304.  
9305. Target:   C:\WINDOWS\system32\lsass.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9306.    
9307. 564
9308. 828
9309.          
9310. Process
9311. Opened
9312.    
9313.  
9314. Target:   C:\WINDOWS\system32\svchost.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9315.    
9316. 716
9317. 828
9318.          
9319. Process
9320. Opened
9321.    
9322.  
9323. Target:   C:\WINDOWS\system32\svchost.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9324.    
9325. 776
9326. 828
9327.          
9328. Process
9329. Opened
9330.    
9331.  
9332. Target:   C:\WINDOWS\system32\svchost.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9333.    
9334. 840
9335. 828
9336.          
9337. Process
9338. Opened
9339.    
9340.  
9341. Target:   C:\WINDOWS\system32\svchost.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9342.    
9343. 892
9344. 828
9345.          
9346. Process
9347. Opened
9348.    
9349.  
9350. Target:   C:\WINDOWS\system32\spoolsv.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9351.    
9352. 1164
9353. 828
9354.          
9355. Process
9356. Opened
9357.    
9358.  
9359. Target:   C:\WINDOWS\system32\alg.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9360.    
9361. 1800
9362. 828
9363.          
9364. Process
9365. Opened
9366.    
9367.  
9368. Target:   C:\WINDOWS\system32\wscntfy.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9369.    
9370. 1864
9371. 828
9372.          
9373. Process
9374. Opened
9375.    
9376.  
9377. Target:   C:\Program Files\Messenger\msmsgs.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9378.    
9379. 1900
9380. 828
9381.          
9382. Process
9383. Opened
9384.    
9385.  
9386. Target:   C:\WINDOWS\system32\ctfmon.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9387.    
9388. 1924
9389. 828
9390.          
9391. Process
9392. Opened
9393.    
9394.  
9395. Target:   C:\WINDOWS\explorer.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9396.    
9397. 2684
9398. 828
9399.          
9400. Process
9401. Opened
9402.    
9403.  
9404. Target:   C:\Program Files\Internet Explorer\iexplore.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9405.    
9406. 2768
9407. 828
9408.          
9409. Process
9410. Opened
9411.    
9412.  
9413. Target:   C:\Program Files\Internet Explorer\iexplore.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9414.    
9415. 3048
9416. 828
9417.          
9418. Process
9419. Opened
9420.    
9421.  
9422. Target:   C:\Program Files\Internet Explorer7\iexplore.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9423.    
9424. 3132
9425. 828
9426.          
9427. Process
9428. Opened
9429.    
9430.  
9431. Target:   C:\Program Files\Internet Explorer6\IEXPLORE.EXE    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9432.    
9433. 3184
9434. 828
9435.          
9436. Process
9437. Opened
9438.    
9439.  
9440. Target:   C:\WINDOWS\system32\wbem\wmiprvse.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9441.    
9442. 908
9443. 828
9444.          
9445. Folder 
9446. Hide
9447.    
9448. C:\Documents and Settings\admin\Local Settings\History\History.IE5
9449.     828      
9450. File   
9451. Open
9452.    
9453. C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat
9454.     828     65536
9455. Process
9456. Opened
9457.    
9458.  
9459. Target:   System    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9460.    
9461. 4
9462. 828
9463.          
9464. Process
9465. Opened
9466.    
9467.  
9468. Target:   C:\WINDOWS\system32\smss.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9469.    
9470. 316
9471. 828
9472.          
9473. Process
9474. Opened
9475.    
9476.  
9477. Target:   C:\WINDOWS\system32\csrss.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9478.    
9479. 420
9480. 828
9481.          
9482. Process
9483. Opened
9484.    
9485.  
9486. Target:   C:\WINDOWS\system32\winlogon.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9487.    
9488. 444
9489. 828
9490.          
9491. Process
9492. Opened
9493.    
9494.  
9495. Target:   C:\WINDOWS\system32\services.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9496.    
9497. 552
9498. 828
9499.          
9500. Process
9501. Opened
9502.    
9503.  
9504. Target:   C:\WINDOWS\system32\lsass.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9505.    
9506. 564
9507. 828
9508.          
9509. Process
9510. Opened
9511.    
9512.  
9513. Target:   C:\WINDOWS\system32\svchost.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9514.    
9515. 716
9516. 828
9517.          
9518. Process
9519. Opened
9520.    
9521.  
9522. Target:   C:\WINDOWS\system32\svchost.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9523.    
9524. 776
9525. 828
9526.          
9527. Process
9528. Opened
9529.    
9530.  
9531. Target:   C:\WINDOWS\system32\svchost.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9532.    
9533. 840
9534. 828
9535.          
9536. Process
9537. Opened
9538.    
9539.  
9540. Target:   C:\WINDOWS\system32\svchost.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9541.    
9542. 892
9543. 828
9544.          
9545. Process
9546. Opened
9547.    
9548.  
9549. Target:   C:\WINDOWS\system32\spoolsv.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9550.    
9551. 1164
9552. 828
9553.          
9554. Process
9555. Opened
9556.    
9557.  
9558. Target:   C:\WINDOWS\system32\alg.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9559.    
9560. 1800
9561. 828
9562.          
9563. Process
9564. Opened
9565.    
9566.  
9567. Target:   C:\WINDOWS\system32\wscntfy.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9568.    
9569. 1864
9570. 828
9571.          
9572. Process
9573. Opened
9574.    
9575.  
9576. Target:   C:\Program Files\Messenger\msmsgs.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9577.    
9578. 1900
9579. 828
9580.          
9581. Process
9582. Opened
9583.    
9584.  
9585. Target:   C:\WINDOWS\system32\ctfmon.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9586.    
9587. 1924
9588. 828
9589.          
9590. Process
9591. Opened
9592.    
9593.  
9594. Target:   C:\WINDOWS\explorer.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9595.    
9596. 2684
9597. 828
9598.          
9599. Process
9600. Opened
9601.    
9602.  
9603. Target:   C:\Program Files\Internet Explorer\iexplore.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9604.    
9605. 2768
9606. 828
9607.          
9608. Process
9609. Opened
9610.    
9611.  
9612. Target:   C:\Program Files\Internet Explorer\iexplore.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9613.    
9614. 3048
9615. 828
9616.          
9617. Process
9618. Opened
9619.    
9620.  
9621. Target:   C:\Program Files\Internet Explorer7\iexplore.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9622.    
9623. 3132
9624. 828
9625.          
9626. Process
9627. Opened
9628.    
9629.  
9630. Target:   C:\Program Files\Internet Explorer6\IEXPLORE.EXE    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9631.    
9632. 3184
9633. 828
9634.          
9635. Process
9636. Opened
9637.    
9638.  
9639. Target:   C:\WINDOWS\system32\wbem\wmiprvse.exe    Source:   C:\Documents and Settings\admin\Application Data\ignmy-a.exe  
9640.    
9641. 908
9642. 828
9643.          
9644. Folder 
9645. Hide
9646.    
9647. C:\Documents and Settings\admin\Cookies
9648.     828      
9649. File   
9650. Open
9651.    
9652. C:\Documents and Settings\admin\Cookies\index.dat
9653.     828     32768
9654. File   
9655. Open
9656.    
9657. C:\Documents and Settings\admin\Local Settings\History\History.IE5\index.dat
9658.     828     32768
9659. File   
9660. Failed
9661.    
9662. C:\Documents and Settings\admin\Application Data\ws2_32.dll
9663.     828      
9664. File   
9665. Failed
9666.    
9667. C:\Documents and Settings\admin\Application Data\WS2HELP.dll
9668.     828      
9669. Regkey 
9670. Setval
9671.    
9672. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\ShellNoRoam\M
9673.    UICache\"C:\WINDOWS\system32\vssadmin.exe" = Command Line Interface for Microsoft. Volume Shadow
9674.   Copy Service
9675.     828      
9676. File   
9677. Failed
9678.    
9679. C:\Documents and Settings\admin\Application Data\RASAPI32.dll
9680.     828      
9681. File   
9682. Failed
9683.    
9684. C:\Documents and Settings\admin\Application Data\rasman.dll
9685.     828      
9686. File   
9687. Failed
9688.    
9689. C:\Documents and Settings\admin\Application Data\TAPI32.dll
9690.     828      
9691. File   
9692. Failed
9693.    
9694. C:\Documents and Settings\admin\Application Data\rtutils.dll
9695.     828      
9696. Regkey 
9697. Added
9698.    
9699. \REGISTRY\MACHINE\Software\Microsoft\Tracing
9700.     828      
9701. API Call   
9702.    
9703.  API Name:  GetComputerNameW   Address:  0x76e96391
9704.  Params:  [0x235fe50, 0x235fe48]
9705.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
9706.     828      
9707. Regkey 
9708. Queryvalue
9709.    
9710. \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\"ComputerName"
9711.     828      
9712. API Call   
9713.    
9714.   API Name:  GetSystemDirectoryW   Address:  0x76ee27c6
9715.   Params:  [0x1f1da04, 261]
9716.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
9717.     828      
9718. Regkey 
9719. Added
9720.    
9721. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
9722.    n\Explorer\User Shell Folders
9723.     828      
9724. API Call   
9725.    
9726.   API Name:  GetComputerNameW   Address:  0x769c6a9e
9727.   Params:  [0x1b4640, 0x1f1d474]
9728.   Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
9729.     828      
9730. File   
9731. Failed
9732.    
9733. C:\Documents and Settings\admin\Application Data\msapsspc.dll
9734.     828      
9735. File   
9736. Failed
9737.    
9738. C:\DOCUME~1\admin\LOCALS~1\Temp\msapsspc.dll
9739.     828      
9740. Regkey 
9741. Queryvalue
9742.    
9743. \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\"ComputerName"
9744.     828      
9745. Regkey 
9746. Added
9747.    
9748. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows NT\CurrentVer
9749.   sion\Winlogon
9750.     828      
9751. File   
9752. Failed
9753.    
9754. C:\Documents and Settings\admin\Application Data\schannel.dll
9755.     828      
9756. File   
9757. Failed
9758.    
9759. C:\DOCUME~1\admin\LOCALS~1\Temp\schannel.dll
9760.     828      
9761. File   
9762. Failed
9763.    
9764. C:\Documents and Settings\admin\Application Data\digest.dll
9765.     828      
9766. File   
9767. Failed
9768.    
9769. C:\DOCUME~1\admin\LOCALS~1\Temp\digest.dll
9770.     828      
9771. File   
9772. Failed
9773.    
9774. C:\Documents and Settings\admin\Application Data\msnsspc.dll
9775.     828      
9776. File   
9777. Failed
9778.    
9779. C:\DOCUME~1\admin\LOCALS~1\Temp\msnsspc.dll
9780.     828      
9781. Regkey 
9782. Added
9783.    
9784. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
9785.   n\Explorer\Shell Folders
9786.     828      
9787. Regkey 
9788. Setval
9789.    
9790. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
9791.   n\Explorer\Shell Folders\"AppData" = C:\Documents and Settings\admin\Application Data
9792.     828      
9793. File   
9794. Failed
9795.    
9796. C:\Documents and Settings\admin\Application Data\Microsoft\NETWORK\CONNECTIONS\PBK
9797.     828      
9798. File   
9799. Failed
9800.    
9801. C:\Documents and Settings\admin\Application Data\iphlpapi.dll
9802.     828      
9803. File   
9804. Find
9805.    
9806. C:\*
9807.     828      
9808. File   
9809. Failed
9810.    
9811. C:\Documents and Settings\admin\Application Data\sensapi.dll
9812.     828      
9813. Regkey 
9814. Added
9815.    
9816. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\windows\CurrentVersio
9817.    n\Internet Settings\Connections
9818.     828      
9819. 2 Repeated items skipped
9820. Regkey 
9821. Added
9822.    
9823. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\windows\CurrentVersio
9824.    n\Internet Settings
9825.     828      
9826. Regkey 
9827. Setval
9828.    
9829. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
9830.    n\Internet Settings\"ProxyEnable" = 0x00000000
9831.     828      
9832. Regkey 
9833. Setval
9834.    
9835. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
9836.   n\Internet Settings\"ProxyServer" = 10.0.0.2:8080
9837.     828      
9838. Regkey 
9839. Deleteval
9840.    
9841. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
9842.    n\Internet Settings\"ProxyOverride"
9843.     828      
9844. Regkey 
9845. Deleteval
9846.    
9847. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
9848.   n\Internet Settings\"AutoConfigURL"
9849.     828      
9850. Regkey 
9851. Added
9852.    
9853. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\windows\CurrentVersio
9854.    n\Internet Settings\Connections
9855.     828      
9856. 2 Repeated items skipped
9857. Regkey 
9858. Setval
9859.    
9860. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
9861.    n\Internet Settings\Connections\"SavedLegacySettings" = 46 00 00 00 1d 00 00 00 01 00 00 00 0d 00
9862.    00 00 31 30 2e 30 2e 30 2e 32 3a 38 30 38 30 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 c0
9863.   7e dd d3 73 dc cc 01 01 00 00 00 0a 00 02 0f 00 00 00 00 00 00 00 00 00 00 00 00
9864.     828      
9865. API Call   
9866.    
9867.  API Name:  Sleep   Address:  0x0041f00b
9868.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
9869.     828      
9870. Regkey 
9871. Added
9872.    
9873. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\SOFTWARE\Microsoft\Windows NT\CurrentVer
9874.   sion\Network\Location Awareness
9875.     828      
9876. File   
9877. Failed
9878.    
9879. C:\Documents and Settings\admin\Application Data\rasadhlp.dll
9880.     828      
9881. Regkey 
9882. Added
9883.    
9884. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\windows\CurrentVersio
9885.   n\Internet Settings\Connections
9886.     828      
9887. Regkey 
9888. Added
9889.    
9890. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\windows\CurrentVersio
9891.   n\Internet Settings
9892.     828      
9893. Regkey 
9894. Setval
9895.    
9896. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
9897.   n\Internet Settings\"ProxyEnable" = 0x00000000
9898.     828      
9899. Regkey 
9900. Setval
9901.    
9902. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
9903.    n\Internet Settings\"ProxyServer" = 10.0.0.2:8080
9904.     828      
9905. Regkey 
9906. Deleteval
9907.    
9908. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
9909.   n\Internet Settings\"ProxyOverride"
9910.     828      
9911. Regkey 
9912. Deleteval
9913.    
9914. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
9915.    n\Internet Settings\"AutoConfigURL"
9916.     828      
9917. Regkey 
9918. Added
9919.    
9920. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\windows\CurrentVersio
9921.   n\Internet Settings\Connections
9922.     828      
9923. 2 Repeated items skipped
9924. Regkey 
9925. Setval
9926.    
9927. \REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersio
9928.   n\Internet Settings\Connections\"SavedLegacySettings" = 46 00 00 00 1e 00 00 00 01 00 00 00 0d 00
9929.     00 00 31 30 2e 30 2e 30 2e 32 3a 38 30 38 30 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 c0
9930.    7e dd d3 73 dc cc 01 01 00 00 00 0a 00 02 0f 00 00 00 00 00 00 00 00 00 00 00 00
9931.     828      
9932. Process
9933. Started
9934.    
9935. C:\WINDOWS\system32\vssadmin.exe
9936.   Parentname:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
9937.   Command Line:  "C:\WINDOWS\system32\vssadmin.exe"\"ComputerName"
9938.     1352         
9939. Network
9940. Dns  Query  Answer
9941.    
9942.  Protocol  Type:  udp   IP Address:  199.16.199.6   Hostname:  woodenden.com
9943.  Imagepath:  c:\Documents and Settings\admin\Application Data\ignmy-a.exe
9944.     828      
9945. API Call   
9946.    
9947.  API Name:  GetSystemTime   Address:  0x63004857
9948.  Params:  [0x1f1e148]
9949.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
9950.     828      
9951. API Call   
9952.    
9953.  API Name:  SystemTimeToFileTime   Address:  0x63004862
9954.  Params:  [0x1f1e148, 0x1f1e17c]
9955.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
9956.     828      
9957. API Call   
9958.    
9959.  API Name:  GetSystemDirectoryA   Address:  0x76f28a9e
9960.  Params:  [0x1f1c208, 260]
9961.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
9962.     828      
9963. Network
9964. Http  Request
9965.    
9966.  Protocol  Type:  tcp   Destination  Port:  80   IP Address:  199.16.199.6
9967.  Imagepath:  c:\Documents and Settings\admin\Application Data\ignmy-a.exe
9968.     828      
9969. Network
9970. Dns  Query
9971.    
9972.  Protocol  Type:  udp   Qtype:  Host Address   Hostname:  leboudoirdesbrunettes.com
9973.  Imagepath:  c:\Documents and Settings\admin\Application Data\ignmy-a.exe
9974.     828      
9975. Network
9976. Dns  Query  Answer
9977.    
9978.  Protocol  Type:  udp   IP Address:  199.16.199.7   Hostname:  leboudoirdesbrunettes.com
9979.  Imagepath:  c:\Documents and Settings\admin\Application Data\ignmy-a.exe
9980.     828      
9981. Process
9982. Terminated
9983.    
9984. C:\WINDOWS\system32\vssadmin.exe
9985.  Parentname:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
9986.  Command Line:  N/A
9987.     1352    828  
9988. Network
9989. Http  Request
9990.    
9991.  Protocol  Type:  tcp   Destination  Port:  80   IP Address:  199.16.199.7
9992.  Imagepath:  c:\Documents and Settings\admin\Application Data\ignmy-a.exe
9993.     828      
9994. Ransom 
9995.    
9996. C:\437mkrQZcep1\aimtSf.txt
9997. MD5:  4d8ae4cfa1959034def1a7b1172bc2c6
9998.              
9999. Malicious  Alert   
10000. Ransomware
10001.    
10002. Message:   Ransomware Activity    Detail:   Ransomware Activity  
10003.              
10004. Malicious  Alert   
10005. Misc  Anom
10006.    
10007. Message:   Ransomware Activity    Detail:   Ransomware Activity  
10008.              
10009. Ransom 
10010.    
10011. C:\437mkrQZcep1\hFJrzldGEg.jpg
10012. MD5:  4e4b1a9f927eccff628b530d163abff3
10013.              
10014. Ransom 
10015.    
10016. C:\437mkrQZcep1\LMhaa.xls
10017. MD5:  80a3050f59fdf86c8799a450fb2259f1
10018.              
10019. Ransom 
10020.    
10021. C:\437mkrQZcep1\MgVpgAw.png
10022. MD5:  6a9d07d0d215d8f2bca5d17730cc171c
10023.              
10024. Ransom 
10025.    
10026. C:\437mkrQZcep1\niapTyWw.doc
10027. MD5:  68ef5047b50cb918de6b0c5d49120d14
10028.              
10029. Ransom 
10030.    
10031. C:\437mkrQZcep1\QYVP-.ppt
10032. MD5:  cb794d01ce6abf437c0281b5c919c210
10033.              
10034. Ransom 
10035.    
10036. C:\a56VrfDAirK2\aZtoVT.ppt
10037. MD5:  eccf91abf2b875e694917709601840bf
10038.              
10039. Ransom 
10040.    
10041. C:\a56VrfDAirK2\MNQnQ.xls
10042. MD5:  977495f83b1cf06c8563ff789645232a
10043.              
10044. Ransom 
10045.    
10046. C:\a56VrfDAirK2\prPKnbyNJ.jpg
10047. MD5:  ad5fb195268d429c34e4769f59754674
10048.              
10049. Ransom 
10050.    
10051. C:\a56VrfDAirK2\YiYsgUwK.doc
10052. MD5:  de02e50e19b4d8a768fc0c2cea5019ae
10053.              
10054. File   
10055. Find
10056.    
10057. C:\Documents and Settings\*
10058.     828      
10059. File   
10060. Find
10061.    
10062. C:\Documents and Settings\*\*
10063.     828      
10064. File   
10065. Find
10066.    
10067. C:\Documents and Settings\*\Application Data\*
10068.     828      
10069. File   
10070. Open
10071.    
10072. C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\10.0\TMGrpPrm.sav
10073.     828     566
10074. File   
10075. Close
10076.    
10077. C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\10.0\TMGrpPrm.sav
10078.  MD5:  f4fd8bc8cf02daf4ad9301e5706cafad
10079.  SHA1: 24ef513cdd97e97fb35b97febb6d8242f145dd11
10080.     828     990
10081. File   
10082. Rename
10083.    
10084. Old Name:   C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\10.0\TMGrpPrm.sav
10085. New Name:   C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\10.0\TMGrpPrm.sav.vvv
10086.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
10087.  MD5:  f4fd8bc8cf02daf4ad9301e5706cafad
10088.  SHA1: 24ef513cdd97e97fb35b97febb6d8242f145dd11
10089.     828     990
10090. File   
10091. Open
10092.    
10093. C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\11.0\TMGrpPrm.sav
10094.     828     566
10095. File   
10096. Close
10097.    
10098. C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\11.0\TMGrpPrm.sav
10099.  MD5:  f4fd8bc8cf02daf4ad9301e5706cafad
10100.  SHA1: 24ef513cdd97e97fb35b97febb6d8242f145dd11
10101.     828     990
10102. File   
10103. Rename
10104.    
10105. Old Name:   C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\11.0\TMGrpPrm.sav
10106. New Name:   C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\11.0\TMGrpPrm.sav.vvv
10107.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
10108.  MD5:  f4fd8bc8cf02daf4ad9301e5706cafad
10109.  SHA1: 24ef513cdd97e97fb35b97febb6d8242f145dd11
10110.     828     990
10111. File   
10112. Open
10113.    
10114. C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\7.0\JavaScripts\glob.settings.js
10115.     828     10
10116. File   
10117. Close
10118.    
10119. C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\7.0\JavaScripts\glob.settings.js
10120.  MD5:  2cf3092e1b8c9eb71c0d59bfe5e05b79
10121.  SHA1: 1844f46ab3fa930896d9ef403c475a38bca8bda4
10122.     828     430
10123. File   
10124. Rename
10125.    
10126. Old Name:   C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\7.0\JavaScripts\glob.settings.js
10127. New Name:   C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\7.0\JavaScripts\glob.settings.js.vvv
10128.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
10129.  MD5:  2cf3092e1b8c9eb71c0d59bfe5e05b79
10130.  SHA1: 1844f46ab3fa930896d9ef403c475a38bca8bda4
10131.     828     430
10132. File   
10133. Open
10134.    
10135. C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\7.0\TMGrpPrm.sav
10136.     828     566
10137. File   
10138. Close
10139.    
10140. C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\7.0\TMGrpPrm.sav
10141.  MD5:  f4fd8bc8cf02daf4ad9301e5706cafad
10142.  SHA1: 24ef513cdd97e97fb35b97febb6d8242f145dd11
10143.     828     990
10144. File   
10145. Rename
10146.    
10147. Old Name:   C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\7.0\TMGrpPrm.sav
10148. New Name:   C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\7.0\TMGrpPrm.sav.vvv
10149.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
10150.  MD5:  f4fd8bc8cf02daf4ad9301e5706cafad
10151.  SHA1: 24ef513cdd97e97fb35b97febb6d8242f145dd11
10152.     828     990
10153. File   
10154. Open
10155.    
10156. C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt
10157.     828     774
10158. File   
10159. Close
10160.    
10161. C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt
10162.  MD5:  470073e1dd1beba9d5a04b19a0318f70
10163.  SHA1: f07f6682e9172f35c162dbfb290374b0498936a8
10164.     828     1198
10165. File   
10166. Rename
10167.    
10168. Old Name:   C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt
10169. New Name:   C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt.vvv
10170.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
10171.  MD5:  470073e1dd1beba9d5a04b19a0318f70
10172.  SHA1: f07f6682e9172f35c162dbfb290374b0498936a8
10173.     828     1198
10174. File   
10175. Open
10176.    
10177. C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\7.0\Updater\udstore.js
10178.     828     195
10179. File   
10180. Close
10181.    
10182. C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\7.0\Updater\udstore.js
10183.  MD5:  8c3fbd228ab63d44c689dc6358020dce
10184.  SHA1: c818db14547e2f06b9ed028b04a40c2858d82961
10185.     828     622
10186. File   
10187. Rename
10188.    
10189. Old Name:   C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\7.0\Updater\udstore.js
10190. New Name:   C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\7.0\Updater\udstore.js.vvv
10191.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
10192.  MD5:  8c3fbd228ab63d44c689dc6358020dce
10193.  SHA1: c818db14547e2f06b9ed028b04a40c2858d82961
10194.     828     622
10195. File   
10196. Open
10197.    
10198. C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\8.0\TMGrpPrm.sav
10199.     828     566
10200. File   
10201. Close
10202.    
10203. C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\8.0\TMGrpPrm.sav
10204.  MD5:  f4fd8bc8cf02daf4ad9301e5706cafad
10205.  SHA1: 24ef513cdd97e97fb35b97febb6d8242f145dd11
10206.     828     990
10207. File   
10208. Rename
10209.    
10210. Old Name:   C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\8.0\TMGrpPrm.sav
10211. New Name:   C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\8.0\TMGrpPrm.sav.vvv
10212.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
10213.  MD5:  f4fd8bc8cf02daf4ad9301e5706cafad
10214.  SHA1: 24ef513cdd97e97fb35b97febb6d8242f145dd11
10215.     828     990
10216. File   
10217. Open
10218.    
10219. C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\9.0\TMDocs.sav
10220.     828     36
10221. File   
10222. Close
10223.    
10224. C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\9.0\TMDocs.sav
10225.  MD5:  53b09fb0b6570696fbda75236b5d41ed
10226.  SHA1: 384df1890d7118c540e4237c1ead8aeaa9c73781
10227.     828     462
10228. File   
10229. Rename
10230.    
10231. Old Name:   C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\9.0\TMDocs.sav
10232. New Name:   C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\9.0\TMDocs.sav.vvv
10233.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
10234.  MD5:  53b09fb0b6570696fbda75236b5d41ed
10235.  SHA1: 384df1890d7118c540e4237c1ead8aeaa9c73781
10236.     828     462
10237. File   
10238. Open
10239.    
10240. C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\9.0\TMGrpPrm.sav
10241.     828     690
10242. File   
10243. Close
10244.    
10245. C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\9.0\TMGrpPrm.sav
10246.  MD5:  9a292a758b37b5d7271aaa19d4da6543
10247.  SHA1: a30bf63cb92fea7f35c508548e41e1f327a3d890
10248.     828     1118
10249. File   
10250. Rename
10251.    
10252. Old Name:   C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\9.0\TMGrpPrm.sav
10253. New Name:   C:\Documents and Settings\admin\Application Data\Adobe\Acrobat\9.0\TMGrpPrm.sav.vvv
10254.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
10255.  MD5:  9a292a758b37b5d7271aaa19d4da6543
10256.  SHA1: a30bf63cb92fea7f35c508548e41e1f327a3d890
10257.     828     1118
10258. Folder 
10259. Open
10260.    
10261. C:\Documents and Settings\admin\Application Data\Microsoft\Credentials
10262.     828      
10263. API Call   
10264.    
10265.  API Name:  Sleep   Address:  0x0041f00b
10266.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
10267.     828      
10268. File   
10269. Open
10270.    
10271. C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\brndlog.txt
10272.     828     10381
10273. File   
10274. Close
10275.    
10276. C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\brndlog.txt
10277.  MD5:  ca776c9e3854b73cbab402558023d5f3
10278.  SHA1: dfc42d478184a996a4ded74663bea3e72ea5903b
10279.     828     10798
10280. File   
10281. Rename
10282.    
10283. Old Name:   C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\brndlog.txt
10284. New Name:   C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\brndlog.txt.vvv
10285.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
10286.  MD5:  ca776c9e3854b73cbab402558023d5f3
10287.  SHA1: dfc42d478184a996a4ded74663bea3e72ea5903b
10288.     828     10798
10289. File   
10290. Open
10291.    
10292. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10293.   cookies.txt
10294.     828     157
10295. File   
10296. Close
10297.    
10298. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10299.   cookies.txt
10300.  MD5:  16f880df029212dc5b83869b7b89d07a
10301.  SHA1: 642095a1581aa5774062df3733909a9660885430
10302.     828     574
10303. File   
10304. Rename
10305.    
10306. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10307.   cookies.txt
10308. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10309.   cookies.txt.vvv
10310.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
10311.  MD5:  16f880df029212dc5b83869b7b89d07a
10312.  SHA1: 642095a1581aa5774062df3733909a9660885430
10313.     828     574
10314. File   
10315. Open
10316.    
10317. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10318.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\bootstrap.js
10319.     828     5393
10320. File   
10321. Close
10322.    
10323. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10324.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\bootstrap.js
10325.  MD5:  9257a339bc16bfa83d4df49c7be0d0fc
10326.  SHA1: 16e97dc6cf49936dc9c7cb02e4c27f6b2c23405f
10327.     828     5822
10328. File   
10329. Rename
10330.    
10331. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10332.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\bootstrap.js
10333. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10334.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\bootstrap.js.vvv
10335.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
10336.  MD5:  9257a339bc16bfa83d4df49c7be0d0fc
10337.  SHA1: 16e97dc6cf49936dc9c7cb02e4c27f6b2c23405f
10338.     828     5822
10339. File   
10340. Open
10341.    
10342. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10343.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\components\harness.js
10344.     828     19915
10345. File   
10346. Close
10347.    
10348. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10349.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\components\harness.js
10350.  MD5:  a60058223f1423dd3df8c95a603ee797
10351.  SHA1: 7bbdfcad0159251015a4ac6e64806f8022a6a70e
10352.     828     20334
10353. File   
10354. Rename
10355.    
10356. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10357.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\components\harness.js
10358. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10359.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\components\harness.js.vvv
10360.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
10361.  MD5:  a60058223f1423dd3df8c95a603ee797
10362.  SHA1: 7bbdfcad0159251015a4ac6e64806f8022a6a70e
10363.     828     20334
10364. File   
10365. Open
10366.    
10367. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10368.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-data\te
10369.   st-page-worker.js
10370.     828     905
10371. File   
10372. Close
10373.    
10374. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10375.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-data\te
10376.   st-page-worker.js
10377.  MD5:  a4602a49fde11fd3680173b70e64de5d
10378.  SHA1: 080f7b7a73a945639c6c0dadf5173444af2985a6
10379.     828     1326
10380. File   
10381. Rename
10382.    
10383. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10384.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-data\te
10385.   st-page-worker.js
10386. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10387.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-data\te
10388.   st-page-worker.js.vvv
10389.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
10390.  MD5:  a4602a49fde11fd3680173b70e64de5d
10391.  SHA1: 080f7b7a73a945639c6c0dadf5173444af2985a6
10392.     828     1326
10393. File   
10394. Open
10395.    
10396. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10397.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\cli
10398.   pboard.js
10399.     828     7688
10400. File   
10401. Close
10402.    
10403. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10404.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\cli
10405.   pboard.js
10406.  MD5:  3d725056aed161d73444282db8a55f3f
10407.  SHA1: baf89b44292a2a13c5aa836e54a0c4793a35b926
10408.     828     8110
10409. File   
10410. Rename
10411.    
10412. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10413.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\cli
10414.   pboard.js
10415. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10416.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\cli
10417.   pboard.js.vvv
10418.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
10419.  MD5:  3d725056aed161d73444282db8a55f3f
10420.  SHA1: baf89b44292a2a13c5aa836e54a0c4793a35b926
10421.     828     8110
10422. File   
10423. Open
10424.    
10425. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10426.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\con
10427.   text-menu.js
10428.     828     42249
10429. File   
10430. Close
10431.    
10432. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10433.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\con
10434.   text-menu.js
10435.  MD5:  be928e30b9548c9e5a1d87a02925e6be
10436.  SHA1: f140ce34d62923d34c7e55938f63a2788b128626
10437.     828     42670
10438. File   
10439. Rename
10440.    
10441. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10442.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\con
10443.   text-menu.js
10444. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10445.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\con
10446.   text-menu.js.vvv
10447.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
10448.  MD5:  be928e30b9548c9e5a1d87a02925e6be
10449.  SHA1: f140ce34d62923d34c7e55938f63a2788b128626
10450.     828     42670
10451. File   
10452. Open
10453.    
10454. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10455.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\hot
10456.   keys.js
10457.     828     2928
10458. File   
10459. Close
10460.    
10461. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10462.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\hot
10463.   keys.js
10464.  MD5:  40ce8c542b2ef3138bc002d552a73a67
10465.  SHA1: 977a6ca4a75d6e551ca5a755f15341828275a140
10466.     828     3358
10467. File   
10468. Rename
10469.    
10470. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10471.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\hot
10472.   keys.js
10473. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10474.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\hot
10475.   keys.js.vvv
10476.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
10477.  MD5:  40ce8c542b2ef3138bc002d552a73a67
10478.  SHA1: 977a6ca4a75d6e551ca5a755f15341828275a140
10479.     828     3358
10480. File   
10481. Open
10482.    
10483. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10484.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\not
10485.   ifications.js
10486.     828     3970
10487. API Call   
10488.    
10489.  API Name:  Sleep   Address:  0x0041f00b
10490.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
10491.     828      
10492. File   
10493. Close
10494.    
10495. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10496.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\not
10497.   ifications.js
10498.  MD5:  54d1adc11e80dab2b38beeade4f37c4d
10499.  SHA1: 2e7a29618d79abd068072b2e0f97de66cd361b4d
10500.     828     4398
10501. File   
10502. Rename
10503.    
10504. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10505.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\not
10506.   ifications.js
10507. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10508.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\not
10509.   ifications.js.vvv
10510.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
10511.  MD5:  54d1adc11e80dab2b38beeade4f37c4d
10512.  SHA1: 2e7a29618d79abd068072b2e0f97de66cd361b4d
10513.     828     4398
10514. File   
10515. Open
10516.    
10517. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10518.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pag
10519.   e-mod.js
10520.     828     8111
10521. File   
10522. Close
10523.    
10524. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10525.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pag
10526.   e-mod.js
10527.  MD5:  6f0dae913af72442293546ac04e0bd83
10528.  SHA1: 0f26a41be23525f31f81a5849dc923f43f63f70e
10529.     828     8526
10530. File   
10531. Rename
10532.    
10533. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10534.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pag
10535.   e-mod.js
10536. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10537.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pag
10538.   e-mod.js.vvv
10539.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
10540.  MD5:  6f0dae913af72442293546ac04e0bd83
10541.  SHA1: 0f26a41be23525f31f81a5849dc923f43f63f70e
10542.     828     8526
10543. File   
10544. Open
10545.    
10546. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10547.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pag
10548.   e-worker.js
10549.     828     3813
10550. File   
10551. Close
10552.    
10553. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10554.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pag
10555.   e-worker.js
10556.  MD5:  86fd898e11de6e5504aa00499c83290f
10557.  SHA1: a1c8744a84bd85e06539732fbe3e356cdf0627d4
10558.     828     4238
10559. File   
10560. Rename
10561.    
10562. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10563.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pag
10564.   e-worker.js
10565. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10566.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pag
10567.   e-worker.js.vvv
10568.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
10569.  MD5:  86fd898e11de6e5504aa00499c83290f
10570.  SHA1: a1c8744a84bd85e06539732fbe3e356cdf0627d4
10571.     828     4238
10572. File   
10573. Open
10574.    
10575. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10576.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pan
10577.   el.js
10578.     828     13423
10579. File   
10580. Close
10581.    
10582. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10583.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pan
10584.   el.js
10585.  MD5:  c12619f374f5b52d7dacc5aaa68f5dee
10586.  SHA1: b5c9f43c5f23fef9e89582936dffad4e84a60105
10587.     828     13838
10588. File   
10589. Rename
10590.    
10591. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10592.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pan
10593.   el.js
10594. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10595.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pan
10596.   el.js.vvv
10597.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
10598.  MD5:  c12619f374f5b52d7dacc5aaa68f5dee
10599.  SHA1: b5c9f43c5f23fef9e89582936dffad4e84a60105
10600.     828     13838
10601. File   
10602. Open
10603.    
10604. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10605.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pas
10606.   swords.js
10607.     828     3318
10608. File   
10609. Close
10610.    
10611. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10612.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pas
10613.   swords.js
10614.  MD5:  9a1bf29d9c3b93f0956e7420a8c2ce9b
10615.  SHA1: 5c91dd5ac9097874fd8029c2a212e145ccd56531
10616.     828     3742
10617. File   
10618. Rename
10619.    
10620. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10621.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pas
10622.   swords.js
10623. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10624.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pas
10625.   swords.js.vvv
10626.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
10627.  MD5:  9a1bf29d9c3b93f0956e7420a8c2ce9b
10628.  SHA1: 5c91dd5ac9097874fd8029c2a212e145ccd56531
10629.     828     3742
10630. File   
10631. Open
10632.    
10633. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10634.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pri
10635.   vate-browsing.js
10636.     828     4101
10637. File   
10638. Close
10639.    
10640. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10641.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pri
10642.   vate-browsing.js
10643.  MD5:  25657a4e076a5c2d147f1039cd0fcae5
10644.  SHA1: 9b2dfd3051fb40dc9f024bca0abd140467d88399
10645.     828     4526
10646. File   
10647. Rename
10648.    
10649. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10650.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pri
10651.   vate-browsing.js
10652. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10653.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\pri
10654.   vate-browsing.js.vvv
10655.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
10656.  MD5:  25657a4e076a5c2d147f1039cd0fcae5
10657.  SHA1: 9b2dfd3051fb40dc9f024bca0abd140467d88399
10658.     828     4526
10659. File   
10660. Open
10661.    
10662. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10663.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\req
10664.   uest.js
10665.     828     10453
10666. File   
10667. Close
10668.    
10669. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10670.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\req
10671.   uest.js
10672.  MD5:  fa6d141156b034c925549038cf9c5444
10673.  SHA1: 6fe05fc7a767ee060e287744509b503de84a598f
10674.     828     10878
10675. File   
10676. Rename
10677.    
10678. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10679.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\req
10680.   uest.js
10681. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10682.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\req
10683.   uest.js.vvv
10684.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
10685.  MD5:  fa6d141156b034c925549038cf9c5444
10686.  SHA1: 6fe05fc7a767ee060e287744509b503de84a598f
10687.     828     10878
10688. File   
10689. Open
10690.    
10691. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10692.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\sel
10693.   ection.js
10694.     828     12316
10695. File   
10696. Close
10697.    
10698. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10699.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\sel
10700.   ection.js
10701.  MD5:  6b3e8801b484d6ca85223d7362fc561d
10702.  SHA1: cf49698cd57f481686561901fbd203ebf0c7f910
10703.     828     12734
10704. File   
10705. Rename
10706.    
10707. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10708.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\sel
10709.   ection.js
10710. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10711.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\sel
10712.   ection.js.vvv
10713.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
10714.  MD5:  6b3e8801b484d6ca85223d7362fc561d
10715.  SHA1: cf49698cd57f481686561901fbd203ebf0c7f910
10716.     828     12734
10717. File   
10718. Open
10719.    
10720. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10721.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\sim
10722.   ple-storage.js
10723.     828     8614
10724. File   
10725. Close
10726.    
10727. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10728.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\sim
10729.   ple-storage.js
10730.  MD5:  88750ef1e4da6706bb408848d8941818
10731.  SHA1: 379333e26b2d2d11e6e72e9512b9c54ef51cad53
10732.     828     9038
10733. File   
10734. Rename
10735.    
10736. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10737.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\sim
10738.   ple-storage.js
10739. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10740.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\sim
10741.   ple-storage.js.vvv
10742.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
10743.  MD5:  88750ef1e4da6706bb408848d8941818
10744.  SHA1: 379333e26b2d2d11e6e72e9512b9c54ef51cad53
10745.     828     9038
10746. File   
10747. Open
10748.    
10749. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10750.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\tab
10751.   s.js
10752.     828     2723
10753. File   
10754. Close
10755.    
10756. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10757.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\tab
10758.   s.js
10759.  MD5:  c55ad3f89ff0a915655d3df2b5800e6e
10760.  SHA1: 781e09e7269d50ce61e8cd17d6a3fd8662eb476f
10761.     828     3150
10762. File   
10763. Rename
10764.    
10765. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10766.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\tab
10767.   s.js
10768. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10769.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\tab
10770.   s.js.vvv
10771.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
10772.  MD5:  c55ad3f89ff0a915655d3df2b5800e6e
10773.  SHA1: 781e09e7269d50ce61e8cd17d6a3fd8662eb476f
10774.     828     3150
10775. File   
10776. Open
10777.    
10778. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10779.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\tim
10780.   ers.js
10781.     828     1821
10782. File   
10783. Close
10784.    
10785. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10786.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\tim
10787.   ers.js
10788.  MD5:  6259c7f7e8ad1edf7e74558b822bf4e9
10789.  SHA1: 5e79dcd8bff3545352d43ed537c4206647691c47
10790.     828     2238
10791. File   
10792. Rename
10793.    
10794. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10795.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\tim
10796.   ers.js
10797. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10798.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\tim
10799.   ers.js.vvv
10800.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
10801.  MD5:  6259c7f7e8ad1edf7e74558b822bf4e9
10802.  SHA1: 5e79dcd8bff3545352d43ed537c4206647691c47
10803.     828     2238
10804. File   
10805. Open
10806.    
10807. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10808.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\wid
10809.   get.js
10810.     828     29701
10811. File   
10812. Close
10813.    
10814. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10815.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\wid
10816.   get.js
10817.  MD5:  b789083f2b75ec03aa8cf8ea56fcdba8
10818.  SHA1: 950e9fb56ed185d719ddd5dc196d448a0c7eb137
10819.     828     30126
10820. API Call   
10821.    
10822.  API Name:  Sleep   Address:  0x0041f00b
10823.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
10824.     828      
10825. File   
10826. Rename
10827.    
10828. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10829.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\wid
10830.   get.js
10831. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10832.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\wid
10833.   get.js.vvv
10834.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
10835.  MD5:  b789083f2b75ec03aa8cf8ea56fcdba8
10836.  SHA1: 950e9fb56ed185d719ddd5dc196d448a0c7eb137
10837.     828     30126
10838. File   
10839. Open
10840.    
10841. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10842.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\win
10843.   dows.js
10844.     828     8643
10845. File   
10846. Close
10847.    
10848. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10849.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\win
10850.   dows.js
10851.  MD5:  4dc46c8cc9bc2772768272b8dc5035d9
10852.  SHA1: 6e1900f4edf522477de77d94be1d3cd93c4ff861
10853.     828     9070
10854. File   
10855. Rename
10856.    
10857. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10858.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\win
10859.   dows.js
10860. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10861.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-addon-kit-lib\win
10862.   dows.js.vvv
10863.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
10864.  MD5:  4dc46c8cc9bc2772768272b8dc5035d9
10865.  SHA1: 6e1900f4edf522477de77d94be1d3cd93c4ff861
10866.     828     9070
10867. File   
10868. Open
10869.    
10870. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10871.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-data\bo
10872.   otstrap-remote-process.js
10873.     828     6665
10874. File   
10875. Close
10876.    
10877. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10878.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-data\bo
10879.   otstrap-remote-process.js
10880.  MD5:  36f6cd8b8dd4e8d79852e3d17cdbab48
10881.  SHA1: ec2f154608bafecb2c2d85b54647d1e3607d2692
10882.     828     7086
10883. File   
10884. Rename
10885.    
10886. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10887.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-data\bo
10888.   otstrap-remote-process.js
10889. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10890.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-data\bo
10891.   otstrap-remote-process.js.vvv
10892.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
10893.  MD5:  36f6cd8b8dd4e8d79852e3d17cdbab48
10894.  SHA1: ec2f154608bafecb2c2d85b54647d1e3607d2692
10895.     828     7086
10896. File   
10897. Open
10898.    
10899. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10900.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-data\te
10901.   st-content-symbiont.js
10902.     828      
10903. File   
10904. Open
10905.    
10906. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10907.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\api
10908.   -utils.js
10909.     828     7265
10910. File   
10911. Close
10912.    
10913. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10914.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\api
10915.   -utils.js
10916.  MD5:  3f42ad569af3db4fcbe3656ef042d168
10917.  SHA1: 8f3a6b38795b97d61ff4d8cb83048f939c617203
10918.     828     7694
10919. File   
10920. Rename
10921.    
10922. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10923.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\api
10924.   -utils.js
10925. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10926.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\api
10927.   -utils.js.vvv
10928.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
10929.  MD5:  3f42ad569af3db4fcbe3656ef042d168
10930.  SHA1: 8f3a6b38795b97d61ff4d8cb83048f939c617203
10931.     828     7694
10932. File   
10933. Open
10934.    
10935. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10936.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\app
10937.   -strings.js
10938.     828     3345
10939. File   
10940. Close
10941.    
10942. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10943.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\app
10944.   -strings.js
10945.  MD5:  b2878bfc894b696eefe1e5e6ce39ff35
10946.  SHA1: 04fb590f3ca812b118a3bcb9987200530c6c1b78
10947.     828     3774
10948. File   
10949. Rename
10950.    
10951. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10952.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\app
10953.   -strings.js
10954. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10955.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\app
10956.   -strings.js.vvv
10957.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
10958.  MD5:  b2878bfc894b696eefe1e5e6ce39ff35
10959.  SHA1: 04fb590f3ca812b118a3bcb9987200530c6c1b78
10960.     828     3774
10961. File   
10962. Open
10963.    
10964. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10965.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\arr
10966.   ay.js
10967.     828     3428
10968. File   
10969. Close
10970.    
10971. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10972.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\arr
10973.   ay.js
10974.  MD5:  839e3fc301229f5d530313648f479727
10975.  SHA1: 76b48c170f7c78102d59fca06051b2c8283d188d
10976.     828     3854
10977. File   
10978. Rename
10979.    
10980. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10981.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\arr
10982.   ay.js
10983. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10984.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\arr
10985.   ay.js.vvv
10986.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
10987.  MD5:  839e3fc301229f5d530313648f479727
10988.  SHA1: 76b48c170f7c78102d59fca06051b2c8283d188d
10989.     828     3854
10990. File   
10991. Open
10992.    
10993. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
10994.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\byt
10995.   e-streams.js
10996.     828     4280
10997. File   
10998. Close
10999.    
11000. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11001.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\byt
11002.   e-streams.js
11003.  MD5:  eaba973e15a32a2472b243e662937243
11004.  SHA1: 59bbd9cc0cf155cbfc7b0237fd780e6127ffa884
11005.     828     4702
11006. File   
11007. Rename
11008.    
11009. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11010.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\byt
11011.   e-streams.js
11012. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11013.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\byt
11014.   e-streams.js.vvv
11015.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
11016.  MD5:  eaba973e15a32a2472b243e662937243
11017.  SHA1: 59bbd9cc0cf155cbfc7b0237fd780e6127ffa884
11018.     828     4702
11019. File   
11020. Open
11021.    
11022. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11023.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\col
11024.   lection.js
11025.     828     4774
11026. File   
11027. Close
11028.    
11029. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11030.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\col
11031.   lection.js
11032.  MD5:  664e168e0d9044b38b17d17076a37485
11033.  SHA1: 6f09717fd85dd06fc03090ad20b656222735fcab
11034.     828     5198
11035. File   
11036. Rename
11037.    
11038. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11039.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\col
11040.   lection.js
11041. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11042.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\col
11043.   lection.js.vvv
11044.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
11045.  MD5:  664e168e0d9044b38b17d17076a37485
11046.  SHA1: 6f09717fd85dd06fc03090ad20b656222735fcab
11047.     828     5198
11048. File   
11049. Open
11050.    
11051. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11052.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
11053.   tent\content-proxy.js
11054.     828     18559
11055. API Call   
11056.    
11057.  API Name:  Sleep   Address:  0x0041f00b
11058.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
11059.     828      
11060. File   
11061. Close
11062.    
11063. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11064.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
11065.   tent\content-proxy.js
11066.  MD5:  dab34628fb40d04e2d81e1befdb8e0f1
11067.  SHA1: bdc395916f6f76b31923ed03a40ace73a11ed353
11068.     828     18974
11069. File   
11070. Rename
11071.    
11072. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11073.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
11074.   tent\content-proxy.js
11075. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11076.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
11077.   tent\content-proxy.js.vvv
11078.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
11079.  MD5:  dab34628fb40d04e2d81e1befdb8e0f1
11080.  SHA1: bdc395916f6f76b31923ed03a40ace73a11ed353
11081.     828     18974
11082. File   
11083. Open
11084.    
11085. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11086.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
11087.   tent\loader.js
11088.     828     6915
11089. File   
11090. Close
11091.    
11092. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11093.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
11094.   tent\loader.js
11095.  MD5:  6c3945c8058cdd4df47f5aca47c64c2a
11096.  SHA1: 935f4a118645fdcd0672eb95dd112913b45f6376
11097.     828     7342
11098. File   
11099. Rename
11100.    
11101. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11102.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
11103.   tent\loader.js
11104. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11105.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
11106.   tent\loader.js.vvv
11107.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
11108.  MD5:  6c3945c8058cdd4df47f5aca47c64c2a
11109.  SHA1: 935f4a118645fdcd0672eb95dd112913b45f6376
11110.     828     7342
11111. File   
11112. Open
11113.    
11114. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11115.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
11116.   tent\symbiont.js
11117.     828     6993
11118. File   
11119. Close
11120.    
11121. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11122.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
11123.   tent\symbiont.js
11124.  MD5:  b3c1b15215974fcf1dc214e066e58b25
11125.  SHA1: c64d367484969a8a48ca5a81266979a032054180
11126.     828     7422
11127. File   
11128. Rename
11129.    
11130. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11131.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
11132.   tent\symbiont.js
11133. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11134.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
11135.   tent\symbiont.js.vvv
11136.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
11137.  MD5:  b3c1b15215974fcf1dc214e066e58b25
11138.  SHA1: c64d367484969a8a48ca5a81266979a032054180
11139.     828     7422
11140. File   
11141. Open
11142.    
11143. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11144.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
11145.   tent\worker.js
11146.     828     19369
11147. File   
11148. Close
11149.    
11150. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11151.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
11152.   tent\worker.js
11153.  MD5:  934c15c2cffb1e98703c68520f937ab9
11154.  SHA1: 4149a1249e24ba40933125d4f7f31654aa6b9464
11155.     828     19790
11156. File   
11157. Rename
11158.    
11159. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11160.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
11161.   tent\worker.js
11162. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11163.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
11164.   tent\worker.js.vvv
11165.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
11166.  MD5:  934c15c2cffb1e98703c68520f937ab9
11167.  SHA1: 4149a1249e24ba40933125d4f7f31654aa6b9464
11168.     828     19790
11169. File   
11170. Open
11171.    
11172. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11173.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
11174.   tent.js
11175.     828     2013
11176. File   
11177. Close
11178.    
11179. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11180.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
11181.   tent.js
11182.  MD5:  6e1d67fdc62174378bc317cf1a83c84f
11183.  SHA1: a172520875d347f338ae2c2811efc1a627d2293b
11184.     828     2430
11185. File   
11186. Rename
11187.    
11188. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11189.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
11190.   tent.js
11191. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11192.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\con
11193.   tent.js.vvv
11194.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
11195.  MD5:  6e1d67fdc62174378bc317cf1a83c84f
11196.  SHA1: a172520875d347f338ae2c2811efc1a627d2293b
11197.     828     2430
11198. File   
11199. Open
11200.    
11201. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11202.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\cor
11203.   tex.js
11204.     828     6193
11205. API Call   
11206.    
11207.  API Name:  Sleep   Address:  0x0041f00b
11208.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
11209.     828      
11210. File   
11211. Close
11212.    
11213. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11214.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\cor
11215.   tex.js
11216.  MD5:  0cd753c98112f21df6d5fcd3ac60f1d9
11217.  SHA1: 5869378ee21f27af4134fa77d121c050efe9ddfd
11218.     828     6622
11219. File   
11220. Rename
11221.    
11222. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11223.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\cor
11224.   tex.js
11225. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11226.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\cor
11227.   tex.js.vvv
11228.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
11229.  MD5:  0cd753c98112f21df6d5fcd3ac60f1d9
11230.  SHA1: 5869378ee21f27af4134fa77d121c050efe9ddfd
11231.     828     6622
11232. File   
11233. Open
11234.    
11235. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11236.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\cud
11237.   dlefish.js
11238.     828     6789
11239. File   
11240. Close
11241.    
11242. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11243.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\cud
11244.   dlefish.js
11245.  MD5:  c8aeb974927b85916b08f76cf0edf8b6
11246.  SHA1: 635ab5f64d8c8191ea42829c5c3b0033200e09ed
11247.     828     7214
11248. File   
11249. Rename
11250.    
11251. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11252.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\cud
11253.   dlefish.js
11254. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11255.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\cud
11256.   dlefish.js.vvv
11257.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
11258.  MD5:  c8aeb974927b85916b08f76cf0edf8b6
11259.  SHA1: 635ab5f64d8c8191ea42829c5c3b0033200e09ed
11260.     828     7214
11261. File   
11262. Open
11263.    
11264. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11265.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\dom
11266.   \events\keys.js
11267.     828     3285
11268. File   
11269. Close
11270.    
11271. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11272.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\dom
11273.   \events\keys.js
11274.  MD5:  ad702682de17f656c14e3fa002ecfb6e
11275.  SHA1: 535db937229178a24dcf6351cd59c70ef34c0594
11276.     828     3710
11277. File   
11278. Rename
11279.    
11280. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11281.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\dom
11282.   \events\keys.js
11283. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11284.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\dom
11285.   \events\keys.js.vvv
11286.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
11287.  MD5:  ad702682de17f656c14e3fa002ecfb6e
11288.  SHA1: 535db937229178a24dcf6351cd59c70ef34c0594
11289.     828     3710
11290. File   
11291. Open
11292.    
11293. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11294.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\dom
11295.   \events.js
11296.     828     7418
11297. File   
11298. Close
11299.    
11300. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11301.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\dom
11302.   \events.js
11303.  MD5:  7c1e9ac9a073b9ff7aae2f60b139a168
11304.  SHA1: fe55c4d6ecdd9ebd3b433164836d1d7ae9ec51c9
11305.     828     7838
11306. File   
11307. Rename
11308.    
11309. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11310.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\dom
11311.   \events.js
11312. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11313.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\dom
11314.   \events.js.vvv
11315.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
11316.  MD5:  7c1e9ac9a073b9ff7aae2f60b139a168
11317.  SHA1: fe55c4d6ecdd9ebd3b433164836d1d7ae9ec51c9
11318.     828     7838
11319. File   
11320. Open
11321.    
11322. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11323.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\e10
11324.   s.js
11325.     828     7984
11326. File   
11327. Close
11328.    
11329. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11330.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\e10
11331.   s.js
11332.  MD5:  83bf24143e38136d9161051085b43ae2
11333.  SHA1: 49e5f38e82c68bddf41429068385b91004534550
11334.     828     8414
11335. File   
11336. Rename
11337.    
11338. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11339.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\e10
11340.   s.js
11341. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11342.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\e10
11343.   s.js.vvv
11344.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
11345.  MD5:  83bf24143e38136d9161051085b43ae2
11346.  SHA1: 49e5f38e82c68bddf41429068385b91004534550
11347.     828     8414
11348. File   
11349. Open
11350.    
11351. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11352.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\err
11353.   ors.js
11354.     828     3447
11355. File   
11356. Close
11357.    
11358. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11359.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\err
11360.   ors.js
11361.  MD5:  546e5f916ef4a1837d6c7f18b2409413
11362.  SHA1: 7787e1eeba103f1700f6c6b7350eab0fbb8cc063
11363.     828     3870
11364. File   
11365. Rename
11366.    
11367. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11368.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\err
11369.   ors.js
11370. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11371.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\err
11372.   ors.js.vvv
11373.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
11374.  MD5:  546e5f916ef4a1837d6c7f18b2409413
11375.  SHA1: 7787e1eeba103f1700f6c6b7350eab0fbb8cc063
11376.     828     3870
11377. File   
11378. Open
11379.    
11380. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11381.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\eve
11382.   nts\assembler.js
11383.     828     3456
11384. File   
11385. Close
11386.    
11387. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11388.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\eve
11389.   nts\assembler.js
11390.  MD5:  b0880ebfcc451d6d9cfe36e6b8632fa1
11391.  SHA1: 1034f16042129589c51489216bd52b9eb7d82000
11392.     828     3886
11393. File   
11394. Rename
11395.    
11396. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11397.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\eve
11398.   nts\assembler.js
11399. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11400.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\eve
11401.   nts\assembler.js.vvv
11402.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
11403.  MD5:  b0880ebfcc451d6d9cfe36e6b8632fa1
11404.  SHA1: 1034f16042129589c51489216bd52b9eb7d82000
11405.     828     3886
11406. File   
11407. Open
11408.    
11409. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11410.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\eve
11411.   nts.js
11412.     828     7598
11413. File   
11414. Close
11415.    
11416. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11417.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\eve
11418.   nts.js
11419.  MD5:  a2c918014f730e5f1706a2d81361d7f0
11420.  SHA1: 712151d7fde52d5725efd410cdbe6eff1aa97d61
11421.     828     8014
11422. File   
11423. Rename
11424.    
11425. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11426.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\eve
11427.   nts.js
11428. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11429.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\eve
11430.   nts.js.vvv
11431.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
11432.  MD5:  a2c918014f730e5f1706a2d81361d7f0
11433.  SHA1: 712151d7fde52d5725efd410cdbe6eff1aa97d61
11434.     828     8014
11435. File   
11436. Open
11437.    
11438. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11439.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\fil
11440.   e.js
11441.     828     6618
11442. API Call   
11443.    
11444.  API Name:  Sleep   Address:  0x0041f00b
11445.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
11446.     828      
11447. File   
11448. Close
11449.    
11450. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11451.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\fil
11452.   e.js
11453.  MD5:  b0d89dda922b7edeed00e88ad30bccf6
11454.  SHA1: 8e64ca3dad0cb8b0d6be37c85630c3965e1ebefe
11455.     828     7038
11456. File   
11457. Rename
11458.    
11459. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11460.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\fil
11461.   e.js
11462. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11463.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\fil
11464.   e.js.vvv
11465.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
11466.  MD5:  b0d89dda922b7edeed00e88ad30bccf6
11467.  SHA1: 8e64ca3dad0cb8b0d6be37c85630c3965e1ebefe
11468.     828     7038
11469. File   
11470. Open
11471.    
11472. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11473.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\fin
11474.   d-tests-e10s-adapter.js
11475.     828     3970
11476. File   
11477. Close
11478.    
11479. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11480.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\fin
11481.   d-tests-e10s-adapter.js
11482.  MD5:  28df72f4aa0e64896d613cf3988cd788
11483.  SHA1: 16950d70a58994517cffb49a91125da73d75ad50
11484.     828     4398
11485. File   
11486. Rename
11487.    
11488. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11489.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\fin
11490.   d-tests-e10s-adapter.js
11491. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11492.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\fin
11493.   d-tests-e10s-adapter.js.vvv
11494.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
11495.  MD5:  28df72f4aa0e64896d613cf3988cd788
11496.  SHA1: 16950d70a58994517cffb49a91125da73d75ad50
11497.     828     4398
11498. File   
11499. Open
11500.    
11501. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11502.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\fin
11503.   d-tests.js
11504.     828     38
11505. File   
11506. Close
11507.    
11508. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11509.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\fin
11510.   d-tests.js
11511.  MD5:  2c9bd4411e320a4685c4d7d5e385f280
11512.  SHA1: 4428877b8a9008525f641aec18eaa05f018ee249
11513.     828     462
11514. File   
11515. Rename
11516.    
11517. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11518.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\fin
11519.   d-tests.js
11520. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11521.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\fin
11522.   d-tests.js.vvv
11523.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
11524.  MD5:  2c9bd4411e320a4685c4d7d5e385f280
11525.  SHA1: 4428877b8a9008525f641aec18eaa05f018ee249
11526.     828     462
11527. File   
11528. Open
11529.    
11530. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11531.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\hid
11532.   den-frame.js
11533.     828     7014
11534. File   
11535. Close
11536.    
11537. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11538.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\hid
11539.   den-frame.js
11540.  MD5:  27a277aa25bb63015c45b2f28255e4e7
11541.  SHA1: ec4c9e426250d2f072ffa624942e1c5bc20fddb5
11542.     828     7438
11543. File   
11544. Rename
11545.    
11546. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11547.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\hid
11548.   den-frame.js
11549. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11550.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\hid
11551.   den-frame.js.vvv
11552.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
11553.  MD5:  27a277aa25bb63015c45b2f28255e4e7
11554.  SHA1: ec4c9e426250d2f072ffa624942e1c5bc20fddb5
11555.     828     7438
11556. File   
11557. Open
11558.    
11559. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11560.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\key
11561.   board\hotkeys.js
11562.     828     5226
11563. API Call   
11564.    
11565.  API Name:  Sleep   Address:  0x0041f00b
11566.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe   DLL Name:  kernel32.dll
11567.     828      
11568. File   
11569. Close
11570.    
11571. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11572.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\key
11573.   board\hotkeys.js
11574.  MD5:  458bb103471341141438e65bc84fb271
11575.  SHA1: 3bc0b53d08c027ee88fa7b668af511c2ed07e7f8
11576.     828     5646
11577. File   
11578. Rename
11579.    
11580. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11581.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\key
11582.   board\hotkeys.js
11583. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11584.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\key
11585.   board\hotkeys.js.vvv
11586.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
11587.  MD5:  458bb103471341141438e65bc84fb271
11588.  SHA1: 3bc0b53d08c027ee88fa7b668af511c2ed07e7f8
11589.     828     5646
11590. File   
11591. Open
11592.    
11593. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11594.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\key
11595.   board\observer.js
11596.     828     3351
11597. File   
11598. Close
11599.    
11600. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11601.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\key
11602.   board\observer.js
11603.  MD5:  7a56c7b9a1cd7aa55e3b160119f15e76
11604.  SHA1: 1b924494f332ab661dd084049174515164b01bde
11605.     828     3774
11606. File   
11607. Rename
11608.    
11609. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11610.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\key
11611.   board\observer.js
11612. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11613.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\key
11614.   board\observer.js.vvv
11615.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
11616.  MD5:  7a56c7b9a1cd7aa55e3b160119f15e76
11617.  SHA1: 1b924494f332ab661dd084049174515164b01bde
11618.     828     3774
11619. File   
11620. Open
11621.    
11622. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11623.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\key
11624.   board\utils.js
11625.     828     6658
11626. File   
11627. Close
11628.    
11629. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11630.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\key
11631.   board\utils.js
11632.  MD5:  44debf2c3e817809bf1b4074fb8856d4
11633.  SHA1: 5c11331016b6dfe8dffbfae3796d066be38fb864
11634.     828     7086
11635. File   
11636. Rename
11637.    
11638. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11639.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\key
11640.   board\utils.js
11641. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11642.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\key
11643.   board\utils.js.vvv
11644.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
11645.  MD5:  44debf2c3e817809bf1b4074fb8856d4
11646.  SHA1: 5c11331016b6dfe8dffbfae3796d066be38fb864
11647.     828     7086
11648. File   
11649. Open
11650.    
11651. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11652.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\lig
11653.   ht-traits.js
11654.     828     23934
11655. File   
11656. Close
11657.    
11658. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11659.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\lig
11660.   ht-traits.js
11661.  MD5:  cbd093d6334de8aab496557c0e67522f
11662.  SHA1: 9e8c2e6059999b0c07e18ebbb2d659b415af239e
11663.     828     24350
11664. File   
11665. Rename
11666.    
11667. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11668.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\lig
11669.   ht-traits.js
11670. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11671.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\lig
11672.   ht-traits.js.vvv
11673.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
11674.  MD5:  cbd093d6334de8aab496557c0e67522f
11675.  SHA1: 9e8c2e6059999b0c07e18ebbb2d659b415af239e
11676.     828     24350
11677. File   
11678. Open
11679.    
11680. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11681.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\lis
11682.   t.js
11683.     828     5363
11684. File   
11685. Close
11686.    
11687. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11688.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\lis
11689.   t.js
11690.  MD5:  8b5c4e5c525ed0d87568ac6593e27214
11691.  SHA1: 21448224aece333c421a611d7492d564653d9da9
11692.     828     5790
11693. File   
11694. Rename
11695.    
11696. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11697.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\lis
11698.   t.js
11699. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11700.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\lis
11701.   t.js.vvv
11702.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
11703.  MD5:  8b5c4e5c525ed0d87568ac6593e27214
11704.  SHA1: 21448224aece333c421a611d7492d564653d9da9
11705.     828     5790
11706. File   
11707. Open
11708.    
11709. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11710.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\mat
11711.   ch-pattern.js
11712.     828     5222
11713. File   
11714. Close
11715.    
11716. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11717.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\mat
11718.   ch-pattern.js
11719.  MD5:  63619193a70c205e805bbbec24533c2b
11720.  SHA1: 8c42f1651fb5fdf16a624374d41849e76ef833d5
11721.     828     5646
11722. File   
11723. Rename
11724.    
11725. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11726.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\mat
11727.   ch-pattern.js
11728. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11729.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\mat
11730.   ch-pattern.js.vvv
11731.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
11732.  MD5:  63619193a70c205e805bbbec24533c2b
11733.  SHA1: 8c42f1651fb5fdf16a624374d41849e76ef833d5
11734.     828     5646
11735. File   
11736. Open
11737.    
11738. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11739.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\mem
11740.   ory.js
11741.     828     4754
11742. File   
11743. Close
11744.    
11745. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11746.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\mem
11747.   ory.js
11748.  MD5:  ef073f99f00bdba3bd77283081594e51
11749.  SHA1: 3cff2f538594dc0b88d7403a877dc522c5893859
11750.     828     5182
11751. File   
11752. Rename
11753.    
11754. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11755.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\mem
11756.   ory.js
11757. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11758.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\mem
11759.   ory.js.vvv
11760.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
11761.  MD5:  ef073f99f00bdba3bd77283081594e51
11762.  SHA1: 3cff2f538594dc0b88d7403a877dc522c5893859
11763.     828     5182
11764. File   
11765. Open
11766.    
11767. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11768.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\obs
11769.   erver-service.js
11770.     828     7573
11771. File   
11772. Close
11773.    
11774. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11775.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\obs
11776.   erver-service.js
11777.  MD5:  0b9ea09ae5cd8c18561a7bc11d2fce89
11778.  SHA1: 4cb11c2b556a486943c9ba099b05709ca86ad756
11779.     828     7998
11780. File   
11781. Rename
11782.    
11783. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11784.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\obs
11785.   erver-service.js
11786. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11787.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\obs
11788.   erver-service.js.vvv
11789.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
11790.  MD5:  0b9ea09ae5cd8c18561a7bc11d2fce89
11791.  SHA1: 4cb11c2b556a486943c9ba099b05709ca86ad756
11792.     828     7998
11793. File   
11794. Open
11795.    
11796. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11797.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\pas
11798.   swords\utils.js
11799.     828     5249
11800. File   
11801. Close
11802.    
11803. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11804.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\pas
11805.   swords\utils.js
11806.  MD5:  8a145447716dce4509fdb2709adade7a
11807.  SHA1: 9628693ec4ad0a7fd07379e08bb39b1680595355
11808.     828     5678
11809. File   
11810. Rename
11811.    
11812. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11813.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\pas
11814.   swords\utils.js
11815. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11816.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\pas
11817.   swords\utils.js.vvv
11818.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
11819.  MD5:  8a145447716dce4509fdb2709adade7a
11820.  SHA1: 9628693ec4ad0a7fd07379e08bb39b1680595355
11821.     828     5678
11822. File   
11823. Open
11824.    
11825. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11826.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\pla
11827.   in-text-console.js
11828.     828     3668
11829. File   
11830. Close
11831.    
11832. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11833.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\pla
11834.   in-text-console.js
11835.  MD5:  c1b92aaee02d1fc15e2296f898e398d0
11836.  SHA1: 54d26186a338077ed70b51d3abcddd4b451c733a
11837.     828     4094
11838. File   
11839. Rename
11840.    
11841. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11842.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\pla
11843.   in-text-console.js
11844. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11845.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\pla
11846.   in-text-console.js.vvv
11847.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
11848.  MD5:  c1b92aaee02d1fc15e2296f898e398d0
11849.  SHA1: 54d26186a338077ed70b51d3abcddd4b451c733a
11850.     828     4094
11851. File   
11852. Open
11853.    
11854. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11855.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\pre
11856.   ferences-service.js
11857.     828     5370
11858. File   
11859. Close
11860.    
11861. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11862.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\pre
11863.   ferences-service.js
11864.  MD5:  fc65ca218550f056ec25a986aec9533e
11865.  SHA1: 59b030abf093b3db39c72b4078be90b3a0bd4a06
11866.     828     5790
11867. File   
11868. Rename
11869.    
11870. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11871.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\pre
11872.   ferences-service.js
11873. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11874.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\pre
11875.   ferences-service.js.vvv
11876.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
11877.  MD5:  fc65ca218550f056ec25a986aec9533e
11878.  SHA1: 59b030abf093b3db39c72b4078be90b3a0bd4a06
11879.     828     5790
11880. File   
11881. Open
11882.    
11883. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11884.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\run
11885.   time.js
11886.     828     2103
11887. File   
11888. Close
11889.    
11890. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11891.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\run
11892.   time.js
11893.  MD5:  c16c2b800aa0bb4e2923f301d5536c81
11894.  SHA1: af9a336737ec4955b0098edfd5fe9e9fab1e180d
11895.     828     2526
11896. File   
11897. Rename
11898.    
11899. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11900.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\run
11901.   time.js
11902. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11903.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\run
11904.   time.js.vvv
11905.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
11906.  MD5:  c16c2b800aa0bb4e2923f301d5536c81
11907.  SHA1: af9a336737ec4955b0098edfd5fe9e9fab1e180d
11908.     828     2526
11909. File   
11910. Open
11911.    
11912. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11913.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\sec
11914.   urable-module.js
11915.     828     31689
11916. File   
11917. Close
11918.    
11919. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11920.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\sec
11921.   urable-module.js
11922.  MD5:  99aff06937c8bda8c0bd6f288111caf5
11923.  SHA1: 139c5235a0da57cb97dac009ddef306b884af0ff
11924.     828     32110
11925. File   
11926. Rename
11927.    
11928. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11929.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\sec
11930.   urable-module.js
11931. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11932.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\sec
11933.   urable-module.js.vvv
11934.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
11935.  MD5:  99aff06937c8bda8c0bd6f288111caf5
11936.  SHA1: 139c5235a0da57cb97dac009ddef306b884af0ff
11937.     828     32110
11938. File   
11939. Open
11940.    
11941. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11942.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\sel
11943.   f-e10s-adapter.js
11944.     828     3624
11945. File   
11946. Close
11947.    
11948. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11949.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\sel
11950.   f-e10s-adapter.js
11951.  MD5:  427a5996ff4e8012e77466a3c646c117
11952.  SHA1: 152cbea0b0826acfe0ed28479572a1233d7d2718
11953.     828     4046
11954. File   
11955. Rename
11956.    
11957. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11958.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\sel
11959.   f-e10s-adapter.js
11960. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11961.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\sel
11962.   f-e10s-adapter.js.vvv
11963.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
11964.  MD5:  427a5996ff4e8012e77466a3c646c117
11965.  SHA1: 152cbea0b0826acfe0ed28479572a1233d7d2718
11966.     828     4046
11967. File   
11968. Open
11969.    
11970. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11971.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\sel
11972.   f-maker.js
11973.     828     1024
11974. File   
11975. Close
11976.    
11977. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11978.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\sel
11979.   f-maker.js
11980.  MD5:  21bce943e698183ca687518ebfb0cc20
11981.  SHA1: 8f909542c9d1ac5a079883553492e6aad3909743
11982.     828     1454
11983. File   
11984. Rename
11985.    
11986. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11987.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\sel
11988.   f-maker.js
11989. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
11990.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\sel
11991.   f-maker.js.vvv
11992.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
11993.  MD5:  21bce943e698183ca687518ebfb0cc20
11994.  SHA1: 8f909542c9d1ac5a079883553492e6aad3909743
11995.     828     1454
11996. File   
11997. Open
11998.    
11999. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12000.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\shi
12001.   ms.js
12002.     828     2266
12003. File   
12004. Close
12005.    
12006. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12007.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\shi
12008.   ms.js
12009.  MD5:  5d7826646f385c50b15f7b01faf9b6cd
12010.  SHA1: a17d4e026c5841d3a880abd1953a6239f5b4492f
12011.     828     2686
12012. File   
12013. Rename
12014.    
12015. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12016.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\shi
12017.   ms.js
12018. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12019.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\shi
12020.   ms.js.vvv
12021.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
12022.  MD5:  5d7826646f385c50b15f7b01faf9b6cd
12023.  SHA1: a17d4e026c5841d3a880abd1953a6239f5b4492f
12024.     828     2686
12025. File   
12026. Open
12027.    
12028. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12029.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
12030.   -browser.js
12031.     828     25192
12032. File   
12033. Close
12034.    
12035. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12036.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
12037.   -browser.js
12038.  MD5:  bb85411c9da7fa1643e2378b7c08f0ed
12039.  SHA1: 467ce18738e74473fed76b24d63a831bff3da5b4
12040.     828     25614
12041. File   
12042. Rename
12043.    
12044. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12045.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
12046.   -browser.js
12047. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12048.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
12049.   -browser.js.vvv
12050.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
12051.  MD5:  bb85411c9da7fa1643e2378b7c08f0ed
12052.  SHA1: 467ce18738e74473fed76b24d63a831bff3da5b4
12053.     828     25614
12054. File   
12055. Open
12056.    
12057. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12058.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
12059.   s\events.js
12060.     828     2112
12061. File   
12062. Close
12063.    
12064. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12065.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
12066.   s\events.js
12067.  MD5:  c28025d68e6b380e40c99f1ff7408d13
12068.  SHA1: 2c6b16ff980efe66ef709b895737510be9c640c3
12069.     828     2542
12070. File   
12071. Rename
12072.    
12073. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12074.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
12075.   s\events.js
12076. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12077.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
12078.   s\events.js.vvv
12079.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
12080.  MD5:  c28025d68e6b380e40c99f1ff7408d13
12081.  SHA1: 2c6b16ff980efe66ef709b895737510be9c640c3
12082.     828     2542
12083. File   
12084. Open
12085.    
12086. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12087.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
12088.   s\observer.js
12089.     828     4982
12090. File   
12091. Close
12092.    
12093. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12094.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
12095.   s\observer.js
12096.  MD5:  ed353c571e84da4a698923d9288cbcec
12097.  SHA1: 7a9da045435a4f43971b39e51ce933ecfcc2ae12
12098.     828     5406
12099. File   
12100. Rename
12101.    
12102. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12103.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
12104.   s\observer.js
12105. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12106.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
12107.   s\observer.js.vvv
12108.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
12109.  MD5:  ed353c571e84da4a698923d9288cbcec
12110.  SHA1: 7a9da045435a4f43971b39e51ce933ecfcc2ae12
12111.     828     5406
12112. File   
12113. Open
12114.    
12115. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12116.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
12117.   s\tab.js
12118.     828     9861
12119. File   
12120. Close
12121.    
12122. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12123.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
12124.   s\tab.js
12125.  MD5:  96c1bc7124a8e91c963ef0bd183d8c0c
12126.  SHA1: a55fc3a3157965e7b3fb6bf1d45eb5c699d8d472
12127.     828     10286
12128. File   
12129. Rename
12130.    
12131. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12132.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
12133.   s\tab.js
12134. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12135.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
12136.   s\tab.js.vvv
12137.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
12138.  MD5:  96c1bc7124a8e91c963ef0bd183d8c0c
12139.  SHA1: a55fc3a3157965e7b3fb6bf1d45eb5c699d8d472
12140.     828     10286
12141. File   
12142. Open
12143.    
12144. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12145.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
12146.   s\utils.js
12147.     828     2841
12148. File   
12149. Close
12150.    
12151. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12152.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
12153.   s\utils.js
12154.  MD5:  bf9fc0ddc68331294c7ca4c9ad0e16bd
12155.  SHA1: 91394ecfde46afeaa8590882fcce026b292ff407
12156.     828     3262
12157. File   
12158. Rename
12159.    
12160. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12161.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
12162.   s\utils.js
12163. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12164.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tab
12165.   s\utils.js.vvv
12166.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
12167.  MD5:  bf9fc0ddc68331294c7ca4c9ad0e16bd
12168.  SHA1: 91394ecfde46afeaa8590882fcce026b292ff407
12169.     828     3262
12170. File   
12171. Open
12172.    
12173. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12174.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tes
12175.   t\assert.js
12176.     828     10574
12177. File   
12178. Close
12179.    
12180. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12181.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tes
12182.   t\assert.js
12183.  MD5:  8b776a660d4d38e57944faafa3321366
12184.  SHA1: d95c57e2ea87827c2b23f7a7756bef0df0842fea
12185.     828     10990
12186. File   
12187. Rename
12188.    
12189. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12190.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tes
12191.   t\assert.js
12192. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12193.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tes
12194.   t\assert.js.vvv
12195.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
12196.  MD5:  8b776a660d4d38e57944faafa3321366
12197.  SHA1: d95c57e2ea87827c2b23f7a7756bef0df0842fea
12198.     828     10990
12199. File   
12200. Open
12201.    
12202. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12203.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tes
12204.   t.js
12205.     828     5146
12206. File   
12207. Close
12208.    
12209. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12210.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tes
12211.   t.js
12212.  MD5:  de7393baf5bd2cff23eaad61949bb07c
12213.  SHA1: 7a3b5f4b704e42011249c7145311a5ea632195e6
12214.     828     5566
12215. File   
12216. Rename
12217.    
12218. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12219.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tes
12220.   t.js
12221. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12222.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tes
12223.   t.js.vvv
12224.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
12225.  MD5:  de7393baf5bd2cff23eaad61949bb07c
12226.  SHA1: 7a3b5f4b704e42011249c7145311a5ea632195e6
12227.     828     5566
12228. File   
12229. Open
12230.    
12231. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12232.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tex
12233.   t-streams.js
12234.     828     9490
12235. File   
12236. Close
12237.    
12238. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12239.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tex
12240.   t-streams.js
12241.  MD5:  a54e415418c6b1538fa5d8b06bc91287
12242.  SHA1: 08dc8690c89e872d42a061ad6dfe443958b7b740
12243.     828     9918
12244. File   
12245. Rename
12246.    
12247. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12248.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tex
12249.   t-streams.js
12250. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12251.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tex
12252.   t-streams.js.vvv
12253.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
12254.  MD5:  a54e415418c6b1538fa5d8b06bc91287
12255.  SHA1: 08dc8690c89e872d42a061ad6dfe443958b7b740
12256.     828     9918
12257. File   
12258. Open
12259.    
12260. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12261.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tim
12262.   er-e10s-adapter.js
12263.     828     2658
12264. File   
12265. Close
12266.    
12267. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12268.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tim
12269.   er-e10s-adapter.js
12270.  MD5:  b2665e75053e5bce22d59c364f5cfee0
12271.  SHA1: 179f0812df6f989f9707376c634dea8e5fb9fa0e
12272.     828     3086
12273. File   
12274. Rename
12275.    
12276. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12277.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tim
12278.   er-e10s-adapter.js
12279. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12280.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tim
12281.   er-e10s-adapter.js.vvv
12282.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
12283.  MD5:  b2665e75053e5bce22d59c364f5cfee0
12284.  SHA1: 179f0812df6f989f9707376c634dea8e5fb9fa0e
12285.     828     3086
12286. File   
12287. Open
12288.    
12289. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12290.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tim
12291.   er.js
12292.     828     4208
12293. File   
12294. Close
12295.    
12296. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12297.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tim
12298.   er.js
12299.  MD5:  7d5538216a2b9b031cac74a1d506bc8a
12300.  SHA1: 31c30487f8d575a2b7182c7fe7c655745946d852
12301.     828     4638
12302. File   
12303. Rename
12304.    
12305. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12306.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tim
12307.   er.js
12308. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12309.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tim
12310.   er.js.vvv
12311.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
12312.  MD5:  7d5538216a2b9b031cac74a1d506bc8a
12313.  SHA1: 31c30487f8d575a2b7182c7fe7c655745946d852
12314.     828     4638
12315. File   
12316. Open
12317.    
12318. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12319.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tra
12320.   ceback.js
12321.     828     5081
12322. File   
12323. Close
12324.    
12325. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12326.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tra
12327.   ceback.js
12328.  MD5:  8575bee814a37427ed2e1b208edb33d8
12329.  SHA1: a0144e4f6a8d3c3afa11d656c68fdd029ff66499
12330.     828     5502
12331. File   
12332. Rename
12333.    
12334. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12335.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tra
12336.   ceback.js
12337. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12338.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tra
12339.   ceback.js.vvv
12340.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
12341.  MD5:  8575bee814a37427ed2e1b208edb33d8
12342.  SHA1: a0144e4f6a8d3c3afa11d656c68fdd029ff66499
12343.     828     5502
12344. File   
12345. Open
12346.    
12347. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12348.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tra
12349.   its\core.js
12350.     828     11340
12351. File   
12352. Close
12353.    
12354. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12355.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tra
12356.   its\core.js
12357.  MD5:  487e0a55d0812a2fe8d33e38b97f363b
12358.  SHA1: bbbaa5279ff48795d8fb392b4a7cc5b4f82df70f
12359.     828     11758
12360. File   
12361. Rename
12362.    
12363. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12364.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tra
12365.   its\core.js
12366. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12367.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tra
12368.   its\core.js.vvv
12369.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
12370.  MD5:  487e0a55d0812a2fe8d33e38b97f363b
12371.  SHA1: bbbaa5279ff48795d8fb392b4a7cc5b4f82df70f
12372.     828     11758
12373. File   
12374. Open
12375.    
12376. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12377.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tra
12378.   its.js
12379.     828     7550
12380. File   
12381. Close
12382.    
12383. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12384.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tra
12385.   its.js
12386.  MD5:  f23f23379935795e8a614ac7afecf47d
12387.  SHA1: 09164e62db29bc248a0d14bcb9135093a703ac39
12388.     828     7966
12389. File   
12390. Rename
12391.    
12392. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12393.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tra
12394.   its.js
12395. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12396.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\tra
12397.   its.js.vvv
12398.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
12399.  MD5:  f23f23379935795e8a614ac7afecf47d
12400.  SHA1: 09164e62db29bc248a0d14bcb9135093a703ac39
12401.     828     7966
12402. File   
12403. Open
12404.    
12405. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12406.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\typ
12407.   e.js
12408.     828     11432
12409. File   
12410. Close
12411.    
12412. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12413.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\typ
12414.   e.js
12415.  MD5:  3afce4b0c8fa1c6bf01b466799ca20b0
12416.  SHA1: 667f05bab5fcd4978ce81d372638e3bfbb0d00c5
12417.     828     11854
12418. File   
12419. Rename
12420.    
12421. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12422.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\typ
12423.   e.js
12424. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12425.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\typ
12426.   e.js.vvv
12427.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
12428.  MD5:  3afce4b0c8fa1c6bf01b466799ca20b0
12429.  SHA1: 667f05bab5fcd4978ce81d372638e3bfbb0d00c5
12430.     828     11854
12431. File   
12432. Open
12433.    
12434. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12435.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uni
12436.   t-test-finder.js
12437.     828     3479
12438. File   
12439. Close
12440.    
12441. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12442.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uni
12443.   t-test-finder.js
12444.  MD5:  7babdd7e2b29d51d504d14544074f3de
12445.  SHA1: 046db9743ab3d7db0abbfd7f5bad7fa3f6ae968a
12446.     828     3902
12447. File   
12448. Rename
12449.    
12450. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12451.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uni
12452.   t-test-finder.js
12453. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12454.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uni
12455.   t-test-finder.js.vvv
12456.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
12457.  MD5:  7babdd7e2b29d51d504d14544074f3de
12458.  SHA1: 046db9743ab3d7db0abbfd7f5bad7fa3f6ae968a
12459.     828     3902
12460. File   
12461. Open
12462.    
12463. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12464.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uni
12465.   t-test.js
12466.     828     11539
12467. File   
12468. Close
12469.    
12470. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12471.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uni
12472.   t-test.js
12473.  MD5:  a1369704929a52718965e1a9b1f3ccef
12474.  SHA1: 8c732168b44ca12c8dc73a5f01d8691f7057686c
12475.     828     11966
12476. File   
12477. Rename
12478.    
12479. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12480.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uni
12481.   t-test.js
12482. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12483.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uni
12484.   t-test.js.vvv
12485.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
12486.  MD5:  a1369704929a52718965e1a9b1f3ccef
12487.  SHA1: 8c732168b44ca12c8dc73a5f01d8691f7057686c
12488.     828     11966
12489. File   
12490. Open
12491.    
12492. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12493.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\unl
12494.   oad.js
12495.     828     1278
12496. File   
12497. Close
12498.    
12499. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12500.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\unl
12501.   oad.js
12502.  MD5:  9940ad1eb938784e5cad8dc7ea47ef98
12503.  SHA1: 65a45d257191dab39c7299490fdab40d075cc7f6
12504.     828     1694
12505. File   
12506. Rename
12507.    
12508. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12509.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\unl
12510.   oad.js
12511. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12512.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\unl
12513.   oad.js.vvv
12514.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
12515.  MD5:  9940ad1eb938784e5cad8dc7ea47ef98
12516.  SHA1: 65a45d257191dab39c7299490fdab40d075cc7f6
12517.     828     1694
12518. File   
12519. Open
12520.    
12521. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12522.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\url
12523.   -e10s-adapter.js
12524.     828     4008
12525. File   
12526. Close
12527.    
12528. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12529.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\url
12530.   -e10s-adapter.js
12531.  MD5:  6e64ec92bad4e628af4794ffc4d9764d
12532.  SHA1: aa865e71fa131019b772e0fa7275a1a7248364c5
12533.     828     4430
12534. File   
12535. Rename
12536.    
12537. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12538.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\url
12539.   -e10s-adapter.js
12540. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12541.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\url
12542.   -e10s-adapter.js.vvv
12543.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
12544.  MD5:  6e64ec92bad4e628af4794ffc4d9764d
12545.  SHA1: aa865e71fa131019b772e0fa7275a1a7248364c5
12546.     828     4430
12547. File   
12548. Open
12549.    
12550. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12551.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\url
12552.   .js
12553.     828     4269
12554. File   
12555. Close
12556.    
12557. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12558.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\url
12559.   .js
12560.  MD5:  ea6e945f005f1d147d36c6d5aab4684c
12561.  SHA1: a580b5458144a0ba8863b1407295011ee14fcca0
12562.     828     4686
12563. File   
12564. Rename
12565.    
12566. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12567.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\url
12568.   .js
12569. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12570.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\url
12571.   .js.vvv
12572.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
12573.  MD5:  ea6e945f005f1d147d36c6d5aab4684c
12574.  SHA1: a580b5458144a0ba8863b1407295011ee14fcca0
12575.     828     4686
12576. File   
12577. Open
12578.    
12579. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12580.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uti
12581.   ls\data.js
12582.     828     3912
12583. File   
12584. Close
12585.    
12586. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12587.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uti
12588.   ls\data.js
12589.  MD5:  65c416b691d0c6c4e6c1c64b3c784950
12590.  SHA1: 218717ec56e80e50adede173c447b81c46b5a5e2
12591.     828     4334
12592. File   
12593. Rename
12594.    
12595. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12596.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uti
12597.   ls\data.js
12598. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12599.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uti
12600.   ls\data.js.vvv
12601.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
12602.  MD5:  65c416b691d0c6c4e6c1c64b3c784950
12603.  SHA1: 218717ec56e80e50adede173c447b81c46b5a5e2
12604.     828     4334
12605. File   
12606. Open
12607.    
12608. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12609.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uti
12610.   ls\function.js
12611.     828     2710
12612. File   
12613. Close
12614.    
12615. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12616.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uti
12617.   ls\function.js
12618.  MD5:  327aa01d5e3c1f43520f755abdebfdd2
12619.  SHA1: ee1feeec918f98a50c159a556a58fd42dc36ab0e
12620.     828     3134
12621. File   
12622. Rename
12623.    
12624. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12625.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uti
12626.   ls\function.js
12627. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12628.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uti
12629.   ls\function.js.vvv
12630.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
12631.  MD5:  327aa01d5e3c1f43520f755abdebfdd2
12632.  SHA1: ee1feeec918f98a50c159a556a58fd42dc36ab0e
12633.     828     3134
12634. File   
12635. Open
12636.    
12637. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12638.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uti
12639.   ls\registry.js
12640.     828     3318
12641. File   
12642. Close
12643.    
12644. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12645.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uti
12646.   ls\registry.js
12647.  MD5:  bce4fa510248714e55a79fc69ec7d279
12648.  SHA1: a51a2989394135025900dc4a9117e01bee0dfc6d
12649.     828     3742
12650. File   
12651. Rename
12652.    
12653. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12654.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uti
12655.   ls\registry.js
12656. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12657.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uti
12658.   ls\registry.js.vvv
12659.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
12660.  MD5:  bce4fa510248714e55a79fc69ec7d279
12661.  SHA1: a51a2989394135025900dc4a9117e01bee0dfc6d
12662.     828     3742
12663. File   
12664. Open
12665.    
12666. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12667.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uti
12668.   ls\thumbnail.js
12669.     828     3099
12670. File   
12671. Close
12672.    
12673. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12674.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uti
12675.   ls\thumbnail.js
12676.  MD5:  6113df0e2bd8dae52f5c150bccee756e
12677.  SHA1: cfb66aceaa4487cd8b7edb1c2688c718ff99031e
12678.     828     3518
12679. File   
12680. Rename
12681.    
12682. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12683.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uti
12684.   ls\thumbnail.js
12685. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12686.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\uti
12687.   ls\thumbnail.js.vvv
12688.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
12689.  MD5:  6113df0e2bd8dae52f5c150bccee756e
12690.  SHA1: cfb66aceaa4487cd8b7edb1c2688c718ff99031e
12691.     828     3518
12692. File   
12693. Open
12694.    
12695. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12696.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
12697.   dow-utils.js
12698.     828     6368
12699. File   
12700. Close
12701.    
12702. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12703.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
12704.   dow-utils.js
12705.  MD5:  74f6f87f3d4db34ed0ad9460621e10f8
12706.  SHA1: 4c76c982b1c7c19b89d55f5a854aadcd60cd4300
12707.     828     6798
12708. File   
12709. Rename
12710.    
12711. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12712.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
12713.   dow-utils.js
12714. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12715.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
12716.   dow-utils.js.vvv
12717.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
12718.  MD5:  74f6f87f3d4db34ed0ad9460621e10f8
12719.  SHA1: 4c76c982b1c7c19b89d55f5a854aadcd60cd4300
12720.     828     6798
12721. File   
12722. Open
12723.    
12724. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12725.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
12726.   dows\dom.js
12727.     828     2259
12728. File   
12729. Close
12730.    
12731. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12732.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
12733.   dows\dom.js
12734.  MD5:  98385d24a0fddb82b87f4ef0075a0469
12735.  SHA1: 99ba4d9525597c2fca4cf0ee61ce8ebdbd15257c
12736.     828     2686
12737. File   
12738. Rename
12739.    
12740. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12741.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
12742.   dows\dom.js
12743. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12744.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
12745.   dows\dom.js.vvv
12746.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
12747.  MD5:  98385d24a0fddb82b87f4ef0075a0469
12748.  SHA1: 99ba4d9525597c2fca4cf0ee61ce8ebdbd15257c
12749.     828     2686
12750. File   
12751. Open
12752.    
12753. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12754.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
12755.   dows\loader.js
12756.     828     5598
12757. File   
12758. Close
12759.    
12760. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12761.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
12762.   dows\loader.js
12763.  MD5:  79fa248ac67599d30631214fbb93cf99
12764.  SHA1: f5057e306a2e5ccbe19b42e5b7a8d364bbf4ac54
12765.     828     6014
12766. File   
12767. Rename
12768.    
12769. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12770.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
12771.   dows\loader.js
12772. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12773.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
12774.   dows\loader.js.vvv
12775.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
12776.  MD5:  79fa248ac67599d30631214fbb93cf99
12777.  SHA1: f5057e306a2e5ccbe19b42e5b7a8d364bbf4ac54
12778.     828     6014
12779. File   
12780. Open
12781.    
12782. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12783.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
12784.   dows\observer.js
12785.     828     3435
12786. File   
12787. Close
12788.    
12789. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12790.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
12791.   dows\observer.js
12792.  MD5:  8509d8647dd74e2b4cfe8cde62c1739c
12793.  SHA1: 96c14d9644db24f38caae6cbb7189ea1dd63c438
12794.     828     3854
12795. File   
12796. Rename
12797.    
12798. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12799.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
12800.   dows\observer.js
12801. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12802.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
12803.   dows\observer.js.vvv
12804.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
12805.  MD5:  8509d8647dd74e2b4cfe8cde62c1739c
12806.  SHA1: 96c14d9644db24f38caae6cbb7189ea1dd63c438
12807.     828     3854
12808. File   
12809. Open
12810.    
12811. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12812.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
12813.   dows\tabs.js
12814.     828     7916
12815. File   
12816. Close
12817.    
12818. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12819.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
12820.   dows\tabs.js
12821.  MD5:  a4daca74cd7d76534fa19a01740bdabf
12822.  SHA1: a5c82b6a7c44367c75c7a462bbce562c0fa7b100
12823.     828     8334
12824. File   
12825. Rename
12826.    
12827. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12828.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
12829.   dows\tabs.js
12830. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12831.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\win
12832.   dows\tabs.js.vvv
12833.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
12834.  MD5:  a4daca74cd7d76534fa19a01740bdabf
12835.  SHA1: a5c82b6a7c44367c75c7a462bbce562c0fa7b100
12836.     828     8334
12837. File   
12838. Open
12839.    
12840. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12841.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\xhr
12842.   .js
12843.     828     6332
12844. File   
12845. Close
12846.    
12847. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12848.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\xhr
12849.   .js
12850.  MD5:  d5e9b7e35b206756d8493ea4483c10aa
12851.  SHA1: 667108f1a1e6d394be9a39c31b48812a524cd3d4
12852.     828     6750
12853. File   
12854. Rename
12855.    
12856. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12857.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\xhr
12858.   .js
12859. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12860.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\xhr
12861.   .js.vvv
12862.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
12863.  MD5:  d5e9b7e35b206756d8493ea4483c10aa
12864.  SHA1: 667108f1a1e6d394be9a39c31b48812a524cd3d4
12865.     828     6750
12866. File   
12867. Open
12868.    
12869. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12870.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\xpc
12871.   om.js
12872.     828     4999
12873. File   
12874. Close
12875.    
12876. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12877.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\xpc
12878.   om.js
12879.  MD5:  e246f99289d78ae90e84cc8984cf127d
12880.  SHA1: d95b5df7ad88342f9cb2823ed2ee8ff164972931
12881.     828     5422
12882. File   
12883. Rename
12884.    
12885. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12886.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\xpc
12887.   om.js
12888. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12889.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\xpc
12890.   om.js.vvv
12891.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
12892.  MD5:  e246f99289d78ae90e84cc8984cf127d
12893.  SHA1: d95b5df7ad88342f9cb2823ed2ee8ff164972931
12894.     828     5422
12895. File   
12896. Open
12897.    
12898. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12899.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\xul
12900.   -app.js
12901.     828     3654
12902. File   
12903. Close
12904.    
12905. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12906.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\xul
12907.   -app.js
12908.  MD5:  470d82ddbf2bdf088c60a2cd56e796f4
12909.  SHA1: 7a32c9b5f50396d2f34ff90e35ec0e2cf031a5b0
12910.     828     4078
12911. File   
12912. Rename
12913.    
12914. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12915.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\xul
12916.   -app.js
12917. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12918.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-api-utils-lib\xul
12919.   -app.js.vvv
12920.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
12921.  MD5:  470d82ddbf2bdf088c60a2cd56e796f4
12922.  SHA1: 7a32c9b5f50396d2f34ff90e35ec0e2cf031a5b0
12923.     828     4078
12924. File   
12925. Open
12926.    
12927. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12928.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-v1-0-lib\main.js
12929.     828     2014
12930. File   
12931. Close
12932.    
12933. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12934.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-v1-0-lib\main.js
12935.  MD5:  48bae592c5e1ce08666e4b0df39c0737
12936.  SHA1: 6343dd627d798166ef6f6465ea8c770433e54173
12937.     828     2430
12938. File   
12939. Rename
12940.    
12941. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12942.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-v1-0-lib\main.js
12943. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12944.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-v1-0-lib\main.js.
12945.   vvv
12946.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
12947.  MD5:  48bae592c5e1ce08666e4b0df39c0737
12948.  SHA1: 6343dd627d798166ef6f6465ea8c770433e54173
12949.     828     2430
12950. File   
12951. Open
12952.    
12953. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12954.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-v1-0-tests\test-m
12955.   ain.js
12956.     828     764
12957. File   
12958. Close
12959.    
12960. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12961.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-v1-0-tests\test-m
12962.   ain.js
12963.  MD5:  6c8c1a7412e6a31b778bd063faee6551
12964.  SHA1: 5586131e3184add98031b6285cd5de88e6596e2f
12965.     828     1182
12966. File   
12967. Rename
12968.    
12969. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12970.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-v1-0-tests\test-m
12971.   ain.js
12972. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12973.   extensions\jid1-YahAIqyhSHBWtQ@jetpack\resources\jid1-yahaiqyhshbwtq-at-jetpack-v1-0-tests\test-m
12974.   ain.js.vvv
12975.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
12976.  MD5:  6c8c1a7412e6a31b778bd063faee6551
12977.  SHA1: 5586131e3184add98031b6285cd5de88e6596e2f
12978.     828     1182
12979. File   
12980. Open
12981.    
12982. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12983.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\bootstrap.js
12984.     828     605
12985. File   
12986. Close
12987.    
12988. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12989.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\bootstrap.js
12990.  MD5:  2443a3762a580a1f9a36da81584ea7af
12991.  SHA1: ce10a9db25be2ad049ebc063c00a09c85fc9ef4d
12992.     828     1022
12993. File   
12994. Rename
12995.    
12996. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12997.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\bootstrap.js
12998. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
12999.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\bootstrap.js.vvv
13000.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
13001.  MD5:  2443a3762a580a1f9a36da81584ea7af
13002.  SHA1: ce10a9db25be2ad049ebc063c00a09c85fc9ef4d
13003.     828     1022
13004. File   
13005. Open
13006.    
13007. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
13008.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\components\inlinedisposition.js
13009.     828     3770
13010. File   
13011. Close
13012.    
13013. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
13014.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\components\inlinedisposition.js
13015.  MD5:  ac49eccbe0f9e6e47ea6df49e66d538d
13016.  SHA1: cfa4d0dba17bcf8599e64bdac70a2786f6d17ec0
13017.     828     4190
13018. File   
13019. Rename
13020.    
13021. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
13022.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\components\inlinedisposition.js
13023. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
13024.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\components\inlinedisposition.js.vvv
13025.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
13026.  MD5:  ac49eccbe0f9e6e47ea6df49e66d538d
13027.  SHA1: cfa4d0dba17bcf8599e64bdac70a2786f6d17ec0
13028.     828     4190
13029. File   
13030. Open
13031.    
13032. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
13033.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\license.txt
13034.     828     1442
13035. File   
13036. Close
13037.    
13038. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
13039.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\license.txt
13040.  MD5:  093473448a6634a6c639f0cf16c7cd64
13041.  SHA1: 18c1ff213d7758c51fc0ada1c0c8f0ce1f9b84a9
13042.     828     1870
13043. File   
13044. Rename
13045.    
13046. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
13047.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\license.txt
13048. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
13049.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\license.txt.vvv
13050.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
13051.  MD5:  093473448a6634a6c639f0cf16c7cd64
13052.  SHA1: 18c1ff213d7758c51fc0ada1c0c8f0ce1f9b84a9
13053.     828     1870
13054. File   
13055. Open
13056.    
13057. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
13058.   prefs.js
13059.     828     6344
13060. File   
13061. Close
13062.    
13063. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
13064.   prefs.js
13065.  MD5:  e404090c1363892b04bf48f0c47cffdf
13066.  SHA1: 3461590ada143a7cff399651b9a3329687be96e5
13067.     828     6766
13068. File   
13069. Rename
13070.    
13071. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
13072.   prefs.js
13073. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
13074.   prefs.js.vvv
13075.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
13076.  MD5:  e404090c1363892b04bf48f0c47cffdf
13077.  SHA1: 3461590ada143a7cff399651b9a3329687be96e5
13078.     828     6766
13079. File   
13080. Open
13081.    
13082. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
13083.   sessionstore.js
13084.     828     110
13085. File   
13086. Close
13087.    
13088. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
13089.   sessionstore.js
13090.  MD5:  b2b932950eec24e3e1d66b17293fceec
13091.  SHA1: 702ed1f5e7abbd325215282512963bb0bde27f0e
13092.     828     526
13093. File   
13094. Rename
13095.    
13096. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
13097.   sessionstore.js
13098. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
13099.   sessionstore.js.vvv
13100.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
13101.  MD5:  b2b932950eec24e3e1d66b17293fceec
13102.  SHA1: 702ed1f5e7abbd325215282512963bb0bde27f0e
13103.     828     526
13104. File   
13105. Open
13106.    
13107. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
13108.   signons2.txt
13109.     828     157
13110. File   
13111. Close
13112.    
13113. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
13114.   signons2.txt
13115.  MD5:  16f880df029212dc5b83869b7b89d07a
13116.  SHA1: 642095a1581aa5774062df3733909a9660885430
13117.     828     574
13118. File   
13119. Rename
13120.    
13121. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
13122.   signons2.txt
13123. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
13124.   signons2.txt.vvv
13125.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
13126.  MD5:  16f880df029212dc5b83869b7b89d07a
13127.  SHA1: 642095a1581aa5774062df3733909a9660885430
13128.     828     574
13129. File   
13130. Open
13131.    
13132. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
13133.   signons3.txt
13134.     828     157
13135. File   
13136. Close
13137.    
13138. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
13139.   signons3.txt
13140.  MD5:  16f880df029212dc5b83869b7b89d07a
13141.  SHA1: 642095a1581aa5774062df3733909a9660885430
13142.     828     574
13143. File   
13144. Rename
13145.    
13146. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
13147.   signons3.txt
13148. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\71fgjoc5.kl7wec5z.default\
13149.   signons3.txt.vvv
13150.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
13151.  MD5:  16f880df029212dc5b83869b7b89d07a
13152.  SHA1: 642095a1581aa5774062df3733909a9660885430
13153.     828     574
13154. File   
13155. Open
13156.    
13157. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
13158.   chrome\userChrome-example.css
13159.     828     959
13160. File   
13161. Close
13162.    
13163. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
13164.   chrome\userChrome-example.css
13165.  MD5:  341aae03c744a20377452e79d7c87667
13166.  SHA1: c865e98865ad5231f3b8b5f2eb58bcaec584dfb1
13167.     828     1374
13168. File   
13169. Rename
13170.    
13171. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
13172.   chrome\userChrome-example.css
13173. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
13174.   chrome\userChrome-example.css.vvv
13175.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
13176.  MD5:  341aae03c744a20377452e79d7c87667
13177.  SHA1: c865e98865ad5231f3b8b5f2eb58bcaec584dfb1
13178.     828     1374
13179. File   
13180. Open
13181.    
13182. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
13183.   chrome\userContent-example.css
13184.     828     663
13185. File   
13186. Close
13187.    
13188. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
13189.   chrome\userContent-example.css
13190.  MD5:  4412dd836af158506651794457294c39
13191.  SHA1: 7f8ed59567e6c93b8cf2758f957d11db2004dfca
13192.     828     1086
13193. File   
13194. Rename
13195.    
13196. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
13197.   chrome\userContent-example.css
13198. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
13199.   chrome\userContent-example.css.vvv
13200.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
13201.  MD5:  4412dd836af158506651794457294c39
13202.  SHA1: 7f8ed59567e6c93b8cf2758f957d11db2004dfca
13203.     828     1086
13204. File   
13205. Open
13206.    
13207. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
13208.   cookies.txt
13209.     828     157
13210. File   
13211. Close
13212.    
13213. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
13214.   cookies.txt
13215.  MD5:  16f880df029212dc5b83869b7b89d07a
13216.  SHA1: 642095a1581aa5774062df3733909a9660885430
13217.     828     574
13218. File   
13219. Rename
13220.    
13221. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
13222.   cookies.txt
13223. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
13224.   cookies.txt.vvv
13225.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
13226.  MD5:  16f880df029212dc5b83869b7b89d07a
13227.  SHA1: 642095a1581aa5774062df3733909a9660885430
13228.     828     574
13229. File   
13230. Open
13231.    
13232. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
13233.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\bootstrap.js
13234.     828     605
13235. File   
13236. Close
13237.    
13238. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
13239.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\bootstrap.js
13240.  MD5:  2443a3762a580a1f9a36da81584ea7af
13241.  SHA1: ce10a9db25be2ad049ebc063c00a09c85fc9ef4d
13242.     828     1022
13243. File   
13244. Rename
13245.    
13246. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
13247.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\bootstrap.js
13248. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
13249.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\bootstrap.js.vvv
13250.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
13251.  MD5:  2443a3762a580a1f9a36da81584ea7af
13252.  SHA1: ce10a9db25be2ad049ebc063c00a09c85fc9ef4d
13253.     828     1022
13254. File   
13255. Open
13256.    
13257. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
13258.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\components\inlinedisposition.js
13259.     828     3770
13260. File   
13261. Close
13262.    
13263. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
13264.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\components\inlinedisposition.js
13265.  MD5:  ac49eccbe0f9e6e47ea6df49e66d538d
13266.  SHA1: cfa4d0dba17bcf8599e64bdac70a2786f6d17ec0
13267.     828     4190
13268. File   
13269. Rename
13270.    
13271. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
13272.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\components\inlinedisposition.js
13273. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
13274.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\components\inlinedisposition.js.vvv
13275.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
13276.  MD5:  ac49eccbe0f9e6e47ea6df49e66d538d
13277.  SHA1: cfa4d0dba17bcf8599e64bdac70a2786f6d17ec0
13278.     828     4190
13279. File   
13280. Open
13281.    
13282. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
13283.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\license.txt
13284.     828     1442
13285. File   
13286. Close
13287.    
13288. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
13289.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\license.txt
13290.  MD5:  093473448a6634a6c639f0cf16c7cd64
13291.  SHA1: 18c1ff213d7758c51fc0ada1c0c8f0ce1f9b84a9
13292.     828     1870
13293. File   
13294. Rename
13295.    
13296. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
13297.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\license.txt
13298. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
13299.   extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}\license.txt.vvv
13300.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
13301.  MD5:  093473448a6634a6c639f0cf16c7cd64
13302.  SHA1: 18c1ff213d7758c51fc0ada1c0c8f0ce1f9b84a9
13303.     828     1870
13304. File   
13305. Open
13306.    
13307. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
13308.   prefs.js
13309.     828     3672
13310. File   
13311. Close
13312.    
13313. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
13314.   prefs.js
13315.  MD5:  5190d668ef412e2ab68d8f3fac8d5c42
13316.  SHA1: f0c32ef5cfdeeb306dcaab1587590f8cb548ec42
13317.     828     4094
13318. File   
13319. Rename
13320.    
13321. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
13322.   prefs.js
13323. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
13324.   prefs.js.vvv
13325.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
13326.  MD5:  5190d668ef412e2ab68d8f3fac8d5c42
13327.  SHA1: f0c32ef5cfdeeb306dcaab1587590f8cb548ec42
13328.     828     4094
13329. File   
13330. Open
13331.    
13332. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
13333.   signons2.txt
13334.     828     157
13335. File   
13336. Close
13337.    
13338. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
13339.   signons2.txt
13340.  MD5:  16f880df029212dc5b83869b7b89d07a
13341.  SHA1: 642095a1581aa5774062df3733909a9660885430
13342.     828     574
13343. File   
13344. Rename
13345.    
13346. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
13347.   signons2.txt
13348. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
13349.   signons2.txt.vvv
13350.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
13351.  MD5:  16f880df029212dc5b83869b7b89d07a
13352.  SHA1: 642095a1581aa5774062df3733909a9660885430
13353.     828     574
13354. File   
13355. Open
13356.    
13357. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
13358.   signons3.txt
13359.     828     157
13360. File   
13361. Close
13362.    
13363. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
13364.   signons3.txt
13365.  MD5:  16f880df029212dc5b83869b7b89d07a
13366.  SHA1: 642095a1581aa5774062df3733909a9660885430
13367.     828     574
13368. File   
13369. Rename
13370.    
13371. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
13372.   signons3.txt
13373. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\me5po3fs.5zf4ji1b.default\
13374.   signons3.txt.vvv
13375.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
13376.  MD5:  16f880df029212dc5b83869b7b89d07a
13377.  SHA1: 642095a1581aa5774062df3733909a9660885430
13378.     828     574
13379. File   
13380. Open
13381.    
13382. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\pmy9ej3o.526frdyw.default\
13383.   cookies.txt
13384.     828     157
13385. File   
13386. Close
13387.    
13388. C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\pmy9ej3o.526frdyw.default\
13389.   cookies.txt
13390.  MD5:  16f880df029212dc5b83869b7b89d07a
13391.  SHA1: 642095a1581aa5774062df3733909a9660885430
13392.     828     574
13393. File   
13394. Rename
13395.    
13396. Old Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\pmy9ej3o.526frdyw.default\
13397.   cookies.txt
13398. New Name:   C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\pmy9ej3o.526frdyw.default\
13399.   cookies.txt.vvv
13400.  Imagepath:  C:\Documents and Settings\admin\Application Data\ignmy-a.exe
13401.  MD5:  16f880df029212dc5b83869b7b89d07a
13402.  SHA1: 642095a1581aa5774062df3733909a9660885430
13403.     828     574
13404. 38 Repeated items skipped
13405. Malicious  Alert   
13406. High Repeated Sleep Calls
13407.    
13408. Message:   High repeated sleep calls    Detail:   High repeated number of sleep calls  
13409.              
13410. 23 Repeated items skipped
13411. High  Cpu  
13412.    
13413.  Imagepath:  C:\Documents and Settings\admin\Local Settings\Temp\73.exe
13414.     1240         
13415. Malicious  Alert   
13416. Suspicious  Persistance  Activity
13417.    
13418. Message:   New file in AppData added to Run regkey    Detail:   Process drops a file in AppData then adds to Run regkey  
13419.              
13420. Malicious  Alert   
13421. Generic  Anomalous  Activity
13422.    
13423. Message:   Process Opening explorer    Detail:   Process Opening Explorer  
13424.              
13425. Malicious  Alert   
13426. Misc  Anom
13427.    
13428. Message:   Process Open with Root process deleted    Detail:   Process deleting itself  
13429.              
13430. Malicious  Alert   
13431. Suspicious  Persistance  Activity
13432.    
13433. Message:   Startup services added for file    Detail:   Process adding itself (non-DLL) to windows startup areas for file  
13434.              
13435. Malicious  Alert   
13436. Data  Theft  Activity
13437.    
13438. Message:   Firefox FTP password theft    Detail:   Process stealing FTP password via registry  
13439.              
13440. Malicious  Alert   
13441. Misc  Anom
13442.    
13443. Message:   Infostealer detected    Detail:   Infostealer detected    
13444.  
13445.  
13446. https://www.hybrid-analysis.com/sample/b43eb03c3df9db7399d108a19101f8541c4e905c20cd634927796c02da6fbc16?environmentId=4 – opexxx on Dec. 3, 2015, 4:10 a.m.
13447. http://www.threatexpert.com/report.aspx?md5=446071be407efeb4e0d7c83bb504774a – opexxx on Dec. 3, 2015, 4:15 a.m.
13448. https://malwr.com/analysis/MTUxMmM0MGRmOWIyNDY2ZmFkNmZmM2RhMmFiYjEzMzA/ – opexxx on Dec. 3, 2015, 4:18 a.m.
13449. https://sandbox.deepviz.com/report/rk/a1b274443a5774dd92559735dff0cfa7d99f086f4e9a4f165d8336e253bb2dba48527f13a0933a8e78d6452b95413427e505e8a9e0db80b218a01a165d232938/ – opexxx on Dec. 3, 2015, 4:18 a.m.
13450. http://pedump.me/446071be407efeb4e0d7c83bb504774a/ – opexxx on Dec. 3, 2015, 4:20 a.m.
13451. http://whitelist.kaspersky.com/advisor#search/446071BE407EFEB4E0D7C83BB504774A – opexxx on Dec. 3, 2015, 4:23 a.m.
13452. https://malwr.com/analysis/MTUxMmM0MGRmOWIyNDY2ZmFkNmZmM2RhMmFiYjEzMzA/