Public Pastes
daily pastebin goal
76%
SHARE
TWEET

Corepack Virus file list.

Evonos Jul 7th, 2018 131 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?xml version="1.0"?>
  2.  
  3. -<process parentpath="Windows operating system" isVirtualized="true" restrictionLevel="Unrestricted" recognizer="{1391C678-0C17-46EA-90D3-585168C5B38E}" recognizer_descr="" recognized_name="Generic.Trojan@128" detected="true" trusted="false" hashCrc32="2139294783" sha1="E8EB9C36C1F327326D71F900FA793579A7F1782F" createtime="2018-07-08T01:55:47.372Z" cmdline="" path="F:\Redist\Redist.exe" pid="2780">
  4.  
  5.  
  6. -<activities>
  7.  
  8. <activity cmdline="" path="C:\Windows\SysWOW64\cmd.exe" type="CreateProcess" id="1" timestamp="2018-07-08T01:56:31.135Z"/>
  9.  
  10. <activity cmdline="" path="C:\Windows\SysWOW64\cmd.exe" type="CreateProcess" id="1" timestamp="2018-07-08T01:55:59.098Z"/>
  11.  
  12. <activity cmdline="" path="C:\Windows\SysWOW64\cmd.exe" type="CreateProcess" id="1" timestamp="2018-07-08T01:55:55.563Z"/>
  13.  
  14. <activity path="c:\god.txt" type="FindFirstFileFailed" id="51" timestamp="2018-07-08T01:56:02.256Z" pattern=""/>
  15.  
  16. <activity path="c:\debug.txt" type="FindFirstFileFailed" id="52" timestamp="2018-07-08T01:56:02.256Z" pattern=""/>
  17.  
  18. <activity path="c:\god.txt" type="FindFirstFileFailed" id="53" timestamp="2018-07-08T01:56:02.320Z" pattern=""/>
  19.  
  20. <activity path="c:\debug.txt" type="FindFirstFileFailed" id="54" timestamp="2018-07-08T01:56:02.320Z" pattern=""/>
  21.  
  22. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="55" timestamp="2018-07-08T01:56:02.320Z" pattern=""/>
  23.  
  24. <activity type="KernelObject" id="56" timestamp="2018-07-08T01:56:02.320Z" objectType="Section" isCreate="true" name="\KnownDlls32\iertutil.dll"/>
  25.  
  26. <activity type="KernelObject" id="58" timestamp="2018-07-08T01:56:02.442Z" objectType="Event" isCreate="true" name="\SECURITY\LSA_AUTHENTICATION_INITIALIZED!BOX_6"/>
  27.  
  28. <activity type="KernelObject" id="59" timestamp="2018-07-08T01:56:02.442Z" objectType="Event" isCreate="true" name="\SECURITY\LSA_AUTHENTICATION_INITIALIZED"/>
  29.  
  30. <activity type="KernelObject" id="60" timestamp="2018-07-08T01:56:02.826Z" objectType="Section" isCreate="true" name="\Sessions\1\BaseNamedObjects\Global\__ComCatalogCache__"/>
  31.  
  32. <activity type="KernelObject" id="61" timestamp="2018-07-08T01:56:02.826Z" objectType="Section" isCreate="true" name="\BaseNamedObjects\__ComCatalogCache__!BOX_6"/>
  33.  
  34. <activity type="KernelObject" id="62" timestamp="2018-07-08T01:56:02.826Z" objectType="Section" isCreate="true" name="\KnownDlls32\clbcatq.dll"/>
  35.  
  36. <activity type="KernelObject" id="64" timestamp="2018-07-08T01:56:02.864Z" objectType="Event" isCreate="true" name="\KernelObjects\MaximumCommitCondition"/>
  37.  
  38. <activity type="KernelObject" id="67" timestamp="2018-07-08T01:56:03.006Z" objectType="Port" isCreate="true" name="\RPC Control\OLE4D8AD315904BD1D3C4E951C94794"/>
  39.  
  40. <activity type="KernelObject" id="68" timestamp="2018-07-08T01:56:03.006Z" objectType="Event" isCreate="true" name="\Sessions\1\BaseNamedObjects\MSFT.VSA.COM.DISABLE.2780!BOX_6"/>
  41.  
  42. <activity type="KernelObject" id="69" timestamp="2018-07-08T01:56:03.006Z" objectType="Event" isCreate="true" name="\Sessions\1\BaseNamedObjects\MSFT.VSA.COM.DISABLE.2780"/>
  43.  
  44. <activity type="KernelObject" id="70" timestamp="2018-07-08T01:56:03.006Z" objectType="Event" isCreate="true" name="\Sessions\1\BaseNamedObjects\MSFT.VSA.IEC.STATUS.6c736db0!BOX_6"/>
  45.  
  46. <activity type="KernelObject" id="71" timestamp="2018-07-08T01:56:03.006Z" objectType="Event" isCreate="true" name="\Sessions\1\BaseNamedObjects\MSFT.VSA.IEC.STATUS.6c736db0"/>
  47.  
  48. <activity type="KernelObject" id="72" timestamp="2018-07-08T01:56:09.018Z" objectType="Section" isCreate="true" name="\KnownDlls32\ondemandconnroutehelper.dll"/>
  49.  
  50. <activity type="KernelObject" id="74" timestamp="2018-07-08T01:56:09.018Z" objectType="Section" isCreate="true" name="\KnownDlls32\IPHLPAPI.DLL"/>
  51.  
  52. <activity type="KernelObject" id="76" timestamp="2018-07-08T01:56:09.018Z" objectType="Section" isCreate="true" name="\KnownDlls32\winhttp.dll"/>
  53.  
  54. <activity path="\Device\CdRom1\Redist\Redist.exe" pid="2780" type="OpenProcess" id="78" timestamp="2018-07-08T01:56:09.074Z"/>
  55.  
  56. <activity type="KernelObject" id="80" timestamp="2018-07-08T01:56:09.116Z" objectType="Section" isCreate="true" name="\KnownDlls32\mswsock.dll"/>
  57.  
  58. <activity type="KernelObject" id="82" timestamp="2018-07-08T01:56:09.116Z" objectType="Section" isCreate="true" name="\KnownDlls32\WINNSI.DLL"/>
  59.  
  60. <activity type="KernelObject" id="84" timestamp="2018-07-08T01:56:09.131Z" objectType="Section" isCreate="true" name="\KnownDlls32\NSI.dll"/>
  61.  
  62. <activity type="KernelObject" id="86" timestamp="2018-07-08T01:56:09.131Z" objectType="Event" isCreate="true" name="\Sessions\1\BaseNamedObjects\Global\SvcctrlStartEvent_A3752DX!BOX_6"/>
  63.  
  64. <activity type="KernelObject" id="87" timestamp="2018-07-08T01:56:09.131Z" objectType="Event" isCreate="true" name="\Sessions\1\BaseNamedObjects\Global\SvcctrlStartEvent_A3752DX"/>
  65.  
  66. <activity type="KernelObject" id="90" timestamp="2018-07-08T01:56:09.563Z" objectType="Section" isCreate="true" name="\Sessions\1\BaseNamedObjects\Global\F932B6C7-3A20-46A0-B8A0-8894AA421973"/>
  67.  
  68. <activity type="KernelObject" id="91" timestamp="2018-07-08T01:56:09.563Z" objectType="Section" isCreate="true" name="\BaseNamedObjects\F932B6C7-3A20-46A0-B8A0-8894AA421973!BOX_6"/>
  69.  
  70. <activity type="KernelObject" id="98" timestamp="2018-07-08T01:56:09.717Z" objectType="Section" isCreate="true" name="\KnownDlls32\urlmon.dll"/>
  71.  
  72. <activity type="KernelObject" id="100" timestamp="2018-07-08T01:56:09.717Z" objectType="Section" isCreate="true" name="\Sessions\1\BaseNamedObjects\Local\UrlZonesSM_test"/>
  73.  
  74. <activity type="KernelObject" id="101" timestamp="2018-07-08T01:56:09.717Z" objectType="Section" isCreate="true" name="\Sessions\1\BaseNamedObjects\UrlZonesSM_test!BOX_6"/>
  75.  
  76. <activity type="KernelObject" id="102" timestamp="2018-07-08T01:56:09.717Z" objectType="Mutex" isCreate="true" name="\Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex!BOX_6"/>
  77.  
  78. <activity type="KernelObject" id="103" timestamp="2018-07-08T01:56:09.734Z" objectType="Mutex" isCreate="true" name="\Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex!BOX_6"/>
  79.  
  80. <activity type="KernelObject" id="112" timestamp="2018-07-08T01:56:09.927Z" objectType="Section" isCreate="true" name="\KnownDlls32\DNSAPI.dll"/>
  81.  
  82. <activity type="DnsQuery" id="114" timestamp="2018-07-08T01:56:10.018Z" etherType="IPv4" ipAdr="0.0.0.0" domainName="h1.ripway.com"/>
  83.  
  84. <activity type="KernelObject" id="116" timestamp="2018-07-08T01:56:10.127Z" objectType="Section" isCreate="true" name="\KnownDlls32\rasadhlp.dll"/>
  85.  
  86. <activity type="KernelObject" id="118" timestamp="2018-07-08T01:56:10.266Z" objectType="Section" isCreate="true" name="\KnownDlls32\fwpuclnt.dll"/>
  87.  
  88. <activity type="KernelObject" id="120" timestamp="2018-07-08T01:56:10.298Z" objectType="Section" isCreate="true" name="\KnownDlls32\bcrypt.dll"/>
  89.  
  90. <activity type="UrlRequest" id="122" timestamp="2018-07-08T01:56:10.378Z" action="0" request="199.59.242.150"/>
  91.  
  92. <activity dir="OUT" type="NetworkPackage" id="123" timestamp="2018-07-08T01:56:10.503Z" data="474554202F617364623030302F73657474696E672E696E6920485454502F312E310D0A557365722D4167656E743A204175746F49740D0A486F73743A2068312E7269707761792E636F6D0D0A43616368652D436F6E74726F6C3A206E6F2D63616368650D0A0D" size="102"/>
  93.  
  94. <activity type="UrlRequest" id="124" timestamp="2018-07-08T01:56:10.503Z" action="0" request="h1.ripway.com"/>
  95.  
  96. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="125" timestamp="2018-07-08T01:56:10.753Z" pattern=""/>
  97.  
  98. <activity type="DnsQuery" id="138" timestamp="2018-07-08T01:56:10.766Z" etherType="IPv4" ipAdr="0.0.0.0" domainName="www.balu000.0catch.com"/>
  99.  
  100. <activity type="UrlRequest" id="140" timestamp="2018-07-08T01:56:11.163Z" action="0" request="141.8.230.97"/>
  101.  
  102. <activity dir="OUT" type="NetworkPackage" id="141" timestamp="2018-07-08T01:56:11.358Z" data="474554202F7365742F73657474696E672E696E6920485454502F312E310D0A557365722D4167656E743A204175746F49740D0A486F73743A207777772E62616C753030302E3063617463682E636F6D0D0A43616368652D436F6E74726F6C3A206E6F2D63616368650D0A0D" size="107"/>
  103.  
  104. <activity type="UrlRequest" id="142" timestamp="2018-07-08T01:56:11.358Z" action="0" request="www.balu000.0catch.com"/>
  105.  
  106. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="143" timestamp="2018-07-08T01:56:11.573Z" pattern=""/>
  107.  
  108. <activity type="UrlRequest" id="156" timestamp="2018-07-08T01:56:11.573Z" action="0" request="199.59.242.150"/>
  109.  
  110. <activity dir="OUT" type="NetworkPackage" id="157" timestamp="2018-07-08T01:56:11.716Z" data="474554202F617364623030322F73657474696E672E696E6920485454502F312E310D0A557365722D4167656E743A204175746F49740D0A486F73743A2068312E7269707761792E636F6D0D0A43616368652D436F6E74726F6C3A206E6F2D63616368650D0A0D" size="102"/>
  111.  
  112. <activity type="UrlRequest" id="158" timestamp="2018-07-08T01:56:11.716Z" action="0" request="h1.ripway.com"/>
  113.  
  114. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="159" timestamp="2018-07-08T01:56:11.824Z" pattern=""/>
  115.  
  116. <activity type="DnsQuery" id="172" timestamp="2018-07-08T01:56:11.855Z" etherType="IPv4" ipAdr="0.0.0.0" domainName="www.balu001.0catch.com"/>
  117.  
  118. <activity type="UrlRequest" id="174" timestamp="2018-07-08T01:56:12.241Z" action="0" request="141.8.230.97"/>
  119.  
  120. <activity dir="OUT" type="NetworkPackage" id="175" timestamp="2018-07-08T01:56:12.430Z" data="474554202F7365742F73657474696E672E696E6920485454502F312E310D0A557365722D4167656E743A204175746F49740D0A486F73743A207777772E62616C753030312E3063617463682E636F6D0D0A43616368652D436F6E74726F6C3A206E6F2D63616368650D0A0D" size="107"/>
  121.  
  122. <activity type="UrlRequest" id="176" timestamp="2018-07-08T01:56:12.430Z" action="0" request="www.balu001.0catch.com"/>
  123.  
  124. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="177" timestamp="2018-07-08T01:56:12.662Z" pattern=""/>
  125.  
  126. <activity type="UrlRequest" id="190" timestamp="2018-07-08T01:56:12.662Z" action="0" request="199.59.242.150"/>
  127.  
  128. <activity dir="OUT" type="NetworkPackage" id="191" timestamp="2018-07-08T01:56:12.786Z" data="474554202F617364623030342F73657474696E672E696E6920485454502F312E310D0A557365722D4167656E743A204175746F49740D0A486F73743A2068312E7269707761792E636F6D0D0A43616368652D436F6E74726F6C3A206E6F2D63616368650D0A0D" size="102"/>
  129.  
  130. <activity type="UrlRequest" id="192" timestamp="2018-07-08T01:56:12.786Z" action="0" request="h1.ripway.com"/>
  131.  
  132. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="193" timestamp="2018-07-08T01:56:12.933Z" pattern=""/>
  133.  
  134. <activity type="DnsQuery" id="206" timestamp="2018-07-08T01:56:12.933Z" etherType="IPv4" ipAdr="0.0.0.0" domainName="www.balu002.0catch.com"/>
  135.  
  136. <activity type="UrlRequest" id="208" timestamp="2018-07-08T01:56:13.360Z" action="0" request="141.8.230.97"/>
  137.  
  138. <activity dir="OUT" type="NetworkPackage" id="209" timestamp="2018-07-08T01:56:13.525Z" data="474554202F7365742F73657474696E672E696E6920485454502F312E310D0A557365722D4167656E743A204175746F49740D0A486F73743A207777772E62616C753030322E3063617463682E636F6D0D0A43616368652D436F6E74726F6C3A206E6F2D63616368650D0A0D" size="107"/>
  139.  
  140. <activity type="UrlRequest" id="210" timestamp="2018-07-08T01:56:13.525Z" action="0" request="www.balu002.0catch.com"/>
  141.  
  142. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="211" timestamp="2018-07-08T01:56:13.752Z" pattern=""/>
  143.  
  144. <activity type="UrlRequest" id="224" timestamp="2018-07-08T01:56:13.752Z" action="0" request="199.59.242.150"/>
  145.  
  146. <activity dir="OUT" type="NetworkPackage" id="225" timestamp="2018-07-08T01:56:13.886Z" data="474554202F617364623030362F73657474696E672E696E6920485454502F312E310D0A557365722D4167656E743A204175746F49740D0A486F73743A2068312E7269707761792E636F6D0D0A43616368652D436F6E74726F6C3A206E6F2D63616368650D0A0D" size="102"/>
  147.  
  148. <activity type="UrlRequest" id="226" timestamp="2018-07-08T01:56:13.886Z" action="0" request="h1.ripway.com"/>
  149.  
  150. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="227" timestamp="2018-07-08T01:56:14.008Z" pattern=""/>
  151.  
  152. <activity type="DnsQuery" id="240" timestamp="2018-07-08T01:56:14.023Z" etherType="IPv4" ipAdr="0.0.0.0" domainName="www.balu003.0catch.com"/>
  153.  
  154. <activity type="UrlRequest" id="242" timestamp="2018-07-08T01:56:14.208Z" action="0" request="141.8.230.97"/>
  155.  
  156. <activity dir="OUT" type="NetworkPackage" id="243" timestamp="2018-07-08T01:56:14.394Z" data="474554202F7365742F73657474696E672E696E6920485454502F312E310D0A557365722D4167656E743A204175746F49740D0A486F73743A207777772E62616C753030332E3063617463682E636F6D0D0A43616368652D436F6E74726F6C3A206E6F2D63616368650D0A0D" size="107"/>
  157.  
  158. <activity type="UrlRequest" id="244" timestamp="2018-07-08T01:56:14.394Z" action="0" request="www.balu003.0catch.com"/>
  159.  
  160. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="245" timestamp="2018-07-08T01:56:14.589Z" pattern=""/>
  161.  
  162. <activity type="UrlRequest" id="260" timestamp="2018-07-08T01:56:14.589Z" action="0" request="199.59.242.150"/>
  163.  
  164. <activity dir="OUT" type="NetworkPackage" id="261" timestamp="2018-07-08T01:56:14.730Z" data="474554202F617364623030382F73657474696E672E696E6920485454502F312E310D0A557365722D4167656E743A204175746F49740D0A486F73743A2068312E7269707761792E636F6D0D0A43616368652D436F6E74726F6C3A206E6F2D63616368650D0A0D" size="102"/>
  165.  
  166. <activity type="UrlRequest" id="262" timestamp="2018-07-08T01:56:14.730Z" action="0" request="h1.ripway.com"/>
  167.  
  168. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="263" timestamp="2018-07-08T01:56:14.868Z" pattern=""/>
  169.  
  170. <activity type="DnsQuery" id="276" timestamp="2018-07-08T01:56:14.880Z" etherType="IPv4" ipAdr="0.0.0.0" domainName="www.balu004.0catch.com"/>
  171.  
  172. <activity type="UrlRequest" id="278" timestamp="2018-07-08T01:56:15.282Z" action="0" request="141.8.230.97"/>
  173.  
  174. <activity dir="OUT" type="NetworkPackage" id="279" timestamp="2018-07-08T01:56:15.477Z" data="474554202F7365742F73657474696E672E696E6920485454502F312E310D0A557365722D4167656E743A204175746F49740D0A486F73743A207777772E62616C753030342E3063617463682E636F6D0D0A43616368652D436F6E74726F6C3A206E6F2D63616368650D0A0D" size="107"/>
  175.  
  176. <activity type="UrlRequest" id="280" timestamp="2018-07-08T01:56:15.477Z" action="0" request="www.balu004.0catch.com"/>
  177.  
  178. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="281" timestamp="2018-07-08T01:56:15.668Z" pattern=""/>
  179.  
  180. <activity type="UrlRequest" id="294" timestamp="2018-07-08T01:56:15.668Z" action="0" request="199.59.242.150"/>
  181.  
  182. <activity dir="OUT" type="NetworkPackage" id="295" timestamp="2018-07-08T01:56:15.818Z" data="474554202F617364623031302F73657474696E672E696E6920485454502F312E310D0A557365722D4167656E743A204175746F49740D0A486F73743A2068312E7269707761792E636F6D0D0A43616368652D436F6E74726F6C3A206E6F2D63616368650D0A0D" size="102"/>
  183.  
  184. <activity type="UrlRequest" id="296" timestamp="2018-07-08T01:56:15.818Z" action="0" request="h1.ripway.com"/>
  185.  
  186. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="297" timestamp="2018-07-08T01:56:15.954Z" pattern=""/>
  187.  
  188. <activity type="DnsQuery" id="310" timestamp="2018-07-08T01:56:15.954Z" etherType="IPv4" ipAdr="0.0.0.0" domainName="www.balu005.0catch.com"/>
  189.  
  190. <activity type="UrlRequest" id="312" timestamp="2018-07-08T01:56:16.174Z" action="0" request="141.8.230.97"/>
  191.  
  192. <activity dir="OUT" type="NetworkPackage" id="313" timestamp="2018-07-08T01:56:16.372Z" data="474554202F7365742F73657474696E672E696E6920485454502F312E310D0A557365722D4167656E743A204175746F49740D0A486F73743A207777772E62616C753030352E3063617463682E636F6D0D0A43616368652D436F6E74726F6C3A206E6F2D63616368650D0A0D" size="107"/>
  193.  
  194. <activity type="UrlRequest" id="314" timestamp="2018-07-08T01:56:16.372Z" action="0" request="www.balu005.0catch.com"/>
  195.  
  196. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="315" timestamp="2018-07-08T01:56:16.558Z" pattern=""/>
  197.  
  198. <activity type="UrlRequest" id="328" timestamp="2018-07-08T01:56:16.558Z" action="0" request="199.59.242.150"/>
  199.  
  200. <activity dir="OUT" type="NetworkPackage" id="329" timestamp="2018-07-08T01:56:16.675Z" data="474554202F617364623031322F73657474696E672E696E6920485454502F312E310D0A557365722D4167656E743A204175746F49740D0A486F73743A2068312E7269707761792E636F6D0D0A43616368652D436F6E74726F6C3A206E6F2D63616368650D0A0D" size="102"/>
  201.  
  202. <activity type="UrlRequest" id="330" timestamp="2018-07-08T01:56:16.675Z" action="0" request="h1.ripway.com"/>
  203.  
  204. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="331" timestamp="2018-07-08T01:56:16.831Z" pattern=""/>
  205.  
  206. <activity type="DnsQuery" id="344" timestamp="2018-07-08T01:56:16.831Z" etherType="IPv4" ipAdr="0.0.0.0" domainName="www.balu006.0catch.com"/>
  207.  
  208. <activity type="UrlRequest" id="346" timestamp="2018-07-08T01:56:17.049Z" action="0" request="141.8.230.97"/>
  209.  
  210. <activity dir="OUT" type="NetworkPackage" id="347" timestamp="2018-07-08T01:56:17.260Z" data="474554202F7365742F73657474696E672E696E6920485454502F312E310D0A557365722D4167656E743A204175746F49740D0A486F73743A207777772E62616C753030362E3063617463682E636F6D0D0A43616368652D436F6E74726F6C3A206E6F2D63616368650D0A0D" size="107"/>
  211.  
  212. <activity type="UrlRequest" id="348" timestamp="2018-07-08T01:56:17.260Z" action="0" request="www.balu006.0catch.com"/>
  213.  
  214. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="349" timestamp="2018-07-08T01:56:17.450Z" pattern=""/>
  215.  
  216. <activity type="UrlRequest" id="362" timestamp="2018-07-08T01:56:17.474Z" action="0" request="199.59.242.150"/>
  217.  
  218. <activity dir="OUT" type="NetworkPackage" id="363" timestamp="2018-07-08T01:56:17.591Z" data="474554202F617364623031342F73657474696E672E696E6920485454502F312E310D0A557365722D4167656E743A204175746F49740D0A486F73743A2068312E7269707761792E636F6D0D0A43616368652D436F6E74726F6C3A206E6F2D63616368650D0A0D" size="102"/>
  219.  
  220. <activity type="UrlRequest" id="364" timestamp="2018-07-08T01:56:17.591Z" action="0" request="h1.ripway.com"/>
  221.  
  222. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="365" timestamp="2018-07-08T01:56:17.730Z" pattern=""/>
  223.  
  224. <activity type="DnsQuery" id="378" timestamp="2018-07-08T01:56:17.730Z" etherType="IPv4" ipAdr="0.0.0.0" domainName="www.balu007.0catch.com"/>
  225.  
  226. <activity type="UrlRequest" id="380" timestamp="2018-07-08T01:56:18.002Z" action="0" request="141.8.230.97"/>
  227.  
  228. <activity dir="OUT" type="NetworkPackage" id="381" timestamp="2018-07-08T01:56:18.203Z" data="474554202F7365742F73657474696E672E696E6920485454502F312E310D0A557365722D4167656E743A204175746F49740D0A486F73743A207777772E62616C753030372E3063617463682E636F6D0D0A43616368652D436F6E74726F6C3A206E6F2D63616368650D0A0D" size="107"/>
  229.  
  230. <activity type="UrlRequest" id="382" timestamp="2018-07-08T01:56:18.203Z" action="0" request="www.balu007.0catch.com"/>
  231.  
  232. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="383" timestamp="2018-07-08T01:56:18.400Z" pattern=""/>
  233.  
  234. <activity type="UrlRequest" id="396" timestamp="2018-07-08T01:56:18.400Z" action="0" request="199.59.242.150"/>
  235.  
  236. <activity dir="OUT" type="NetworkPackage" id="397" timestamp="2018-07-08T01:56:18.534Z" data="474554202F617364623031362F73657474696E672E696E6920485454502F312E310D0A557365722D4167656E743A204175746F49740D0A486F73743A2068312E7269707761792E636F6D0D0A43616368652D436F6E74726F6C3A206E6F2D63616368650D0A0D" size="102"/>
  237.  
  238. <activity type="UrlRequest" id="398" timestamp="2018-07-08T01:56:18.534Z" action="0" request="h1.ripway.com"/>
  239.  
  240. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="399" timestamp="2018-07-08T01:56:18.664Z" pattern=""/>
  241.  
  242. <activity type="DnsQuery" id="412" timestamp="2018-07-08T01:56:18.664Z" etherType="IPv4" ipAdr="0.0.0.0" domainName="www.balu008.0catch.com"/>
  243.  
  244. <activity type="UrlRequest" id="414" timestamp="2018-07-08T01:56:18.684Z" action="0" request="141.8.230.97"/>
  245.  
  246. <activity dir="OUT" type="NetworkPackage" id="415" timestamp="2018-07-08T01:56:18.868Z" data="474554202F7365742F73657474696E672E696E6920485454502F312E310D0A557365722D4167656E743A204175746F49740D0A486F73743A207777772E62616C753030382E3063617463682E636F6D0D0A43616368652D436F6E74726F6C3A206E6F2D63616368650D0A0D" size="107"/>
  247.  
  248. <activity type="UrlRequest" id="416" timestamp="2018-07-08T01:56:18.868Z" action="0" request="www.balu008.0catch.com"/>
  249.  
  250. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="417" timestamp="2018-07-08T01:56:19.071Z" pattern=""/>
  251.  
  252. <activity path="C:\Users\test\Desktop\autorun.ini" type="CreateFile" id="420" timestamp="2018-07-08T01:56:02.256Z"/>
  253.  
  254. <activity path="C:\Users\test\Desktop\autorun.ini" type="ModifyFile" id="421" timestamp="2018-07-08T01:56:02.256Z"/>
  255.  
  256. <activity path="C:\Users\test\Desktop\autorun.ini" type="AttributesFile" id="424" timestamp="2018-07-08T01:56:02.320Z" newAttr="000000A7" oldAttr="00000020"/>
  257.  
  258. <activity path="C:\Windows\SysWOW64\iertutil.dll" type="LoadImageFile" id="426" timestamp="2018-07-08T01:56:02.320Z"/>
  259.  
  260. <activity type="UrlRequest" id="430" timestamp="2018-07-08T01:56:19.071Z" action="0" request="199.59.242.150"/>
  261.  
  262. <activity dir="OUT" type="NetworkPackage" id="431" timestamp="2018-07-08T01:56:19.218Z" data="474554202F617364623031382F73657474696E672E696E6920485454502F312E310D0A557365722D4167656E743A204175746F49740D0A486F73743A2068312E7269707761792E636F6D0D0A43616368652D436F6E74726F6C3A206E6F2D63616368650D0A0D" size="102"/>
  263.  
  264. <activity type="UrlRequest" id="432" timestamp="2018-07-08T01:56:19.218Z" action="0" request="h1.ripway.com"/>
  265.  
  266. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="433" timestamp="2018-07-08T01:56:19.348Z" pattern=""/>
  267.  
  268. <activity type="DnsQuery" id="448" timestamp="2018-07-08T01:56:19.348Z" etherType="IPv4" ipAdr="0.0.0.0" domainName="www.balu009.0catch.com"/>
  269.  
  270. <activity type="UrlRequest" id="450" timestamp="2018-07-08T01:56:19.370Z" action="0" request="141.8.230.97"/>
  271.  
  272. <activity dir="OUT" type="NetworkPackage" id="451" timestamp="2018-07-08T01:56:19.565Z" data="474554202F7365742F73657474696E672E696E6920485454502F312E310D0A557365722D4167656E743A204175746F49740D0A486F73743A207777772E62616C753030392E3063617463682E636F6D0D0A43616368652D436F6E74726F6C3A206E6F2D63616368650D0A0D" size="107"/>
  273.  
  274. <activity type="UrlRequest" id="452" timestamp="2018-07-08T01:56:19.565Z" action="0" request="www.balu009.0catch.com"/>
  275.  
  276. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="453" timestamp="2018-07-08T01:56:19.759Z" pattern=""/>
  277.  
  278. <activity type="UrlRequest" id="466" timestamp="2018-07-08T01:56:19.759Z" action="0" request="199.59.242.150"/>
  279.  
  280. <activity type="UrlRequest" id="467" timestamp="2018-07-08T01:56:19.894Z" action="0" request="h1.ripway.com"/>
  281.  
  282. <activity path="C:\Windows\SysWOW64\OnDemandConnRouteHelper.dll" type="LoadImageFile" id="467" timestamp="2018-07-08T01:56:09.018Z"/>
  283.  
  284. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="468" timestamp="2018-07-08T01:56:20.034Z" pattern=""/>
  285.  
  286. <activity path="C:\Windows\SysWOW64\IPHLPAPI.DLL" type="LoadImageFile" id="468" timestamp="2018-07-08T01:56:09.018Z"/>
  287.  
  288. <activity path="C:\Windows\SysWOW64\winhttp.dll" type="LoadImageFile" id="469" timestamp="2018-07-08T01:56:09.018Z"/>
  289.  
  290. <activity path="C:\Windows\SysWOW64\mswsock.dll" type="LoadImageFile" id="470" timestamp="2018-07-08T01:56:09.095Z"/>
  291.  
  292. <activity path="C:\Windows\SysWOW64\winnsi.dll" type="LoadImageFile" id="473" timestamp="2018-07-08T01:56:09.131Z"/>
  293.  
  294. <activity path="C:\Windows\SysWOW64\urlmon.dll" type="LoadImageFile" id="474" timestamp="2018-07-08T01:56:09.717Z"/>
  295.  
  296. <activity type="DnsQuery" id="481" timestamp="2018-07-08T01:56:20.034Z" etherType="IPv4" ipAdr="0.0.0.0" domainName="www.balu010.0catch.com"/>
  297.  
  298. <activity type="UrlRequest" id="483" timestamp="2018-07-08T01:56:20.034Z" action="0" request="141.8.230.97"/>
  299.  
  300. <activity type="UrlRequest" id="484" timestamp="2018-07-08T01:56:20.235Z" action="0" request="www.balu010.0catch.com"/>
  301.  
  302. <activity path="C:\Windows\SysWOW64\dnsapi.dll" type="LoadImageFile" id="484" timestamp="2018-07-08T01:56:09.927Z"/>
  303.  
  304. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="485" timestamp="2018-07-08T01:56:20.438Z" pattern=""/>
  305.  
  306. <activity path="C:\Windows\SysWOW64\rasadhlp.dll" type="LoadImageFile" id="485" timestamp="2018-07-08T01:56:10.104Z"/>
  307.  
  308. <activity path="C:\Windows\SysWOW64\FWPUCLNT.DLL" type="LoadImageFile" id="488" timestamp="2018-07-08T01:56:10.245Z"/>
  309.  
  310. <activity path="C:\Windows\SysWOW64\bcrypt.dll" type="LoadImageFile" id="491" timestamp="2018-07-08T01:56:10.298Z"/>
  311.  
  312. <activity path="C:\Windows\SysWOW64\de-DE\mswsock.dll.mui" type="LoadImageFile" id="492" timestamp="2018-07-08T01:56:10.361Z"/>
  313.  
  314. <activity path="C:\Windows\SysWOW64\wshqos.dll" type="LoadImageFile" id="493" timestamp="2018-07-08T01:56:10.361Z"/>
  315.  
  316. <activity path="C:\Windows\SysWOW64\de-DE\wshqos.dll.mui" type="LoadImageFile" id="494" timestamp="2018-07-08T01:56:10.361Z"/>
  317.  
  318. <activity type="UrlRequest" id="498" timestamp="2018-07-08T01:56:20.438Z" action="0" request="199.59.242.150"/>
  319.  
  320. <activity type="UrlRequest" id="499" timestamp="2018-07-08T01:56:20.583Z" action="0" request="h1.ripway.com"/>
  321.  
  322. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="500" timestamp="2018-07-08T01:56:20.714Z" pattern=""/>
  323.  
  324. <activity type="SetValueKey" id="501" timestamp="2018-07-08T01:56:10.618Z" regValData="" regValType="REG_SZ" regValName="CachePrefix" regKey="S-1-5-21-453016989-2104760686-205888670-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content"/>
  325.  
  326. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="CreateFile" id="504" timestamp="2018-07-08T01:56:10.753Z"/>
  327.  
  328. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="DeleteFile" id="505" timestamp="2018-07-08T01:56:10.753Z"/>
  329.  
  330. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="CreateFile" id="506" timestamp="2018-07-08T01:56:11.824Z"/>
  331.  
  332. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="DeleteFile" id="507" timestamp="2018-07-08T01:56:11.824Z"/>
  333.  
  334. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="CreateFile" id="508" timestamp="2018-07-08T01:56:12.933Z"/>
  335.  
  336. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="DeleteFile" id="509" timestamp="2018-07-08T01:56:12.933Z"/>
  337.  
  338. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="CreateFile" id="510" timestamp="2018-07-08T01:56:14.008Z"/>
  339.  
  340. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="DeleteFile" id="511" timestamp="2018-07-08T01:56:14.008Z"/>
  341.  
  342. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="CreateFile" id="512" timestamp="2018-07-08T01:56:14.868Z"/>
  343.  
  344. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="DeleteFile" id="513" timestamp="2018-07-08T01:56:14.868Z"/>
  345.  
  346. <activity type="DnsQuery" id="513" timestamp="2018-07-08T01:56:20.714Z" etherType="IPv4" ipAdr="0.0.0.0" domainName="www.balu011.0catch.com"/>
  347.  
  348. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="CreateFile" id="514" timestamp="2018-07-08T01:56:15.954Z"/>
  349.  
  350. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="DeleteFile" id="515" timestamp="2018-07-08T01:56:15.954Z"/>
  351.  
  352. <activity type="UrlRequest" id="515" timestamp="2018-07-08T01:56:21.117Z" action="0" request="141.8.230.97"/>
  353.  
  354. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="CreateFile" id="516" timestamp="2018-07-08T01:56:16.831Z"/>
  355.  
  356. <activity type="UrlRequest" id="516" timestamp="2018-07-08T01:56:21.312Z" action="0" request="www.balu011.0catch.com"/>
  357.  
  358. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="DeleteFile" id="517" timestamp="2018-07-08T01:56:16.831Z"/>
  359.  
  360. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="517" timestamp="2018-07-08T01:56:21.500Z" pattern=""/>
  361.  
  362. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="CreateFile" id="518" timestamp="2018-07-08T01:56:17.730Z"/>
  363.  
  364. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="DeleteFile" id="519" timestamp="2018-07-08T01:56:17.730Z"/>
  365.  
  366. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="CreateFile" id="520" timestamp="2018-07-08T01:56:18.664Z"/>
  367.  
  368. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="DeleteFile" id="521" timestamp="2018-07-08T01:56:18.664Z"/>
  369.  
  370. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="CreateFile" id="522" timestamp="2018-07-08T01:56:19.348Z"/>
  371.  
  372. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="DeleteFile" id="523" timestamp="2018-07-08T01:56:19.348Z"/>
  373.  
  374. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="CreateFile" id="524" timestamp="2018-07-08T01:56:20.034Z"/>
  375.  
  376. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="DeleteFile" id="525" timestamp="2018-07-08T01:56:20.034Z"/>
  377.  
  378. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="CreateFile" id="526" timestamp="2018-07-08T01:56:20.714Z"/>
  379.  
  380. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="DeleteFile" id="527" timestamp="2018-07-08T01:56:20.714Z"/>
  381.  
  382. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="CreateFile" id="528" timestamp="2018-07-08T01:56:21.777Z"/>
  383.  
  384. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="DeleteFile" id="529" timestamp="2018-07-08T01:56:21.777Z"/>
  385.  
  386. <activity type="UrlRequest" id="530" timestamp="2018-07-08T01:56:21.500Z" action="0" request="199.59.242.150"/>
  387.  
  388. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="CreateFile" id="530" timestamp="2018-07-08T01:56:22.397Z"/>
  389.  
  390. <activity type="UrlRequest" id="531" timestamp="2018-07-08T01:56:21.641Z" action="0" request="h1.ripway.com"/>
  391.  
  392. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="DeleteFile" id="531" timestamp="2018-07-08T01:56:22.397Z"/>
  393.  
  394. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="532" timestamp="2018-07-08T01:56:21.777Z" pattern=""/>
  395.  
  396. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="CreateFile" id="532" timestamp="2018-07-08T01:56:23.175Z"/>
  397.  
  398. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="DeleteFile" id="533" timestamp="2018-07-08T01:56:23.175Z"/>
  399.  
  400. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="CreateFile" id="534" timestamp="2018-07-08T01:56:24.164Z"/>
  401.  
  402. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="DeleteFile" id="535" timestamp="2018-07-08T01:56:24.164Z"/>
  403.  
  404. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="CreateFile" id="536" timestamp="2018-07-08T01:56:24.765Z"/>
  405.  
  406. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="DeleteFile" id="537" timestamp="2018-07-08T01:56:24.765Z"/>
  407.  
  408. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="CreateFile" id="538" timestamp="2018-07-08T01:56:25.597Z"/>
  409.  
  410. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="DeleteFile" id="539" timestamp="2018-07-08T01:56:25.597Z"/>
  411.  
  412. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="CreateFile" id="540" timestamp="2018-07-08T01:56:26.202Z"/>
  413.  
  414. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="DeleteFile" id="541" timestamp="2018-07-08T01:56:26.202Z"/>
  415.  
  416. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="CreateFile" id="542" timestamp="2018-07-08T01:56:26.837Z"/>
  417.  
  418. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="DeleteFile" id="543" timestamp="2018-07-08T01:56:26.837Z"/>
  419.  
  420. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="CreateFile" id="544" timestamp="2018-07-08T01:56:27.461Z"/>
  421.  
  422. <activity type="DnsQuery" id="545" timestamp="2018-07-08T01:56:21.777Z" etherType="IPv4" ipAdr="0.0.0.0" domainName="www.balu012.0catch.com"/>
  423.  
  424. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="DeleteFile" id="545" timestamp="2018-07-08T01:56:27.461Z"/>
  425.  
  426. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="CreateFile" id="546" timestamp="2018-07-08T01:56:28.261Z"/>
  427.  
  428. <activity type="UrlRequest" id="547" timestamp="2018-07-08T01:56:21.803Z" action="0" request="141.8.230.97"/>
  429.  
  430. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="DeleteFile" id="547" timestamp="2018-07-08T01:56:28.261Z"/>
  431.  
  432. <activity type="UrlRequest" id="548" timestamp="2018-07-08T01:56:21.979Z" action="0" request="www.balu012.0catch.com"/>
  433.  
  434. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="CreateFile" id="548" timestamp="2018-07-08T01:56:29.088Z"/>
  435.  
  436. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="549" timestamp="2018-07-08T01:56:22.140Z" pattern=""/>
  437.  
  438. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="DeleteFile" id="549" timestamp="2018-07-08T01:56:29.088Z"/>
  439.  
  440. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="CreateFile" id="550" timestamp="2018-07-08T01:56:29.697Z"/>
  441.  
  442. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="DeleteFile" id="551" timestamp="2018-07-08T01:56:29.697Z"/>
  443.  
  444. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="CreateFile" id="552" timestamp="2018-07-08T01:56:30.313Z"/>
  445.  
  446. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="DeleteFile" id="553" timestamp="2018-07-08T01:56:30.313Z"/>
  447.  
  448. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="CreateFile" id="554" timestamp="2018-07-08T01:56:31.119Z"/>
  449.  
  450. <activity path="C:\Users\test\AppData\Local\Microsoft\Windows\INetCache\IE\CPIHARVY\setting[1].htm" type="DeleteFile" id="555" timestamp="2018-07-08T01:56:31.119Z"/>
  451.  
  452. <activity type="UrlRequest" id="562" timestamp="2018-07-08T01:56:22.140Z" action="0" request="199.59.242.150"/>
  453.  
  454. <activity type="UrlRequest" id="563" timestamp="2018-07-08T01:56:22.261Z" action="0" request="h1.ripway.com"/>
  455.  
  456. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="564" timestamp="2018-07-08T01:56:22.397Z" pattern=""/>
  457.  
  458. <activity type="DnsQuery" id="577" timestamp="2018-07-08T01:56:22.397Z" etherType="IPv4" ipAdr="0.0.0.0" domainName="www.balu013.0catch.com"/>
  459.  
  460. <activity type="UrlRequest" id="579" timestamp="2018-07-08T01:56:22.574Z" action="0" request="141.8.230.97"/>
  461.  
  462. <activity type="UrlRequest" id="580" timestamp="2018-07-08T01:56:22.757Z" action="0" request="www.balu013.0catch.com"/>
  463.  
  464. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="581" timestamp="2018-07-08T01:56:22.939Z" pattern=""/>
  465.  
  466. <activity type="UrlRequest" id="594" timestamp="2018-07-08T01:56:22.939Z" action="0" request="199.59.242.150"/>
  467.  
  468. <activity type="UrlRequest" id="595" timestamp="2018-07-08T01:56:23.059Z" action="0" request="h1.ripway.com"/>
  469.  
  470. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="596" timestamp="2018-07-08T01:56:23.175Z" pattern=""/>
  471.  
  472. <activity type="DnsQuery" id="609" timestamp="2018-07-08T01:56:23.175Z" etherType="IPv4" ipAdr="0.0.0.0" domainName="www.balu014.0catch.com"/>
  473.  
  474. <activity path="C:\Windows\SysWOW64\de-DE\KernelBase.dll.mui" type="LoadImageFile" id="611" timestamp="2018-07-08T01:56:37.595Z"/>
  475.  
  476. <activity type="UrlRequest" id="611" timestamp="2018-07-08T01:56:23.558Z" action="0" request="141.8.230.97"/>
  477.  
  478. <activity type="CreateKey" id="612" timestamp="2018-07-08T01:56:37.595Z" regKey="\Registry\User\S-1-5-21-453016989-2104760686-205888670-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares"/>
  479.  
  480. <activity type="UrlRequest" id="612" timestamp="2018-07-08T01:56:23.741Z" action="0" request="www.balu014.0catch.com"/>
  481.  
  482. <activity type="SetValueKey" id="613" timestamp="2018-07-08T01:56:37.595Z" regValData="\New Folder.exe" regValType="REG_SZ" regValName="shared" regKey="S-1-5-21-453016989-2104760686-205888670-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares"/>
  483.  
  484. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="613" timestamp="2018-07-08T01:56:23.922Z" pattern=""/>
  485.  
  486. <activity type="UrlRequest" id="628" timestamp="2018-07-08T01:56:23.922Z" action="0" request="199.59.242.150"/>
  487.  
  488. <activity type="UrlRequest" id="629" timestamp="2018-07-08T01:56:24.045Z" action="0" request="h1.ripway.com"/>
  489.  
  490. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="630" timestamp="2018-07-08T01:56:24.164Z" pattern=""/>
  491.  
  492. <activity type="DnsQuery" id="643" timestamp="2018-07-08T01:56:24.164Z" etherType="IPv4" ipAdr="0.0.0.0" domainName="www.balu015.0catch.com"/>
  493.  
  494. <activity type="UrlRequest" id="645" timestamp="2018-07-08T01:56:24.180Z" action="0" request="141.8.230.97"/>
  495.  
  496. <activity type="UrlRequest" id="646" timestamp="2018-07-08T01:56:24.340Z" action="0" request="www.balu015.0catch.com"/>
  497.  
  498. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="647" timestamp="2018-07-08T01:56:24.539Z" pattern=""/>
  499.  
  500. <activity type="UrlRequest" id="660" timestamp="2018-07-08T01:56:24.539Z" action="0" request="199.59.242.150"/>
  501.  
  502. <activity type="UrlRequest" id="661" timestamp="2018-07-08T01:56:24.655Z" action="0" request="h1.ripway.com"/>
  503.  
  504. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="662" timestamp="2018-07-08T01:56:24.765Z" pattern=""/>
  505.  
  506. <activity type="DnsQuery" id="675" timestamp="2018-07-08T01:56:24.783Z" etherType="IPv4" ipAdr="0.0.0.0" domainName="www.balu016.0catch.com"/>
  507.  
  508. <activity type="UrlRequest" id="677" timestamp="2018-07-08T01:56:24.987Z" action="0" request="141.8.230.97"/>
  509.  
  510. <activity type="UrlRequest" id="678" timestamp="2018-07-08T01:56:25.166Z" action="0" request="www.balu016.0catch.com"/>
  511.  
  512. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="679" timestamp="2018-07-08T01:56:25.340Z" pattern=""/>
  513.  
  514. <activity type="UrlRequest" id="692" timestamp="2018-07-08T01:56:25.354Z" action="0" request="199.59.242.150"/>
  515.  
  516. <activity type="UrlRequest" id="693" timestamp="2018-07-08T01:56:25.462Z" action="0" request="h1.ripway.com"/>
  517.  
  518. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="694" timestamp="2018-07-08T01:56:25.597Z" pattern=""/>
  519.  
  520. <activity type="DnsQuery" id="707" timestamp="2018-07-08T01:56:25.597Z" etherType="IPv4" ipAdr="0.0.0.0" domainName="www.balu017.0catch.com"/>
  521.  
  522. <activity type="UrlRequest" id="709" timestamp="2018-07-08T01:56:25.597Z" action="0" request="141.8.230.97"/>
  523.  
  524. <activity type="UrlRequest" id="710" timestamp="2018-07-08T01:56:25.794Z" action="0" request="www.balu017.0catch.com"/>
  525.  
  526. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="711" timestamp="2018-07-08T01:56:25.967Z" pattern=""/>
  527.  
  528. <activity type="UrlRequest" id="724" timestamp="2018-07-08T01:56:25.967Z" action="0" request="199.59.242.150"/>
  529.  
  530. <activity type="UrlRequest" id="725" timestamp="2018-07-08T01:56:26.083Z" action="0" request="h1.ripway.com"/>
  531.  
  532. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="726" timestamp="2018-07-08T01:56:26.212Z" pattern=""/>
  533.  
  534. <activity type="DnsQuery" id="739" timestamp="2018-07-08T01:56:26.212Z" etherType="IPv4" ipAdr="0.0.0.0" domainName="www.balu018.0catch.com"/>
  535.  
  536. <activity type="UrlRequest" id="741" timestamp="2018-07-08T01:56:26.221Z" action="0" request="141.8.230.97"/>
  537.  
  538. <activity type="UrlRequest" id="742" timestamp="2018-07-08T01:56:26.409Z" action="0" request="www.balu018.0catch.com"/>
  539.  
  540. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="743" timestamp="2018-07-08T01:56:26.591Z" pattern=""/>
  541.  
  542. <activity type="UrlRequest" id="756" timestamp="2018-07-08T01:56:26.608Z" action="0" request="199.59.242.150"/>
  543.  
  544. <activity type="UrlRequest" id="757" timestamp="2018-07-08T01:56:26.715Z" action="0" request="h1.ripway.com"/>
  545.  
  546. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="758" timestamp="2018-07-08T01:56:26.837Z" pattern=""/>
  547.  
  548. <activity type="DnsQuery" id="771" timestamp="2018-07-08T01:56:26.849Z" etherType="IPv4" ipAdr="0.0.0.0" domainName="www.balu019.0catch.com"/>
  549.  
  550. <activity type="UrlRequest" id="773" timestamp="2018-07-08T01:56:26.863Z" action="0" request="141.8.230.97"/>
  551.  
  552. <activity type="UrlRequest" id="774" timestamp="2018-07-08T01:56:27.045Z" action="0" request="www.balu019.0catch.com"/>
  553.  
  554. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="775" timestamp="2018-07-08T01:56:27.213Z" pattern=""/>
  555.  
  556. <activity type="UrlRequest" id="788" timestamp="2018-07-08T01:56:27.213Z" action="0" request="199.59.242.150"/>
  557.  
  558. <activity type="UrlRequest" id="789" timestamp="2018-07-08T01:56:27.330Z" action="0" request="h1.ripway.com"/>
  559.  
  560. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="790" timestamp="2018-07-08T01:56:27.461Z" pattern=""/>
  561.  
  562. <activity type="DnsQuery" id="803" timestamp="2018-07-08T01:56:27.461Z" etherType="IPv4" ipAdr="0.0.0.0" domainName="www.balu020.0catch.com"/>
  563.  
  564. <activity type="UrlRequest" id="805" timestamp="2018-07-08T01:56:27.666Z" action="0" request="141.8.230.97"/>
  565.  
  566. <activity type="UrlRequest" id="806" timestamp="2018-07-08T01:56:27.839Z" action="0" request="www.balu020.0catch.com"/>
  567.  
  568. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="807" timestamp="2018-07-08T01:56:27.993Z" pattern=""/>
  569.  
  570. <activity type="UrlRequest" id="822" timestamp="2018-07-08T01:56:28.025Z" action="0" request="199.59.242.150"/>
  571.  
  572. <activity type="UrlRequest" id="823" timestamp="2018-07-08T01:56:28.137Z" action="0" request="h1.ripway.com"/>
  573.  
  574. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="824" timestamp="2018-07-08T01:56:28.261Z" pattern=""/>
  575.  
  576. <activity type="DnsQuery" id="837" timestamp="2018-07-08T01:56:28.261Z" etherType="IPv4" ipAdr="0.0.0.0" domainName="www.balu021.0catch.com"/>
  577.  
  578. <activity type="UrlRequest" id="839" timestamp="2018-07-08T01:56:28.472Z" action="0" request="141.8.230.97"/>
  579.  
  580. <activity type="UrlRequest" id="840" timestamp="2018-07-08T01:56:28.658Z" action="0" request="www.balu021.0catch.com"/>
  581.  
  582. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="841" timestamp="2018-07-08T01:56:28.842Z" pattern=""/>
  583.  
  584. <activity type="UrlRequest" id="854" timestamp="2018-07-08T01:56:28.842Z" action="0" request="199.59.242.150"/>
  585.  
  586. <activity type="UrlRequest" id="855" timestamp="2018-07-08T01:56:28.965Z" action="0" request="h1.ripway.com"/>
  587.  
  588. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="856" timestamp="2018-07-08T01:56:29.088Z" pattern=""/>
  589.  
  590. <activity type="DnsQuery" id="869" timestamp="2018-07-08T01:56:29.088Z" etherType="IPv4" ipAdr="0.0.0.0" domainName="www.balu022.0catch.com"/>
  591.  
  592. <activity type="UrlRequest" id="871" timestamp="2018-07-08T01:56:29.100Z" action="0" request="141.8.230.97"/>
  593.  
  594. <activity type="UrlRequest" id="872" timestamp="2018-07-08T01:56:29.287Z" action="0" request="www.balu022.0catch.com"/>
  595.  
  596. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="873" timestamp="2018-07-08T01:56:29.453Z" pattern=""/>
  597.  
  598. <activity type="UrlRequest" id="886" timestamp="2018-07-08T01:56:29.453Z" action="0" request="199.59.242.150"/>
  599.  
  600. <activity type="UrlRequest" id="887" timestamp="2018-07-08T01:56:29.582Z" action="0" request="h1.ripway.com"/>
  601.  
  602. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="888" timestamp="2018-07-08T01:56:29.705Z" pattern=""/>
  603.  
  604. <activity type="DnsQuery" id="901" timestamp="2018-07-08T01:56:29.705Z" etherType="IPv4" ipAdr="0.0.0.0" domainName="www.balu023.0catch.com"/>
  605.  
  606. <activity type="UrlRequest" id="903" timestamp="2018-07-08T01:56:29.722Z" action="0" request="141.8.230.97"/>
  607.  
  608. <activity type="UrlRequest" id="904" timestamp="2018-07-08T01:56:29.900Z" action="0" request="www.balu023.0catch.com"/>
  609.  
  610. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="905" timestamp="2018-07-08T01:56:30.077Z" pattern=""/>
  611.  
  612. <activity type="UrlRequest" id="918" timestamp="2018-07-08T01:56:30.077Z" action="0" request="199.59.242.150"/>
  613.  
  614. <activity type="UrlRequest" id="919" timestamp="2018-07-08T01:56:30.189Z" action="0" request="h1.ripway.com"/>
  615.  
  616. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="920" timestamp="2018-07-08T01:56:30.313Z" pattern=""/>
  617.  
  618. <activity type="DnsQuery" id="933" timestamp="2018-07-08T01:56:30.313Z" etherType="IPv4" ipAdr="0.0.0.0" domainName="www.balu024.0catch.com"/>
  619.  
  620. <activity type="UrlRequest" id="935" timestamp="2018-07-08T01:56:30.519Z" action="0" request="141.8.230.97"/>
  621.  
  622. <activity type="UrlRequest" id="936" timestamp="2018-07-08T01:56:30.706Z" action="0" request="www.balu024.0catch.com"/>
  623.  
  624. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="937" timestamp="2018-07-08T01:56:30.872Z" pattern=""/>
  625.  
  626. <activity type="UrlRequest" id="950" timestamp="2018-07-08T01:56:30.890Z" action="0" request="199.59.242.150"/>
  627.  
  628. <activity type="UrlRequest" id="951" timestamp="2018-07-08T01:56:31.005Z" action="0" request="h1.ripway.com"/>
  629.  
  630. <activity path="C:\Users\test\Desktop\setting.ini" type="FindFirstFileFailed" id="952" timestamp="2018-07-08T01:56:31.119Z" pattern=""/>
  631.  
  632. <activity path="c:\god.txt" type="FindFirstFileFailed" id="961" timestamp="2018-07-08T01:56:31.119Z" pattern=""/>
  633.  
  634. <activity path="c:\debug.txt" type="FindFirstFileFailed" id="962" timestamp="2018-07-08T01:56:31.119Z" pattern=""/>
  635.  
  636. <activity path="c:\god.txt" type="FindFirstFileFailed" id="963" timestamp="2018-07-08T01:56:31.135Z" pattern=""/>
  637.  
  638. <activity path="c:\debug.txt" type="FindFirstFileFailed" id="964" timestamp="2018-07-08T01:56:31.135Z" pattern=""/>
  639.  
  640. <activity path="c:\god.txt" type="FindFirstFileFailed" id="965" timestamp="2018-07-08T01:56:31.135Z" pattern=""/>
  641.  
  642. <activity path="c:\debug.txt" type="FindFirstFileFailed" id="966" timestamp="2018-07-08T01:56:31.135Z" pattern=""/>
  643.  
  644. <activity path="C:\Windows\SysWOW64\cmd.exe" type="WriteProcessMemory" id="967" timestamp="2018-07-08T01:56:31.148Z" address="0x53d1e8"/>
  645.  
  646. <activity path="C:\Windows\SysWOW64\cmd.exe" pid="7912" type="OpenProcess" id="968" timestamp="2018-07-08T01:56:31.148Z"/>
  647.  
  648. <activity cmdline="C:\Windows\system32\cmd.exe /C cacls "C:\system volume information" /e /g "test":f" path="C:\Windows\system32\cmd.exe /C cacls "C:\system volume information" /e /g "test":f" type="CreateProcess" id="969" timestamp="2018-07-08T01:56:31.148Z" suspended="0"/>
  649.  
  650. <activity path="c:\god.txt" type="FindFirstFileFailed" id="970" timestamp="2018-07-08T01:56:33.886Z" pattern=""/>
  651.  
  652. <activity path="c:\debug.txt" type="FindFirstFileFailed" id="971" timestamp="2018-07-08T01:56:33.886Z" pattern=""/>
  653.  
  654. <activity path="c:\disk.txt" type="FindFirstFileFailed" id="972" timestamp="2018-07-08T01:56:35.254Z" pattern=""/>
  655.  
  656. <activity path="c:\god.txt" type="FindFirstFileFailed" id="973" timestamp="2018-07-08T01:56:35.254Z" pattern=""/>
  657.  
  658. <activity path="c:\debug.txt" type="FindFirstFileFailed" id="974" timestamp="2018-07-08T01:56:35.254Z" pattern=""/>
  659.  
  660. <activity path="d:\New Folder.exe" type="FindFirstFileFailed" id="975" timestamp="2018-07-08T01:56:35.254Z" pattern=""/>
  661.  
  662. <activity path="d:\system3_.exe" type="FindFirstFileFailed" id="976" timestamp="2018-07-08T01:56:35.303Z" pattern=""/>
  663.  
  664. <activity path="c:\disk.txt" type="FindFirstFileFailed" id="977" timestamp="2018-07-08T01:56:35.382Z" pattern=""/>
  665.  
  666. <activity path="d:\32Bit\32Bit.exe" type="FindFirstFileFailed" id="978" timestamp="2018-07-08T01:56:35.382Z" pattern=""/>
  667.  
  668. <activity path="c:\disk.txt" type="FindFirstFileFailed" id="979" timestamp="2018-07-08T01:56:35.382Z" pattern=""/>
  669.  
  670. <activity path="d:\64Bit\64Bit.exe" type="FindFirstFileFailed" id="980" timestamp="2018-07-08T01:56:35.446Z" pattern=""/>
  671.  
  672. <activity path="c:\disk.txt" type="FindFirstFileFailed" id="981" timestamp="2018-07-08T01:56:35.446Z" pattern=""/>
  673.  
  674. <activity path="d:\OS2\OS2.exe" type="FindFirstFileFailed" id="982" timestamp="2018-07-08T01:56:35.552Z" pattern=""/>
  675.  
  676. <activity path="c:\disk.txt" type="FindFirstFileFailed" id="983" timestamp="2018-07-08T01:56:35.552Z" pattern=""/>
  677.  
  678. <activity path="d:\cert\cert.exe" type="FindFirstFileFailed" id="984" timestamp="2018-07-08T01:56:36.194Z" pattern=""/>
  679.  
  680. <activity path="c:\disk.txt" type="FindFirstFileFailed" id="985" timestamp="2018-07-08T01:56:36.194Z" pattern=""/>
  681.  
  682. <activity path="e:\New Folder.exe" type="FindFirstFileFailed" id="986" timestamp="2018-07-08T01:56:36.345Z" pattern=""/>
  683.  
  684. <activity path="e:\system3_.exe" type="FindFirstFileFailed" id="987" timestamp="2018-07-08T01:56:36.387Z" pattern=""/>
  685.  
  686. <activity path="e:\autorun.inf" type="FindFirstFileFailed" id="988" timestamp="2018-07-08T01:56:36.413Z" pattern=""/>
  687.  
  688. <activity path="autorun.inf" type="FindFirstFileFailed" id="989" timestamp="2018-07-08T01:56:36.423Z" pattern=""/>
  689.  
  690. <activity path="c:\disk.txt" type="FindFirstFileFailed" id="990" timestamp="2018-07-08T01:56:36.476Z" pattern=""/>
  691.  
  692. <activity path="e:\HitmanPro 3.8.0 Build 295 64-bit Pre-Activated\HitmanPro 3.8.0 Build 295 64-bit Pre-Activated.exe" type="FindFirstFileFailed" id="991" timestamp="2018-07-08T01:56:36.639Z" pattern=""/>
  693.  
  694. <activity path="c:\disk.txt" type="FindFirstFileFailed" id="992" timestamp="2018-07-08T01:56:36.639Z" pattern=""/>
  695.  
  696. <activity path="e:\Scanner_Portable\Scanner_Portable.exe" type="FindFirstFileFailed" id="993" timestamp="2018-07-08T01:56:36.691Z" pattern=""/>
  697.  
  698. <activity path="c:\disk.txt" type="FindFirstFileFailed" id="994" timestamp="2018-07-08T01:56:36.691Z" pattern=""/>
  699.  
  700. <activity path="e:\Scanner_Portable\Cache\Cache.exe" type="FindFirstFileFailed" id="995" timestamp="2018-07-08T01:56:36.698Z" pattern=""/>
  701.  
  702. <activity path="c:\disk.txt" type="FindFirstFileFailed" id="996" timestamp="2018-07-08T01:56:36.698Z" pattern=""/>
  703.  
  704. <activity path="e:\Scanner_Portable\x64\x64.exe" type="FindFirstFileFailed" id="997" timestamp="2018-07-08T01:56:37.078Z" pattern=""/>
  705.  
  706. <activity path="c:\disk.txt" type="FindFirstFileFailed" id="998" timestamp="2018-07-08T01:56:37.078Z" pattern=""/>
  707.  
  708. <activity path="e:\Scanner_Portable\x86\x86.exe" type="FindFirstFileFailed" id="999" timestamp="2018-07-08T01:56:37.137Z" pattern=""/>
  709.  
  710. <activity path="c:\disk.txt" type="FindFirstFileFailed" id="1000" timestamp="2018-07-08T01:56:37.137Z" pattern=""/>
  711.  
  712. <activity path="f:\New Folder.exe" type="FindFirstFileFailed" id="1001" timestamp="2018-07-08T01:56:37.320Z" pattern=""/>
  713.  
  714. <activity path="f:\system3_.exe" type="FindFirstFileFailed" id="1002" timestamp="2018-07-08T01:56:37.345Z" pattern=""/>
  715.  
  716. <activity path="c:\disk.txt" type="FindFirstFileFailed" id="1003" timestamp="2018-07-08T01:56:37.396Z" pattern=""/>
  717.  
  718. <activity path="c:\god.txt" type="FindFirstFileFailed" id="1005" timestamp="2018-07-08T01:56:37.595Z" pattern=""/>
  719.  
  720. <activity path="c:\debug.txt" type="FindFirstFileFailed" id="1006" timestamp="2018-07-08T01:56:37.595Z" pattern=""/>
  721.  
  722. <activity path="c:\disk.txt" type="FindFirstFileFailed" id="1007" timestamp="2018-07-08T01:56:37.595Z" pattern=""/>
  723.  
  724. <activity path="c:\god.txt" type="FindFirstFileFailed" id="1008" timestamp="2018-07-08T01:56:37.595Z" pattern=""/>
  725.  
  726. <activity path="c:\disk.txt" type="FindFirstFileFailed" id="15538" timestamp="2018-07-08T01:59:04.523Z" pattern=""/>
  727.  
  728. <activity path="c:\god.txt" type="FindFirstFileFailed" id="15539" timestamp="2018-07-08T01:59:04.523Z" pattern=""/>
  729.  
  730. <activity path="c:\debug.txt" type="FindFirstFileFailed" id="15540" timestamp="2018-07-08T01:59:04.523Z" pattern=""/>
  731.  
  732. <activity path="c:\god.txt" type="FindFirstFileFailed" id="15541" timestamp="2018-07-08T01:59:04.523Z" pattern=""/>
  733.  
  734. </activities>
  735.  
  736. </process>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top