[code] HitmanPro 3.7.9.246 www.hitmanpro.com Computer name . . . . : SOMIKO-52BD6CF3 Windows . . . . . . . : 5.1.3.2600.X86/2 User name . . . . . . : SOMIKO-52BD6CF3\User License . . . . . . . : Paid (255 days left) Scan date . . . . . . : 2015-10-13 11:14:12 Scan mode . . . . . . : Normal Scan duration . . . . : 6m 37s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : Yes Threats . . . . . . . : 99 Traces . . . . . . . : 151 Objects scanned . . . : 453 794 Files scanned . . . . : 14 162 Remnants scanned . . : 104 151 files / 335 481 keys Malware _____________________________________________________________________ C:\Documents and Settings\User\Menu Start\Programy\Autostart\Empty.pif -> PendingDelete Size . . . . . . . : 42 687 bytes Age . . . . . . . : 555.7 days (2014-04-05 18:04:18) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 128.0 Startup C:\Documents and Settings\User\Menu Start\Programy\Autostart\Empty.pif References HKU\S-1-5-21-861567501-1957994488-299502267-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\User\Menu Start\Programy\Autostart\Empty.pif C:\Documents and Settings\User\Moje dokumenty\AGIS\Settings\Settings.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 543.8 days (2014-04-17 15:07:19) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 105.0 C:\Documents and Settings\User\Moje dokumenty\Compact Setup_Data\Compact Setup_Data.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 555.7 days (2014-04-05 18:09:52) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 105.0 C:\Documents and Settings\User\Moje dokumenty\DiegoG3 Data\DiegoG3 Data.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 555.7 days (2014-04-05 18:09:52) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 105.0 C:\Documents and Settings\User\Moje dokumenty\Downloads\2000_XP_VISTA_7_2008\2000_XP_VISTA_7_2008.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 555.7 days (2014-04-05 18:09:52) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 105.0 C:\Documents and Settings\User\Moje dokumenty\Downloads\2000_XP_VISTA_7_2008\amd64\amd64.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 555.7 days (2014-04-05 18:09:52) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 105.0 C:\Documents and Settings\User\Moje dokumenty\Downloads\2000_XP_VISTA_7_2008\i386\i386.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 555.7 days (2014-04-05 18:09:52) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 105.0 C:\Documents and Settings\User\Moje dokumenty\Downloads\Downloads.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 555.7 days (2014-04-05 18:09:52) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 105.0 C:\Documents and Settings\User\Moje dokumenty\Downloads\LPiDiagnosticTool_V-2_2_0_4\LPiDiagnosticTool_V-2_2_0_4.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 555.7 days (2014-04-05 18:09:52) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 105.0 C:\Documents and Settings\User\Moje dokumenty\LPGTECH\LPGTECH.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 346.9 days (2014-10-31 12:47:46) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 105.0 C:\Documents and Settings\User\Moje dokumenty\Moja muzyka\Moja muzyka.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 555.7 days (2014-04-05 18:09:53) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 105.0 C:\Documents and Settings\User\Moje dokumenty\Moje dokumenty.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 555.7 days (2014-04-05 18:09:52) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 105.0 C:\Documents and Settings\User\Moje dokumenty\Moje obrazy\Moje obrazy.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 555.7 days (2014-04-05 18:09:53) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 105.0 C:\Documents and Settings\User\Moje dokumenty\Moje wideo\Moje wideo.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 555.7 days (2014-04-05 18:09:53) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 105.0 C:\Documents and Settings\User\Moje dokumenty\MultipointInj\ConfigLPG\ConfigLPG.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 555.7 days (2014-04-05 18:09:53) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 105.0 C:\Documents and Settings\User\Moje dokumenty\MultipointInj\Documents\Documents.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 555.7 days (2014-04-05 18:09:53) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 105.0 C:\Documents and Settings\User\Moje dokumenty\MultipointInj\Firmware\Firmware.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 555.7 days (2014-04-05 18:09:53) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 105.0 C:\Documents and Settings\User\Moje dokumenty\MultipointInj\MultipointInj.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 555.7 days (2014-04-05 18:09:53) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 105.0 C:\Documents and Settings\User\Moje dokumenty\Pobieranie\Pobieranie.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 555.7 days (2014-04-05 18:09:53) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 105.0 C:\Documents and Settings\User\Moje dokumenty\Pobrane\Pobrane.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 410.6 days (2014-08-28 19:44:56) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 105.0 C:\Documents and Settings\User\Moje dokumenty\Sirocco Data\Sirocco Data.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 555.7 days (2014-04-05 18:09:53) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 105.0 C:\Documents and Settings\User\Moje dokumenty\Zenit PRO Setup_Data\Zenit PRO Setup_Data.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 555.7 days (2014-04-05 18:09:53) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 105.0 C:\Documents and Settings\User\Szablony\Brengkolang.com -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 555.7 days (2014-04-05 18:04:18) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 113.0 C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\csrss.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 555.7 days (2014-04-05 18:04:13) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 120.0 C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\inetinfo.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 555.7 days (2014-04-05 18:04:13) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 113.0 C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\lsass.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 555.7 days (2014-04-05 18:04:13) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 Running processes : 1796 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 126.0 C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\services.exe -> PendingDelete Size . . . . . . . : 42 687 bytes Age . . . . . . . : 555.7 days (2014-04-05 18:04:13) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 Running processes : 1588 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 126.0 C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\smss.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 555.7 days (2014-04-05 18:04:13) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 146.0 One or more antivirus vendors have indicated that the file is malicious. This file's reboot survivability is vigorously protected. This is typical to malware. Program is impersonating a common Windows system file. This is typical for malware. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Uses the Windows Registry to run each time the user logs on. Program contains PE structure anomalies. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. Startup HKU\S-1-5-21-861567501-1957994488-299502267-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Tok-Cirrhatus References HKU\S-1-5-21-861567501-1957994488-299502267-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\smss.exe C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\winlogon.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 1803.8 days (2010-11-04 16:52:17) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 Running processes : 792 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 126.0 C:\Program Files\COMPACT_1_51\BIN\compact.exe -> Quarantined Size . . . . . . . : 29 126 656 bytes Age . . . . . . . : 1202.9 days (2012-06-27 14:44:47) Entropy . . . . . : 0.9 SHA-256 . . . . . : D36B7E76E2F907FAFCB050CF6F9FFF1A30311187B140711E788E29812B2C0D0B Product . . . . . : Compact Publisher . . . . : Compact Version . . . . . : 1.51 LanguageID . . . . : 1033 > Kaspersky . . . . : HEUR:Trojan.Win32.Generic Fuzzy . . . . . . : 99.0 References C:\Documents and Settings\All Users\Menu Start\Programy\AGC SYSTEM 1.11\Software\COMPACT_1_51.lnk C:\Program Files\COMPACT_1_51\BIN\PrjCom.exe -> Quarantined Size . . . . . . . : 1 437 696 bytes Age . . . . . . . : 1202.9 days (2012-06-27 14:44:50) Entropy . . . . . : 3.2 SHA-256 . . . . . : 0D145C6E2889FE314534C6ECD2DBC0F4396E979D7665097FF487585EC6C338BE Product . . . . . : PrjCom Publisher . . . . : Autronic S.r.l. Version . . . . . : 1.00.0050 LanguageID . . . . : 1033 > G Data . . . . . . : Gen:Trojan.Heur.FU.xv0@aucuKsbi Fuzzy . . . . . . : 98.0 c:\PROGRA~1\WXDOWN~1\sprotector.dll -> Deleted Size . . . . . . . : 355 328 bytes Age . . . . . . . : 1104.6 days (2012-10-03 19:39:00) Entropy . . . . . : 8.0 SHA-256 . . . . . : 083BFD7DC73821B9B1D3E0F27F0596B7D9A02F532E5E168B3A3EFAEC72D46006 Product . . . . . : SProtector 1.66.1133 Description . . . : SProtector 1.66.1133 Version . . . . . : 1.66.1133 LanguageID . . . . : 1033 > G Data . . . . . . : Gen:Variant.Adware.BHO.Bprotector.1 > Bitdefender . . . : Gen:Variant.Adware.BHO.Bprotector.1 Fuzzy . . . . . . : 120.0 Startup HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329399.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 2.9 days (2015-10-10 13:22:29) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -5.7s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329396.ini -4.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329397.ini -3.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329398.ini 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329399.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329400.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329401.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329402.exe 0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329403.exe 0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329404.exe 5.8s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF760A.tmp 6.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329406.exe 6.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329407.com 6.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329408.scr 8.9s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF69BE.tmp 10.4s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF7EEF.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329400.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 2.9 days (2015-10-10 13:22:29) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -5.7s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329396.ini -5.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329397.ini -3.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329398.ini -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329399.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329400.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329401.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329402.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329403.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329404.exe 5.8s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF760A.tmp 6.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329406.exe 6.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329407.com 6.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329408.scr 8.9s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF69BE.tmp 10.3s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF7EEF.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329401.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 2.9 days (2015-10-10 13:22:29) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -5.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329396.ini -5.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329397.ini -4.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329398.ini -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329399.exe -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329400.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329401.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329402.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329403.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329404.exe 5.7s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF760A.tmp 6.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329406.exe 6.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329407.com 6.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329408.scr 8.8s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF69BE.tmp 10.3s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF7EEF.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329402.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 2.9 days (2015-10-10 13:22:29) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -5.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329396.ini -5.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329397.ini -4.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329398.ini -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329399.exe -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329400.exe -0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329401.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329402.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329403.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329404.exe 5.7s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF760A.tmp 6.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329406.exe 6.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329407.com 6.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329408.scr 8.8s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF69BE.tmp 10.3s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF7EEF.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329403.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 2.9 days (2015-10-10 13:22:29) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -5.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329396.ini -5.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329397.ini -4.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329398.ini -0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329399.exe -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329400.exe -0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329401.exe -0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329402.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329403.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329404.exe 5.7s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF760A.tmp 5.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329406.exe 6.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329407.com 6.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329408.scr 8.8s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF69BE.tmp 10.2s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF7EEF.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329404.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 2.9 days (2015-10-10 13:22:29) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -5.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329396.ini -5.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329397.ini -4.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329398.ini -0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329399.exe -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329400.exe -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329401.exe -0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329402.exe -0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329403.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329404.exe 5.7s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF760A.tmp 5.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329406.exe 6.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329407.com 6.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329408.scr 8.7s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF69BE.tmp 10.2s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF7EEF.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329406.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 2.9 days (2015-10-10 13:22:35) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -11.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329396.ini -11.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329397.ini -10.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329398.ini -6.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329399.exe -6.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329400.exe -6.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329401.exe -6.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329402.exe -5.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329403.exe -5.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329404.exe -0.3s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF760A.tmp 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329406.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329407.com 0.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329408.scr 2.8s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF69BE.tmp 4.3s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF7EEF.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329407.com -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 2.9 days (2015-10-10 13:22:35) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -11.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329396.ini -11.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329397.ini -10.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329398.ini -6.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329399.exe -6.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329400.exe -6.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329401.exe -6.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329402.exe -6.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329403.exe -6.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329404.exe -0.4s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF760A.tmp -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329406.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329407.com 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329408.scr 2.7s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF69BE.tmp 4.2s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF7EEF.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329408.scr -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 2.9 days (2015-10-10 13:22:35) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -12.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329396.ini -11.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329397.ini -10.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329398.ini -6.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329399.exe -6.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329400.exe -6.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329401.exe -6.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329402.exe -6.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329403.exe -6.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329404.exe -0.5s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF760A.tmp -0.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329406.exe -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329407.com 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329408.scr 2.6s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF69BE.tmp 4.0s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF7EEF.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329415.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 1.0 days (2015-10-12 11:27:17) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -5.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329412.ini -4.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329413.ini -3.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329414.ini 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329415.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329416.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329417.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329418.exe 0.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329419.exe 0.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329420.exe 4.3s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF2C99.tmp 4.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329422.com 4.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329423.scr 7.0s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF1233.tmp 7.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329424.exe 8.9s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6D4F.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329416.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 1.0 days (2015-10-12 11:27:17) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -5.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329412.ini -4.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329413.ini -3.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329414.ini -0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329415.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329416.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329417.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329418.exe 0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329419.exe 0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329420.exe 4.3s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF2C99.tmp 4.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329422.com 4.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329423.scr 7.0s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF1233.tmp 7.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329424.exe 8.9s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6D4F.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329417.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 1.0 days (2015-10-12 11:27:17) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -5.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329412.ini -4.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329413.ini -3.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329414.ini -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329415.exe -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329416.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329417.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329418.exe 0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329419.exe 0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329420.exe 4.2s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF2C99.tmp 4.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329422.com 4.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329423.scr 6.9s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF1233.tmp 7.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329424.exe 8.8s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6D4F.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329418.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 1.0 days (2015-10-12 11:27:17) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -5.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329412.ini -4.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329413.ini -3.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329414.ini -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329415.exe -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329416.exe -0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329417.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329418.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329419.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329420.exe 4.2s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF2C99.tmp 4.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329422.com 4.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329423.scr 6.9s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF1233.tmp 7.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329424.exe 8.8s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6D4F.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329419.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 1.0 days (2015-10-12 11:27:17) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -5.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329412.ini -4.7s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329413.ini -3.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329414.ini -0.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329415.exe -0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329416.exe -0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329417.exe -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329418.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329419.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329420.exe 4.0s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF2C99.tmp 4.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329422.com 4.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329423.scr 6.7s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF1233.tmp 7.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329424.exe 8.7s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6D4F.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329420.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 1.0 days (2015-10-12 11:27:17) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -5.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329412.ini -4.7s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329413.ini -3.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329414.ini -0.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329415.exe -0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329416.exe -0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329417.exe -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329418.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329419.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329420.exe 4.0s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF2C99.tmp 4.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329422.com 4.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329423.scr 6.7s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF1233.tmp 7.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329424.exe 8.7s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6D4F.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329422.com -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 1.0 days (2015-10-12 11:27:21) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -9.7s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329412.ini -9.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329413.ini -7.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329414.ini -4.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329415.exe -4.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329416.exe -4.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329417.exe -4.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329418.exe -4.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329419.exe -4.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329420.exe -0.3s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF2C99.tmp 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329422.com 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329423.scr 2.4s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF1233.tmp 2.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329424.exe 4.3s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6D4F.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329423.scr -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 1.0 days (2015-10-12 11:27:21) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -9.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329412.ini -9.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329413.ini -7.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329414.ini -4.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329415.exe -4.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329416.exe -4.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329417.exe -4.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329418.exe -4.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329419.exe -4.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329420.exe -0.3s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF2C99.tmp -0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329422.com 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329423.scr 2.4s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF1233.tmp 2.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329424.exe 4.3s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6D4F.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329424.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 1.0 days (2015-10-12 11:27:24) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -12.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329412.ini -11.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329413.ini -10.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329414.ini -7.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329415.exe -7.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329416.exe -7.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329417.exe -7.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329418.exe -7.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329419.exe -7.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329420.exe -3.2s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF2C99.tmp -2.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329422.com -2.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329423.scr -0.5s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF1233.tmp 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329424.exe 1.5s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6D4F.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329431.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 10:05:24) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -4.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329428.ini -3.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329429.ini -2.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329430.ini 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329431.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329432.exe 0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329433.exe 0.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329434.exe 0.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329435.exe 0.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329436.exe 5.2s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF701E.tmp 5.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329438.exe 5.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329439.com 5.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329440.scr 7.8s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5C97.tmp 9.1s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF682E.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329432.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 10:05:25) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -4.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329428.ini -3.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329429.ini -2.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329430.ini -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329431.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329432.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329433.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329434.exe 0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329435.exe 0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329436.exe 5.0s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF701E.tmp 5.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329438.exe 5.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329439.com 5.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329440.scr 7.7s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5C97.tmp 9.0s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF682E.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329433.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 10:05:25) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -4.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329428.ini -3.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329429.ini -3.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329430.ini -0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329431.exe -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329432.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329433.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329434.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329435.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329436.exe 4.9s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF701E.tmp 5.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329438.exe 5.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329439.com 5.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329440.scr 7.6s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5C97.tmp 8.9s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF682E.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329434.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 10:05:25) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -4.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329428.ini -3.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329429.ini -3.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329430.ini -0.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329431.exe -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329432.exe -0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329433.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329434.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329435.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329436.exe 4.9s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF701E.tmp 5.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329438.exe 5.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329439.com 5.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329440.scr 7.6s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5C97.tmp 8.9s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF682E.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329435.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 10:05:25) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -4.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329428.ini -3.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329429.ini -3.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329430.ini -0.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329431.exe -0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329432.exe -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329433.exe -0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329434.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329435.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329436.exe 4.9s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF701E.tmp 5.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329438.exe 5.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329439.com 5.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329440.scr 7.5s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5C97.tmp 8.8s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF682E.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329436.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 10:05:25) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -4.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329428.ini -3.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329429.ini -3.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329430.ini -0.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329431.exe -0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329432.exe -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329433.exe -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329434.exe -0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329435.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329436.exe 4.8s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF701E.tmp 5.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329438.exe 5.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329439.com 5.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329440.scr 7.5s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5C97.tmp 8.8s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF682E.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329438.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 10:05:30) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -9.7s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329428.ini -8.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329429.ini -8.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329430.ini -5.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329431.exe -5.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329432.exe -5.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329433.exe -5.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329434.exe -5.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329435.exe -5.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329436.exe -0.3s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF701E.tmp 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329438.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329439.com 0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329440.scr 2.4s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5C97.tmp 3.7s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF682E.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329439.com -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 10:05:30) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -9.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329428.ini -8.7s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329429.ini -8.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329430.ini -5.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329431.exe -5.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329432.exe -5.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329433.exe -5.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329434.exe -5.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329435.exe -5.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329436.exe -0.4s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF701E.tmp -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329438.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329439.com 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329440.scr 2.3s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5C97.tmp 3.6s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF682E.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329440.scr -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 10:05:30) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -9.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329428.ini -8.7s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329429.ini -8.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329430.ini -5.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329431.exe -5.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329432.exe -5.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329433.exe -5.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329434.exe -5.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329435.exe -5.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329436.exe -0.4s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF701E.tmp -0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329438.exe -0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329439.com 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329440.scr 2.3s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5C97.tmp 3.5s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF682E.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329447.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 10:14:23) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -5.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329444.ini -4.7s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329445.ini -3.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329446.ini 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329447.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329448.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329449.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329450.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329451.exe 0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329452.exe 4.9s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5365.tmp 5.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329454.exe 5.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329455.com 5.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329456.scr 7.8s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5A65.tmp 9.3s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6CC5.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329448.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 10:14:23) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -5.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329444.ini -4.7s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329445.ini -3.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329446.ini -0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329447.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329448.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329449.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329450.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329451.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329452.exe 4.8s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5365.tmp 5.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329454.exe 5.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329455.com 5.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329456.scr 7.8s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5A65.tmp 9.3s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6CC5.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329449.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 10:14:23) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -5.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329444.ini -4.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329445.ini -4.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329446.ini -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329447.exe -0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329448.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329449.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329450.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329451.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329452.exe 4.8s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5365.tmp 5.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329454.exe 5.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329455.com 5.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329456.scr 7.7s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5A65.tmp 9.2s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6CC5.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329450.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 10:14:23) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -5.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329444.ini -4.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329445.ini -4.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329446.ini -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329447.exe -0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329448.exe -0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329449.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329450.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329451.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329452.exe 4.8s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5365.tmp 5.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329454.exe 5.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329455.com 5.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329456.scr 7.7s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5A65.tmp 9.2s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6CC5.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329451.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 10:14:23) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -5.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329444.ini -4.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329445.ini -4.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329446.ini -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329447.exe -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329448.exe -0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329449.exe -0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329450.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329451.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329452.exe 4.7s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5365.tmp 5.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329454.exe 5.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329455.com 5.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329456.scr 7.7s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5A65.tmp 9.2s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6CC5.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329452.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 10:14:23) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -5.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329444.ini -4.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329445.ini -4.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329446.ini -0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329447.exe -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329448.exe -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329449.exe -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329450.exe -0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329451.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329452.exe 4.7s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5365.tmp 4.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329454.exe 5.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329455.com 5.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329456.scr 7.6s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5A65.tmp 9.1s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6CC5.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329454.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 10:14:28) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -10.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329444.ini -9.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329445.ini -9.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329446.ini -5.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329447.exe -5.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329448.exe -5.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329449.exe -5.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329450.exe -5.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329451.exe -4.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329452.exe -0.2s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5365.tmp 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329454.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329455.com 0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329456.scr 2.7s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5A65.tmp 4.2s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6CC5.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329455.com -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 10:14:28) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -10.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329444.ini -9.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329445.ini -9.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329446.ini -5.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329447.exe -5.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329448.exe -5.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329449.exe -5.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329450.exe -5.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329451.exe -5.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329452.exe -0.4s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5365.tmp -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329454.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329455.com 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329456.scr 2.6s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5A65.tmp 4.1s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6CC5.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329456.scr -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 10:14:28) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -10.7s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329444.ini -10.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329445.ini -9.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329446.ini -5.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329447.exe -5.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329448.exe -5.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329449.exe -5.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329450.exe -5.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329451.exe -5.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329452.exe -0.4s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5365.tmp -0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329454.exe -0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329455.com 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0329456.scr 2.5s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5A65.tmp 4.0s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6CC5.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330481.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 10:32:01) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -5.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330478.ini -4.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330479.ini -4.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330480.ini 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330481.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330482.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330483.exe 0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330484.exe 0.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330485.exe 0.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330486.exe 4.7s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6347.tmp 5.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330488.com 5.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330489.scr 7.5s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5560.tmp 7.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330490.exe 8.8s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF674F.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330482.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 10:32:01) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -5.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330478.ini -4.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330479.ini -4.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330480.ini -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330481.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330482.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330483.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330484.exe 0.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330485.exe 0.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330486.exe 4.6s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6347.tmp 5.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330488.com 5.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330489.scr 7.4s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5560.tmp 7.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330490.exe 8.7s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF674F.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330483.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 10:32:01) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -5.7s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330478.ini -4.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330479.ini -4.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330480.ini -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330481.exe -0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330482.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330483.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330484.exe 0.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330485.exe 0.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330486.exe 4.6s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6347.tmp 5.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330488.com 5.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330489.scr 7.4s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5560.tmp 7.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330490.exe 8.7s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF674F.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330484.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 10:32:02) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -5.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330478.ini -5.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330479.ini -4.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330480.ini -0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330481.exe -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330482.exe -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330483.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330484.exe 0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330485.exe 0.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330486.exe 4.5s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6347.tmp 4.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330488.com 5.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330489.scr 7.3s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5560.tmp 7.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330490.exe 8.6s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF674F.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330485.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 10:32:02) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -6.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330478.ini -5.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330479.ini -4.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330480.ini -0.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330481.exe -0.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330482.exe -0.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330483.exe -0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330484.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330485.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330486.exe 4.3s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6347.tmp 4.7s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330488.com 4.7s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330489.scr 7.1s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5560.tmp 7.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330490.exe 8.4s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF674F.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330486.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 10:32:02) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -6.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330478.ini -5.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330479.ini -4.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330480.ini -0.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330481.exe -0.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330482.exe -0.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330483.exe -0.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330484.exe -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330485.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330486.exe 4.2s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6347.tmp 4.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330488.com 4.7s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330489.scr 7.0s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5560.tmp 7.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330490.exe 8.3s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF674F.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330488.com -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 10:32:06) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -10.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330478.ini -9.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330479.ini -9.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330480.ini -5.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330481.exe -5.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330482.exe -5.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330483.exe -4.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330484.exe -4.7s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330485.exe -4.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330486.exe -0.4s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6347.tmp 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330488.com 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330489.scr 2.4s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5560.tmp 2.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330490.exe 3.7s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF674F.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330489.scr -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 10:32:06) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -10.7s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330478.ini -10.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330479.ini -9.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330480.ini -5.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330481.exe -5.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330482.exe -5.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330483.exe -5.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330484.exe -4.7s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330485.exe -4.7s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330486.exe -0.4s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6347.tmp -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330488.com 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330489.scr 2.3s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5560.tmp 2.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330490.exe 3.6s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF674F.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330490.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 10:32:09) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -13.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330478.ini -12.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330479.ini -11.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330480.ini -7.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330481.exe -7.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330482.exe -7.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330483.exe -7.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330484.exe -7.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330485.exe -7.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330486.exe -2.8s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6347.tmp -2.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330488.com -2.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330489.scr -0.1s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5560.tmp 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330490.exe 1.2s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF674F.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330497.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 10:42:47) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -5.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330494.ini -4.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330495.ini -4.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330496.ini 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330497.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330498.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330499.exe 0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330500.exe 0.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330501.exe 0.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330502.exe 4.4s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5070.tmp 5.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330504.com 5.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330505.scr 7.3s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5386.tmp 7.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330506.exe 8.8s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6F1E.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330498.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 10:42:47) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -5.7s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330494.ini -4.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330495.ini -4.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330496.ini -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330497.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330498.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330499.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330500.exe 0.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330501.exe 0.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330502.exe 4.3s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5070.tmp 4.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330504.com 4.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330505.scr 7.2s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5386.tmp 7.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330506.exe 8.7s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6F1E.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330499.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 10:42:48) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -5.7s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330494.ini -5.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330495.ini -4.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330496.ini -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330497.exe -0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330498.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330499.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330500.exe 0.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330501.exe 0.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330502.exe 4.3s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5070.tmp 4.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330504.com 4.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330505.scr 7.2s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5386.tmp 7.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330506.exe 8.7s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6F1E.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330500.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 10:42:48) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -5.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330494.ini -5.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330495.ini -4.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330496.ini -0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330497.exe -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330498.exe -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330499.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330500.exe 0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330501.exe 0.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330502.exe 4.3s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5070.tmp 4.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330504.com 4.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330505.scr 7.1s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5386.tmp 7.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330506.exe 8.6s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6F1E.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330501.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 10:42:48) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -6.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330494.ini -5.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330495.ini -4.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330496.ini -0.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330497.exe -0.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330498.exe -0.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330499.exe -0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330500.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330501.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330502.exe 4.0s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5070.tmp 4.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330504.com 4.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330505.scr 6.9s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5386.tmp 7.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330506.exe 8.4s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6F1E.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330502.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 10:42:48) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -6.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330494.ini -5.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330495.ini -4.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330496.ini -0.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330497.exe -0.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330498.exe -0.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330499.exe -0.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330500.exe -0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330501.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330502.exe 4.0s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5070.tmp 4.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330504.com 4.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330505.scr 6.9s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5386.tmp 7.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330506.exe 8.4s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6F1E.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330504.com -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 10:42:52) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -10.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330494.ini -9.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330495.ini -9.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330496.ini -5.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330497.exe -4.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330498.exe -4.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330499.exe -4.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330500.exe -4.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330501.exe -4.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330502.exe -0.5s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5070.tmp 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330504.com 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330505.scr 2.3s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5386.tmp 2.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330506.exe 3.8s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6F1E.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330505.scr -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 10:42:52) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -10.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330494.ini -9.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330495.ini -9.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330496.ini -5.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330497.exe -4.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330498.exe -4.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330499.exe -4.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330500.exe -4.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330501.exe -4.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330502.exe -0.6s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5070.tmp -0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330504.com 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330505.scr 2.3s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5386.tmp 2.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330506.exe 3.8s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6F1E.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330506.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 10:42:55) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -13.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330494.ini -12.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330495.ini -11.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330496.ini -7.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330497.exe -7.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330498.exe -7.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330499.exe -7.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330500.exe -7.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330501.exe -7.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330502.exe -3.0s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5070.tmp -2.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330504.com -2.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330505.scr -0.2s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5386.tmp 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330506.exe 1.3s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6F1E.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330513.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 11:05:41) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -5.7s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330510.ini -4.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330511.ini -4.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330512.ini 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330513.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330514.exe 0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330515.exe 0.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330516.exe 0.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330517.exe 0.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330518.exe 4.2s C:\Documents and Settings\User\Ustawienia lokalne\Temp\WPDNSE\ 4.6s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5385.tmp 4.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330520.com 5.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330521.scr 7.6s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5CF9.tmp 7.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330522.exe 9.0s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6FB6.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330514.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 11:05:41) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -5.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330510.ini -4.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330511.ini -4.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330512.ini -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330513.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330514.exe 0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330515.exe 0.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330516.exe 0.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330517.exe 0.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330518.exe 4.2s C:\Documents and Settings\User\Ustawienia lokalne\Temp\WPDNSE\ 4.5s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5385.tmp 4.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330520.com 5.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330521.scr 7.5s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5CF9.tmp 7.7s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330522.exe 8.9s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6FB6.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330515.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 11:05:41) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -5.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330510.ini -5.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330511.ini -4.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330512.ini -0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330513.exe -0.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330514.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330515.exe 0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330516.exe 0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330517.exe 0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330518.exe 4.1s C:\Documents and Settings\User\Ustawienia lokalne\Temp\WPDNSE\ 4.4s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5385.tmp 4.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330520.com 4.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330521.scr 7.5s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5CF9.tmp 7.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330522.exe 8.8s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6FB6.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330516.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 11:05:41) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -6.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330510.ini -5.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330511.ini -4.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330512.ini -0.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330513.exe -0.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330514.exe -0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330515.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330516.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330517.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330518.exe 3.9s C:\Documents and Settings\User\Ustawienia lokalne\Temp\WPDNSE\ 4.2s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5385.tmp 4.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330520.com 4.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330521.scr 7.3s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5CF9.tmp 7.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330522.exe 8.7s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6FB6.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330517.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 11:05:41) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -6.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330510.ini -5.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330511.ini -4.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330512.ini -0.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330513.exe -0.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330514.exe -0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330515.exe -0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330516.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330517.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330518.exe 3.9s C:\Documents and Settings\User\Ustawienia lokalne\Temp\WPDNSE\ 4.2s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5385.tmp 4.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330520.com 4.7s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330521.scr 7.3s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5CF9.tmp 7.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330522.exe 8.6s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6FB6.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330518.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 11:05:41) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -6.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330510.ini -5.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330511.ini -4.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330512.ini -0.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330513.exe -0.3s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330514.exe -0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330515.exe -0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330516.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330517.exe 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330518.exe 3.9s C:\Documents and Settings\User\Ustawienia lokalne\Temp\WPDNSE\ 4.2s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5385.tmp 4.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330520.com 4.7s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330521.scr 7.3s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5CF9.tmp 7.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330522.exe 8.6s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6FB6.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330520.com -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 11:05:46) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -10.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330510.ini -9.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330511.ini -8.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330512.ini -4.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330513.exe -4.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330514.exe -4.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330515.exe -4.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330516.exe -4.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330517.exe -4.5s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330518.exe -0.7s C:\Documents and Settings\User\Ustawienia lokalne\Temp\WPDNSE\ -0.4s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5385.tmp 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330520.com 0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330521.scr 2.7s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5CF9.tmp 2.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330522.exe 4.1s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6FB6.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330521.scr -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 11:05:46) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -10.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330510.ini -10.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330511.ini -9.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330512.ini -5.1s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330513.exe -5.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330514.exe -4.9s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330515.exe -4.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330516.exe -4.7s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330517.exe -4.7s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330518.exe -0.9s C:\Documents and Settings\User\Ustawienia lokalne\Temp\WPDNSE\ -0.5s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5385.tmp -0.2s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330520.com 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330521.scr 2.5s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5CF9.tmp 2.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330522.exe 3.9s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6FB6.tmp C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330522.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 0.0 days (2015-10-13 11:05:49) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 115.0 Forensic Cluster -13.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330510.ini -12.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330511.ini -11.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330512.ini -7.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330513.exe -7.7s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330514.exe -7.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330515.exe -7.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330516.exe -7.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330517.exe -7.4s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330518.exe -3.5s C:\Documents and Settings\User\Ustawienia lokalne\Temp\WPDNSE\ -3.2s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5385.tmp -2.8s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330520.com -2.6s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330521.scr -0.1s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF5CF9.tmp 0.0s C:\System Volume Information\_restore{36122A21-458F-42BF-A8E3-0E35F3172769}\RP191\A0330522.exe 1.3s C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DF6FB6.tmp C:\WINDOWS\eksplorasi.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 555.7 days (2014-04-05 18:04:13) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 143.0 Startup HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell References HKU\S-1-5-21-861567501-1957994488-299502267-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\eksplorasi.exe C:\WINDOWS\ShellNew\sempalong.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 555.7 days (2014-04-05 18:04:13) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 144.0 One or more antivirus vendors have indicated that the file is malicious. This file's reboot survivability is vigorously protected. This is typical to malware. The hidden file attribute bit is set. This is not common to most programs. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Uses the Windows Registry to run each time the user logs on. Program contains PE structure anomalies. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. Startup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bron-Spizaetus References HKU\S-1-5-21-861567501-1957994488-299502267-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\ShellNew\sempalong.exe C:\WINDOWS\system32\User's Setting.scr -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 555.7 days (2014-04-05 18:04:18) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 116.0 F:\HitmanPro\x86\x86.exe -> Deleted Size . . . . . . . : 42 687 bytes Age . . . . . . . : 35.1 days (2015-09-08 07:51:48) Entropy . . . . . : 7.3 SHA-256 . . . . . : 70D98B736C32160617E8E272C2F5B2C10C72789FE40E27EC16F94FFA09394CD7 > G Data . . . . . . : Worm.Generic.237277 > Bitdefender . . . : Worm.Generic.237277 > Kaspersky . . . . : Email-Worm.Win32.Brontok.tb Fuzzy . . . . . . : 113.0 References HKU\S-1-5-21-861567501-1957994488-299502267-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\F:\HitmanPro\x86\x86.exe Suspicious files ____________________________________________________________ C:\WINDOWS\system32\hasplms.exe Size . . . . . . . : 4 412 872 bytes Age . . . . . . . : 1034.0 days (2012-12-13 11:35:41) Entropy . . . . . : 7.6 SHA-256 . . . . . : 83BFF779018218B557853A7EE4F0D767B3E158C69BEB0864D8C0E1634277329E Product . . . . . : LDK License Manager Service Publisher . . . . : SafeNet Inc. Description . . . : Sentinel LDK License Manager Service Version . . . . . : 14.0.1.28295 Copyright . . . . : © 2012 SafeNet, Inc. All rights reserved. RSA Key Size . . . : 2048 Service . . . . . : hasplms LanguageID . . . . : 1033 Authenticode . . . : Valid Fuzzy . . . . . . : 28.0 The file name extension of this program is not common. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. The Entry Point of this file lies in a resource section. This is an indication of malware infection. Program starts automatically without user intervention. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. Starts automatically as a service during system bootup. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. Startup HKLM\SYSTEM\CurrentControlSet\Services\hasplms\ Potential Unwanted Programs _________________________________________________ HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}\ (PCOptimizerPro) -> Deleted HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ (PCOptimizerPro) -> Deleted HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ (PCOptimizerPro) -> Deleted HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\ (PriceChop) -> Deleted Repairs _____________________________________________________________________ Opcje folderu HKU\S-1-5-21-861567501-1957994488-299502267-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions Edytor rejestru (regedit.exe) HKU\S-1-5-21-861567501-1957994488-299502267-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools Cookies _____________________________________________________________________ C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[1].txt C:\Documents and Settings\User\Cookies\user@ads.businessclick[2].txt C:\Documents and Settings\User\Cookies\user@atdmt[2].txt C:\Documents and Settings\User\Cookies\user@c.atdmt[2].txt C:\Documents and Settings\User\Cookies\user@doubleclick[1].txt C:\Documents and Settings\User\Cookies\user@invitemedia[2].txt C:\Documents and Settings\User\Cookies\user@tradedoubler[1].txt C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\wa7gyy3u.default\cookies.sqlite:ad.360yield.com C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\wa7gyy3u.default\cookies.sqlite:ads.yahoo.com C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\wa7gyy3u.default\cookies.sqlite:adtech.de C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\wa7gyy3u.default\cookies.sqlite:casalemedia.com C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\wa7gyy3u.default\cookies.sqlite:doubleclick.net C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\wa7gyy3u.default\cookies.sqlite:serving-sys.com C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\wa7gyy3u.default\cookies.sqlite:sexrura.pl C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\wa7gyy3u.default\cookies.sqlite:smartadserver.com C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\wa7gyy3u.default\cookies.sqlite:tradedoubler.com C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\wa7gyy3u.default\cookies.sqlite:www.googleadservices.com C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\wa7gyy3u.default\cookies.sqlite:www.sexrura.pl C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Cookies:atdmt.com C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Cookies:doubleclick.net C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Cookies:hardsextube.com C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Cookies:serving-sys.com C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Cookies:sexad.net C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Cookies:sexrura.pl C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Cookies:smartadserver.com C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Cookies:streamate.doublepimp.com C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Cookies:tradedoubler.com C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Cookies:www.sexrura.pl C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Cookies:xiti.com [/code]