General Info

File name

rechnungen.doc

Full analysis
https://app.any.run/tasks/167c7b07-91f3-4e65-b72c-29baa1294213
Verdict
Malicious activity
Analysis date
1/10/2019, 17:49:28
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
macros
macros-on-open
generated-doc
loader
ransomware
gandcrab
trojan
Indicators:

MIME:
application/msword
File info:
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: Ghost, Template: Normal.dotm, Last Saved By: Ghost, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Tue Jan 8 17:22:00 2019, Last Saved Time/Date: Tue Jan 8 17:22:00 2019, Number of Pages: 1, Number of Words: 0, Number of Characters: 0, Security: 0
MD5

444749249e358f3c67d0abc468b8349c

SHA1

ca3c9ca7ab17b1f7e6d5796449de7c90601b0a04

SHA256

d9c89e4f9100d4053cfc35f7c7fb9576fb4229e8049ce34cbec281f14a126621

SSDEEP

768:lY+1o93SK815S/FCOhpzJ9BRU/waOxjb3w+byp:lY+a93pO5KUOb/RUIaOpfW

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Renames files like Ransomware
  • yeZjqHFMWjXi.exe (PID: 2892)
Deletes shadow copies
  • yeZjqHFMWjXi.exe (PID: 2892)
Dropped file may contain instructions of ransomware
  • yeZjqHFMWjXi.exe (PID: 2892)
Connects to CnC server
  • yeZjqHFMWjXi.exe (PID: 2892)
Application was dropped or rewritten from another process
  • yeZjqHFMWjXi.exe (PID: 2892)
Requests a remote executable file from MS Office
  • WINWORD.EXE (PID: 3008)
GandCrab keys found
  • yeZjqHFMWjXi.exe (PID: 2892)
Writes file to Word startup folder
  • yeZjqHFMWjXi.exe (PID: 2892)
Actions looks like stealing of personal data
  • yeZjqHFMWjXi.exe (PID: 2892)
Executable content was dropped or overwritten
  • WINWORD.EXE (PID: 3008)
Unusual execution from Microsoft Office
  • WINWORD.EXE (PID: 3008)
Creates files like Ransomware instruction
  • yeZjqHFMWjXi.exe (PID: 2892)
Reads the cookies of Mozilla Firefox
  • yeZjqHFMWjXi.exe (PID: 2892)
Unusual connect from Microsoft Office
  • WINWORD.EXE (PID: 3008)
Creates files in the user directory
  • yeZjqHFMWjXi.exe (PID: 2892)
Reads Microsoft Office registry keys
  • WINWORD.EXE (PID: 3008)
Creates files in the user directory
  • WINWORD.EXE (PID: 3008)
Dropped object may contain TOR URL's
  • yeZjqHFMWjXi.exe (PID: 2892)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.doc
|   Microsoft Word document (54.2%)
.doc
|   Microsoft Word document (old ver.) (32.2%)
EXIF
FlashPix
Title:
null
Subject:
null
Author:
Ghost
Keywords:
null
Comments:
null
Template:
Normal.dotm
LastModifiedBy:
Ghost
RevisionNumber:
1
Software:
Microsoft Office Word
TotalEditTime:
null
CreateDate:
2019:01:08 17:22:00
ModifyDate:
2019:01:08 17:22:00
Pages:
1
Words:
null
Characters:
null
Security:
None
CodePage:
Windows Latin 1 (Western European)
Company:
null
Lines:
null
Paragraphs:
null
CharCountWithSpaces:
null
AppVersion:
16
ScaleCrop:
No
LinksUpToDate:
No
SharedDoc:
No
HyperlinksChanged:
No
TitleOfParts:
null
HeadingPairs
null
null
CompObjUserTypeLen:
32
CompObjUserType:
Microsoft Word 97-2003 Document

Screenshots

Processes

Total processes
37
Monitored processes
3
Malicious processes
2
Suspicious processes
0

Behavior graph

+
download and start start winword.exe #GANDCRAB yezjqhfmwjxi.exe wmic.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3008
CMD
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\rechnungen.doc"
Path
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft Word
Version
14.0.6024.1000
Modules
Image
c:\program files\microsoft office\office14\winword.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\microsoft office\office14\wwlib.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\program files\microsoft office\office14\gfx.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msimg32.dll
c:\program files\microsoft office\office14\oart.dll
c:\program files\common files\microsoft shared\office14\mso.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\program files\common files\microsoft shared\office14\cultures\office.odf
c:\program files\microsoft office\office14\1033\wwintl.dll
c:\program files\common files\microsoft shared\office14\1033\msointl.dll
c:\program files\common files\microsoft shared\office14\msores.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwmapi.dll
c:\program files\common files\microsoft shared\office14\msptls.dll
c:\windows\system32\uxtheme.dll
c:\program files\common files\microsoft shared\office14\riched20.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppc.dll
c:\windows\system32\winspool.drv
c:\windows\system32\shell32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\profapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll
c:\progra~1\common~1\micros~1\vba\vba7\vbe7.dll
c:\program files\microsoft office\office14\gkword.dll
c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
c:\windows\system32\spool\drivers\w32x86\3\sendtoonenoteui.dll
c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll
c:\windows\system32\fontsub.dll
c:\program files\common files\microsoft shared\office14\usp10.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\sxs.dll
c:\progra~1\common~1\micros~1\vba\vba7\1033\vbe7intl.dll
c:\windows\system32\fm20.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\fm20enu.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\users\public\yezjqhfmwjxi.exe
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\prntvpt.dll
c:\program files\microsoft office\office14\msproof7.dll
c:\program files\microsoft office\office14\proof\1033\msgr3en.dll

PID
2892
CMD
C:\Users\Public\yeZjqHFMWjXi.exe
Path
C:\Users\Public\yeZjqHFMWjXi.exe
Indicators
Parent process
WINWORD.EXE
User
admin
Integrity Level
MEDIUM
Version:
Company
Abbott Laboratories
Description
Succession Directoryshell
Version
Modules
Image
c:\users\public\yezjqhfmwjxi.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\oledlg.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\tapi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\winsta.dll
c:\windows\system32\mpr.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\drprov.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\browcli.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\iconcodecservice.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll

PID
2616
CMD
"C:\Windows\system32\wbem\wmic.exe" shadowcopy delete
Path
C:\Windows\system32\wbem\wmic.exe
Indicators
No indicators
Parent process
yeZjqHFMWjXi.exe
User
admin
Integrity Level
MEDIUM
Exit code
2147749908
Version:
Company
Microsoft Corporation
Description
WMI Commandline Utility
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\wbem\wmic.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\common files\microsoft shared\office14\msoxmlmf.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wbem\wmiutils.dll

Registry activity

Total events
1326
Read events
901
Write events
424
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
3008
WINWORD.EXE
delete key
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
&.,
262E2C00C00B0000010000000000000000000000
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
Off
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
On
3008
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
WORDFiles
1311375383
3008
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1311375504
3008
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1311375505
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTT
C00B000020852C7D04A9D40100000000
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
?/,
3F2F2C00C00B000004000000000000008C00000001000000840000003E0043003A005C00550073006500720073005C00610064006D0069006E005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C004D006900630072006F0073006F00660074005C00540065006D0070006C0061007400650073005C004E006F0072006D0061006C002E0064006F0074006D00000000000000
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
90,
39302C00C00B000006000000010000007200000002000000620000000400000063003A005C00750073006500720073005C00610064006D0069006E005C0061007000700064006100740061005C006C006F00630061006C005C00740065006D0070005C0072006500630068006E0075006E00670065006E002E0064006F006300000000000000
3008
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
VBAFiles
1311375364
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
{EF9E74D1-5A27-4722-9DA4-024AA1AB7EE5}
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Place MRU
Max Display
25
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU
Max Display
25
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\20ECF5
20ECF5
04000000C00B00003000000043003A005C00550073006500720073005C00610064006D0069006E005C0041007000700044006100740061005C004C006F00630061006C005C00540065006D0070005C0072006500630068006E0075006E00670065006E002E0064006F0063000E00000072006500630068006E0075006E00670065006E002E0064006F006300000000000100000000000000B8FB227D04A9D401F5EC2000F5EC200000000000DB040000000000000000000000000000000000000000000000000000FFFFFFFF0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\TypeLib\{204C2EAF-9E0F-4D25-A824-BA88781933A8}\2.0
Microsoft Forms 2.0 Object Library
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\TypeLib\{204C2EAF-9E0F-4D25-A824-BA88781933A8}\2.0\FLAGS
6
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\TypeLib\{204C2EAF-9E0F-4D25-A824-BA88781933A8}\2.0\0\win32
C:\Users\admin\AppData\Local\Temp\VBE\MSForms.exd
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\TypeLib\{204C2EAF-9E0F-4D25-A824-BA88781933A8}\2.0\HELPDIR
C:\Users\admin\AppData\Local\Temp\VBE
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}
Font
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{EC72F590-F375-11CE-B9E8-00AA006B1A69}
IDataAutoWrapper
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{82B02370-B5BC-11CF-810F-00A0C9030074}
IReturnInteger
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{82B02371-B5BC-11CF-810F-00A0C9030074}
IReturnBoolean
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{82B02372-B5BC-11CF-810F-00A0C9030074}
IReturnString
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8A683C90-BA84-11CF-8110-00A0C9030074}
IReturnSingle
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8A683C91-BA84-11CF-8110-00A0C9030074}
IReturnEffect
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC6-866C-11CF-AB7C-00AA00C08FCF}
IControl
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC7-866C-11CF-AB7C-00AA00C08FCF}
Controls
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{29B86A70-F52E-11CE-9BCE-00AA00608E01}
IOptionFrame
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC8-866C-11CF-AB7C-00AA00C08FCF}
_UserForm
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{9A4BBF53-4E46-101B-8BBD-00AA003E3B29}
ControlEvents
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5B9D8FC8-4A71-101B-97A6-00000B65C08B}
FormEvents
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{CF3F94A0-F546-11CE-9BCE-00AA00608E01}
OptionFrameEvents
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC1-866C-11CF-AB7C-00AA00C08FCF}
ILabelControl
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC4-866C-11CF-AB7C-00AA00C08FCF}
ICommandButton
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D13-EC42-11CE-9E0D-00AA006002F3}
IMdcText
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D23-EC42-11CE-9E0D-00AA006002F3}
IMdcList
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D33-EC42-11CE-9E0D-00AA006002F3}
IMdcCombo
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D43-EC42-11CE-9E0D-00AA006002F3}
IMdcCheckBox
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D53-EC42-11CE-9E0D-00AA006002F3}
IMdcOptionButton
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D63-EC42-11CE-9E0D-00AA006002F3}
IMdcToggleButton
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC3-866C-11CF-AB7C-00AA00C08FCF}
IScrollbar
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{A38BFFC3-A5A0-11CE-8107-00AA00611080}
Tab
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{944ACF93-A1E6-11CE-8104-00AA00611080}
Tabs
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC2-866C-11CF-AB7C-00AA00C08FCF}
ITabStrip
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{79176FB3-B7F2-11CE-97EF-00AA006D2776}
ISpinbutton
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{4C599243-6926-101B-9992-00000B65C6F9}
IImage
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D111-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLSubmitButton
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D113-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLImage
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D115-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLReset
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D117-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLCheckbox
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D119-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLOption
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D11B-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLText
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D11D-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLHidden
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D11F-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLPassword
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D123-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLSelect
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5512D125-5CC6-11CF-8D67-00AA00BDCE1D}
IWHTMLTextArea
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{978C9E22-D4B0-11CE-BF2D-00AA003F40D0}
LabelControlEvents
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{7B020EC1-AF6C-11CE-9F46-00AA00574A4F}
CommandButtonEvents
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}
MdcTextEvents
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D22-EC42-11CE-9E0D-00AA006002F3}
MdcListEvents
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D32-EC42-11CE-9E0D-00AA006002F3}
MdcComboEvents
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D42-EC42-11CE-9E0D-00AA006002F3}
MdcCheckBoxEvents
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D52-EC42-11CE-9E0D-00AA006002F3}
MdcOptionButtonEvents
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{8BD21D62-EC42-11CE-9E0D-00AA006002F3}
MdcToggleButtonEvents
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{7B020EC2-AF6C-11CE-9F46-00AA00574A4F}
ScrollbarEvents
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{7B020EC7-AF6C-11CE-9F46-00AA00574A4F}
TabStripEvents
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{79176FB2-B7F2-11CE-97EF-00AA006D2776}
SpinbuttonEvents
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{4C5992A5-6926-101B-9992-00000B65C6F9}
ImageEvents
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{796ED650-5FE9-11CF-8D68-00AA00BDCE1D}
WHTMLControlEvents
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE0-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents1
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE1-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents2
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE2-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents3
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE3-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents4
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE4-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents5
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE5-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents6
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE6-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents7
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE8-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents9
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{47FF8FE9-6198-11CF-8CE8-00AA006CB389}
WHTMLControlEvents10
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{5CEF5613-713D-11CE-80C9-00AA00611080}
IPage
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{92E11A03-7358-11CE-80CB-00AA00611080}
Pages
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{04598FC9-866C-11CF-AB7C-00AA00C08FCF}
IMultiPage
3008
WINWORD.EXE
write
HKEY_CLASSES_ROOT\Interface\{7B020EC8-AF6C-11CE-9F46-00AA00574A4F}
MultiPageEvents
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Licensing
019C826E445A4649A5B00BF08FCC4EEE
01000000270000007B39303134303030302D303033442D303030302D303030302D3030303030303046463143457D005A0000004F00660066006900630065002000310034002C0020004F0066006600690063006500500072006F00660065007300730069006F006E0061006C002D00520065007400610069006C002000650064006900740069006F006E000000
3008
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1311375401
3008
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1311375402
3008
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1311375401
3008
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1311375402
3008
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1311375418
3008
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1311375419
3008
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1311375403
3008
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1311375404
3008
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1311375403
3008
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1311375404
3008
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1311375420
3008
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1311375421
3008
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1311375422
3008
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1311375423
3008
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1311375424
3008
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1311375425
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Arial Unicode MS
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Batang
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@BatangChe
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DFKai-SB
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Dotum
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DotumChe
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@FangSong
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gulim
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GulimChe
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gungsuh
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GungsuhChe
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@KaiTi
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Malgun Gothic
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo UI
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft JhengHei
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft YaHei
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS-ExtB
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU-ExtB
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Gothic
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Mincho
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PGothic
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PMincho
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS UI Gothic
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@NSimSun
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU-ExtB
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimHei
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun-ExtB
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Agency FB
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aharoni
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Algerian
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Andalus
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Angsana New
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
AngsanaUPC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aparajita
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arabic Typesetting
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Black
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Narrow
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Rounded MT Bold
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Unicode MS
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Baskerville Old Face
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Batang
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BatangChe
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bauhaus 93
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bell MT
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB Demi
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bernard MT Condensed
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Blackadder ITC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Black
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Condensed
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Poster Compressed
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Book Antiqua
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookman Old Style
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookshelf Symbol 7
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bradley Hand ITC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Britannic Bold
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Broadway
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Browallia New
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BrowalliaUPC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Brush Script MT
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Californian FB
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calisto MT
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria Math
1
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Candara
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Castellar
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Centaur
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Gothic
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Schoolbook
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Chiller
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Colonna MT
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Comic Sans MS
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Consolas
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Constantia
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cooper Black
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Bold
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Light
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Corbel
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cordia New
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
CordiaUPC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier New
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Curlz MT
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DaunPenh
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
David
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DFKai-SB
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DilleniaUPC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DokChampa
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Dotum
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DotumChe
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ebrima
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Edwardian Script ITC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Elephant
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Engravers MT
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Bold ITC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Demi ITC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Light ITC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Medium ITC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Estrangelo Edessa
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
EucrosiaUPC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Euphemia
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FangSong
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Felix Titling
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Fixedsys
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Footlight MT Light
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Forte
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Book
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi Cond
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Heavy
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium Cond
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FrankRuehl
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FreesiaUPC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Freestyle Script
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
French Script MT
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gabriola
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Garamond
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gautami
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Georgia
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gigi
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Condensed
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Ext Condensed Bold
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold Condensed
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gisha
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gloucester MT Extra Condensed
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Old Style
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Stout
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gulim
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GulimChe
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gungsuh
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GungsuhChe
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Haettenschweiler
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harlow Solid Italic
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harrington
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
High Tower Text
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Impact
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Imprint MT Shadow
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Informal Roman
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
IrisUPC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Iskoola Pota
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
JasmineUPC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Jokerman
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Juice ITC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KaiTi
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kalinga
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kartika
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Khmer UI
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KodchiangUPC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kokila
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kristen ITC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kunstler Script
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lao UI
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Latha
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Leelawadee
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Levenim MT
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
LilyUPC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Bright
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Calligraphy
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Console
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Fax
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Handwriting
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Typewriter
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Unicode
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Magneto
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Maiandra GD
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Malgun Gothic
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mangal
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Marlett
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Matura MT Script Capitals
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo UI
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Himalaya
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft JhengHei
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft New Tai Lue
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft PhagsPa
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Sans Serif
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Tai Le
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Uighur
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft YaHei
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Yi Baiti
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS-ExtB
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU-ExtB
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam Fixed
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mistral
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Modern No. 20
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mongolian Baiti
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Monotype Corsiva
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MoolBoran
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Gothic
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Mincho
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Outlook
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PGothic
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PMincho
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Sans Serif
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Specialty
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Sans Serif
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Serif
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS UI Gothic
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MT Extra
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MV Boli
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Narkisim
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Engraved
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Solid
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
NSimSun
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Nyala
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
OCR A Extended
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Old English Text MT
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Onyx
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palace Script MT
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palatino Linotype
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Papyrus
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Parchment
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua Titling MT
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Plantagenet Cherokee
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Playbill
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU-ExtB
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Poor Richard
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Pristina
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Raavi
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rage Italic
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ravie
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Condensed
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Extra Bold
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rod
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sakkal Majalla
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Script MT Bold
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Print
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Script
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Light
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Semibold
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Symbol
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shonar Bangla
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Showcard Gothic
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shruti
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimHei
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic Fixed
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun-ExtB
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Small Fonts
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Snap ITC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Stencil
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sylfaen
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Symbol
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
System
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tahoma
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tempus Sans ITC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Terminal
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Times New Roman
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Traditional Arabic
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Trebuchet MS
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tunga
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed Extra Bold
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Utsaah
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vani
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Verdana
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vijaya
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Viner Hand ITC
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vivaldi
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vladimir Script
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vrinda
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Webdings
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wide Latin
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 2
0
3008
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 3
0
2892
yeZjqHFMWjXi.exe
write
HKEY_CURRENT_USER\Software\ex_data\data
ext
2E006C0076006400660070000000
2892
yeZjqHFMWjXi.exe
write
HKEY_CURRENT_USER\Software\keys_data\data
public
0602000000A400005253413100080000010001008F01B9B6F7C5DEBD64BE3FE5012E658E3E0E0C2E56618A0A0D5FD988A2AD5AD96CF84E4E4DD5FC7AE349719369347589FB03B629C11B87CCCCC41B8B9246CCF5D3050FFC4E10961BA8DE713FB1D563F09093847420A506385D3213209EF941ED93DEE61CA905702D89175B519E5EEB5F0603681B1F446386A83DC893ED5D3B8E00803E928CF41A8EAB04989DC2A087B719727E8D3102C38231E8DE7450BE3750C10BE265019198EE31767592DDAFDF7F3E5DBBAA5551F410C7411BCFEAE11F98BDC81C14B437515AB8EDD8532CB0B548549797383315063834C6BE93538B0F0CF9B6AAFF4C3367DCD7693D3A1238093E854AC0D3AA800486BCA020F197133AA3
2892
yeZjqHFMWjXi.exe
write
HKEY_CURRENT_USER\Software\keys_data\data
private
94040000B4850C6D12653E67DA845742A6E98D6600E96D198B8FB915A6FA2791598A0CAC026F3C9394D584AEBE2704A0D16DD46CCFF4617B804AE0FA8DAF45ABA94CCBC5216BA11EFD1234891607827A57DCD27489300C74C6847CB92E9511454CAE04EA12A8B84A22F828AADC19DFD10DB8BF2CE75F3C36D730E7A2E8C8BF3FC236540D548985FDDD9F90B44B896BC99333FF27AA9589D90145F9943A1FDED33769D7CED90729670D0710C8CACFAD834490773FA581BFC0EA268916A7CA489916245AED5D5632756AC676D34B32F1DFF1318561F746CA0CBA5A952BD821E7F78147CBD887E629E5252E78A449F5EAF2FEC5B28EC81C7B4A1D560EA3559E48F444C53E7512E82D213E94272EF4C13747E2494FE11C9FC0B0CC633D2811C345E2A869FE2B794A3101F88A300F9E3128AD4E0757B01D6F69DC3CEB0653546A2CE27D4BC7DB3DBD687395C9693A227B4F904B408529EBD2B4F51D556947B44A6504CE65B81FAB8394FB3B7289531A15A080B8BB27374A4DC0A6DED2A4914F7D91506AC8952F7C74C97D4632E6D854FB4599C7E08F9906CB91189BEEA5802081F9633692CC319292319255288C572C0E9BAF8BBA7F7AE0F5AD65FAEE214B949CC66663F2770EC3FA4BC16F083A9DD56588C0ABCE66E6FF31922FF9ED3D259358F3EC94C36DC82FF52715458F890870D1B1990FF25E85F1439921DCD6518D2AE35449D8A4A980D5B6646AA1CE1F2FAC1E03BA9EE3639C6154806B03CCB9FCB30A5D0AA3179D67414E462EAB27CB2E222E31AE019FDA9E450FB5EFC7C1D72B0BF995C46D694DBC51C90AF92BBC9BE43EB04C5398D039677D6F668ABC48435F148F00A5CB1F86D260897F259B9DD813194D78452AC3CED1233E2CA493BB245438C359F505970DBB4182A414821679BEE21362240D69BD313830D722233718EEC00E6108B995D94D5A9283AE10806EC42F729D3E173069CC93A944AF39C9C36FE9D8CF7DED5807F90B8EDF79FBC03A3B8C282EED7637CDA760C1B1C78AE528D28024A8545D951FCD5C3A1E5ED32AE88CA93126077C9194C8D41979D559F239BDF2BE4DE986FB1C330C1CE277FF3120CC2948DDE52309095505106C6540C044D2833BDC6CF648728E85F4163B4C43B839074558DD6F53D9564600CAA05DA1AD4092B635654B1AC27CF069D79289A6327385FEB2AA4BEE0B34F5A7B85EF4EB6A9372A409A9F21D577567C7364FD63608D2EBC190A029E13DAC9E33738CE7003713426CBEBA3C5BB3DA8615C3DF97DCBDDCD3CED22379C3C9D4AD986E60CF1B06675A353DB71705581E08AEC1F3CEAF9A9C63099478F0B0CF4BF0606BBF448BAB4E476F3CF7480F0F5B13025A3E2DE0B9BF8BD6D6214AB7CAF6F4C8AD7B9DFF080C5DBE2E7255C3C6FD5B5C5F6D43EEE2C507FC3A424573F8990E7289A3D1D268EC838B45DE780FC16FFF19B36DC05E1FAAD492F3BA359CE810F872149E00733A25D34F1C556AEF02DC0185C6E991365992BBC396853EEFEFAE2CAA8E4B1AAC5AA1B327E181F3490624EBEDA01C6BFAC952B78A0DCEC6DC0AD77F97C8EA18D828E9308CDC64718B9273369A83017B20CE221220434DD77E626DBE37639BA9E72CD63683189D4D89FB81CEE5B516E3459C9DAA958DB6C1AE7EF113C7CF3195A4B85199FBA1D1FC257A5BEE5FE5AEC1C29869A15CE19004835513812251517C684FE135154A59ADAAD705E7ECCC33CE74445725978070F7AA46757F9DE7CFC1C37399D7222ABDC988D5CC050ECC14392715FD80C30D88B3FF56C62042DC95C551F863D9389C3502A463106211FAD538C6AA165A3132388A5285B694855A47C5CA7881309D306F8027180A9298A6DC6A3E051EC27600EF9E3E93EDA21745714AC2A6E1BFB5FA3A7C73BB5CF4B24189177CBF9348A674E6E42854A6FA00C7D337D1DF8C97016A43E57612982010CB40BA3F49E75A419EC1790EAAA4608EE6C61BAA913BA851E31180BBA030A43C8C34193BDBC4B482F006D3E166B84757774A72A21A0A1D2E23BF536483963F0C86DFEFBD61D30878348E84B2606EA5C8891C62A754D508F319E9C5B987C468A91498AECBD8AA42074B9CAC95AB3C855D5D12EE19712636CAF297574CB05155494D30E629A514B35E7FB7CB487BE4474869D1D950E42FF4A223B0A7B1262CBD9A93CC3CB5AAD4ECE07BE162EEFB7D5B2224A04E50A49C02D0CBCCAC35F3999FC93CA4C552855BA9AECA5BCA5753C1365652669EB5799C548DA3315C4BD0C0CD83AD72629BF9F1019159053E4DAE8BBC4532C24826C0277E80BE12166E653A794A3D5608A58F576E17038B73B3CBA0A57BEC439B50936D69419544900A288BC605EF42DA4EBAA1E56735993956B10C5B0C3B32
2892
yeZjqHFMWjXi.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2892
yeZjqHFMWjXi.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2892
yeZjqHFMWjXi.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\yeZjqHFMWjXi_RASAPI32
EnableFileTracing
0
2892
yeZjqHFMWjXi.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\yeZjqHFMWjXi_RASAPI32
EnableConsoleTracing
0
2892
yeZjqHFMWjXi.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\yeZjqHFMWjXi_RASAPI32
FileTracingMask
4294901760
2892
yeZjqHFMWjXi.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\yeZjqHFMWjXi_RASAPI32
ConsoleTracingMask
4294901760
2892
yeZjqHFMWjXi.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\yeZjqHFMWjXi_RASAPI32
MaxFileSize
1048576
2892
yeZjqHFMWjXi.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\yeZjqHFMWjXi_RASAPI32
FileDirectory
%windir%\tracing
2892
yeZjqHFMWjXi.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\yeZjqHFMWjXi_RASMANCS
EnableFileTracing
0
2892
yeZjqHFMWjXi.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\yeZjqHFMWjXi_RASMANCS
EnableConsoleTracing
0
2892
yeZjqHFMWjXi.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\yeZjqHFMWjXi_RASMANCS
FileTracingMask
4294901760
2892
yeZjqHFMWjXi.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\yeZjqHFMWjXi_RASMANCS
ConsoleTracingMask
4294901760
2892
yeZjqHFMWjXi.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\yeZjqHFMWjXi_RASMANCS
MaxFileSize
1048576
2892
yeZjqHFMWjXi.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\yeZjqHFMWjXi_RASMANCS
FileDirectory
%windir%\tracing
2892
yeZjqHFMWjXi.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2892
yeZjqHFMWjXi.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006A000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2892
yeZjqHFMWjXi.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US

Files activity

Executable files
2
Suspicious files
277
Text files
227
Unknown types
12

Dropped files

PID
Process
Filename
Type
3008
WINWORD.EXE
C:\Users\Public\yeZjqHFMWjXi.exe
executable
MD5: acb2a86049680d7e4b95bf501b9b11cc
SHA256: 7ed9f02e68df5d325b8612944d9e1c5dee6df7ea68425e6cd8508fa7fd218664
3008
WINWORD.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\rundll[1].exe
executable
MD5: acb2a86049680d7e4b95bf501b9b11cc
SHA256: 7ed9f02e68df5d325b8612944d9e1c5dee6df7ea68425e6cd8508fa7fd218664
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata-v2.lvdfp
binary
MD5: 10e653d49c9ae8000e12d795c87cb35d
SHA256: 351985161adc620f7f3970f3080742b87b3a9019bbe0ba06959ddd1fd39b3c71
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\a[email protected][1].txt
text
MD5: 6c7efeeff5355dbd073e45a1e9b6919e
SHA256: fddf6e3bbeeb660973ae8b5d7d24618458ada6b40d5a847b07e0d84c6f8b786e
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
text
MD5: 66b082a306a9588af644a4e18dd0824a
SHA256: 79530f8c9aac44675170ad394ce6ff688e94c3a6cbe7d9a141054bb1156043cd
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 433607aa5b8c4f3774e477f069155b62
SHA256: c4bdc7124fe8e3ae4fafa05b701f71ed9beaf7bf63f63aaf4188969b58972f1a
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: fbacbb2749e0afda8f7befa8ff099128
SHA256: ca0452bb7a072fd889af3f06260bd5210f1f89f64b0f3ee3403f34ee91489b2c
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 4b1b578f7e94bb00ecb829792854c478
SHA256: 2843b69f5c993be63d1900947a8e46f01b87a5e41dec64096cb354370fa69dcb
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: a5f3e90c39f3b5d1ebbe1e2b5bb8003e
SHA256: b7ce7df99400dbd027c7b6e3d329c549619d09aa991b06b0f4a9c56676138187
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: e26f85e1cbeb875842545b053446c1b4
SHA256: d0b8d74dbb13f37ee323b02d308b10db0c9788a5c5dfa238582fc4e300075ee7
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
text
MD5: 592a4ec2e8a2edbcbff70b49ba1f8a0f
SHA256: c1b5e9dcc5e23ca46c8d4569f16a438127eb23d0965333339197b6f56bfdb97f
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
text
MD5: ab009592349b1294633faa9571f657af
SHA256: 6f36e88ef0f6f5bc0d536c3de4bd222c664cbae3d880e0a6497883b702551133
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 763b6feba2484478046824cbe53769a7
SHA256: f5c4ce9eb180a4786c6569c4a43defd542bd5912717d85d2cd52ba2ca104907f
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
text
MD5: 8a9e70f4e3ce4f0d9a6ec9b5a608c069
SHA256: a4c91afa1ea39b0901ffd314cc3a68d9520a9477c0990357b05faa8b5eabde06
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
text
MD5: 43078d10911ef212e498e65dbb0ce510
SHA256: 3c885542b823e627c8bff2c68f595c6139d9a42a0072f9d0420e29de5ec3d26b
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 34c66778a7ace39a3b3d4ace6fcf71cb
SHA256: 8e4bdc966c37a171bad69051d64ff9dcc6a93a1e8d906cdc92be29ddda2dc499
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
binary
MD5: 9fd7717424f46760c9e072391b51f0d4
SHA256: 7eda191125f8c9f0d7b3a3577d6a670fdbd17fef1ddf65d4d41747061c85be21
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Local\Temp\Tar2F7C.tmp
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
binary
MD5: 6468f2aa9553d3e3b175b3fc370d8652
SHA256: 3511803fb1f206d7323584615d7db5937ffacfd05fc4f97f7a131037df4c3442
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Local\Temp\Cab2F7B.tmp
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
compressed
MD5: a902cf373e02f7dc34f456ed7449279c
SHA256: ea0c12aedea644678014991a96534145e85aa12cd8955396dfdc98a4fc96f0d5
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Local\Temp\Cab2E30.tmp
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Local\Temp\Tar2E31.tmp
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Local\Temp\Tar2DF1.tmp
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Local\Temp\Cab2DF0.tmp
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 23ee26e8250851fad80f53f99f25753a
SHA256: 31ecfe3e650f09bbb472783df086e175bc715b4025cd506c5d2d61f14ef2ef84
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 837732242eca86fcc2c35fed88527ce5
SHA256: 12e532fef32a4503588fa08a8b34126cd4a25353df95971f7dd6cedb87af4760
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: fc39caf60d4608ec05ad96c8c456de7d
SHA256: c5c4ad393a4ae13cf24797b893d595fbffd08b693834dcb9243edce88099e67a
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Local\Temp\pidor.bmp
image
MD5: b5565139df292a11c11ab06ba594b941
SHA256: 3eb6b60de33a71ef57e865c98fdd1005b34a4b8cc537cdfea453c59729b736be
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Videos\Sample Videos\Wildlife.wmv.lvdfp
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Videos\Sample Videos\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv.lvdfp
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Recorded TV\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Recorded TV\Sample Media\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg.lvdfp
binary
MD5: 1a3574688082b1eb05564489aba8d6a8
SHA256: 71377f4a3df6cad375ae013329ba78e5d3e8b6bb23d2dca1f9cfcdc287522a51
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg.lvdfp
binary
MD5: 3cf689cb93eabdaf0b6436db470bfb8e
SHA256: 396ce4d2fc9f7f80d9c67e97860685556e5f67d9615a17a9cfe9184448aa141a
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg.lvdfp
binary
MD5: bdabe6dd8d20a9c0baa8cfc6d7b34a54
SHA256: 5ba657a930934349d0ede3b69b3a29549df82efa9239f2553c4a85f838f9baa4
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Pictures\Sample Pictures\Koala.jpg.lvdfp
binary
MD5: 0d390ea881dbc7725c3fd3d10b78f45a
SHA256: a28f9d312283fef00487cc4e5fb066190ddc7862ac32e54e567bf1b6fcdf2a9c
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg.lvdfp
binary
MD5: bf2e0a59ddec6ac45132813477eb0f09
SHA256: 66709e1e87e2b4009b540b7bafd5cc01b79bebaa7dfd3bf012e4f64cd1dafd8b
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg.lvdfp
binary
MD5: e5548146b3dbdf11c30eddf70c9ac997
SHA256: 0bd54b1c63bc80de9cd2b766ca6aeec3ae9c8e3aedee07b29efdda35d9275b8c
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Pictures\Sample Pictures\Desert.jpg.lvdfp
binary
MD5: 70f78db45a6ccccfdbcab6c0484493bb
SHA256: 2398efea64193c59447797c0cbee1bd36306e379a5729587196ea24dea38ac87
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg.lvdfp
binary
MD5: ef2cc69d79b648214958beeb28e7a204
SHA256: b0245d6cf2378b1ebbea5953d7cc49117c0a53cc376e01e665d2e99e8af65117
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Pictures\Sample Pictures\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Music\Sample Music\Sleep Away.mp3.lvdfp
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Music\Sample Music\Sleep Away.mp3
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3.lvdfp
binary
MD5: c09be03ca9b24436cedaafaf6e781794
SHA256: 6fec70a32a0c44780bb103669fba4d1e8fe71458115056eb9c2b6cf12e2c90cd
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Music\Sample Music\Kalimba.mp3
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Music\Sample Music\Kalimba.mp3.lvdfp
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Music\Sample Music\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Libraries\RecordedTV.library-ms.lvdfp
binary
MD5: fc3014952977bf98c53ee390f1b8df60
SHA256: 8013ee4f359dae04f5f93c9c810c55250c7d51db61e73d9c075422ec9fa5a19f
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Libraries\RecordedTV.library-ms
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Music\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Pictures\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Favorites\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Documents\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\Public\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Videos\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Downloads\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\Public\Libraries\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Templates\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\SendTo\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Searches\Microsoft Outlook.searchconnector-ms.lvdfp
binary
MD5: ab579c9aa69d108d14b74cffd6af72ca
SHA256: 2f7cfc4b2b183a9d48a86baf3d1b326c644faa1a18d48744ea0839794ad78cdf
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Searches\Microsoft OneNote.searchconnector-ms.lvdfp
binary
MD5: a62d43589115a963ee24164b11f7ba49
SHA256: ebb70ed88d5ddaf88b548c0cdf9aa54d1c50f31444c037fa7ccf1506c3ee731e
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Searches\Microsoft Outlook.searchconnector-ms
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Searches\Microsoft OneNote.searchconnector-ms
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Pictures\timesstatement.png.lvdfp
binary
MD5: c2a7a95fa5c982f2fab78e227a2a4ea8
SHA256: 72e692a0c858947e392e70fd6def02cbaadeba481c6c24aef7a01bfeafe0f227
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Pictures\stayuse.jpg.lvdfp
binary
MD5: 39b186422d9c9fbede1550a1abd94ed2
SHA256: fe9eb991665218eeeca5d67821b7334bc93eaa13c46af59785bb26d3c11bac91
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Pictures\throughoutsuccess.jpg.lvdfp
binary
MD5: d4ad5bbd64f24efacc0dabe6dd822228
SHA256: b5461b8adbade434c72f09fe72a32f28a6321eeaa62d27c383aea801574270fe
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Searches\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Saved Games\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Pictures\throughoutsuccess.jpg
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Pictures\stayuse.jpg
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Pictures\timesstatement.png
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\ntuser.ini.lvdfp
binary
MD5: 06cfbad6a51331fa071c59b0cf027157
SHA256: 9056ccb23ad18f3865df3a501b9a1301ce497ff2d7e9cc65d8822383d5180343
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Pictures\commercefather.png.lvdfp
binary
MD5: 86fbb2dcf1f4648f74d183780239f789
SHA256: bfb9604667b3be576042a31e22e4de86d98eb0b79b9e1f408632351c90d9ffb4
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Pictures\giftssave.png.lvdfp
binary
MD5: a1a4d74ed0ba56687c1c45b5486a28f3
SHA256: 0342e6017d8d7581146287d9df271537c06296792e6e0fe42cfb1187ad490177
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Pictures\deeptry.jpg.lvdfp
binary
MD5: 9dbe9be627d848268abe47122ffc926d
SHA256: dd494e6e9004818274252cb79900256593d76591ff6a3185ed11010abf6be689
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Pictures\giftssave.png
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Pictures\deeptry.jpg
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Pictures\commercefather.png
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\ntuser.ini
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Gallery.url.lvdfp
binary
MD5: 5274a6ad21a6c83bca165dc01b1b5146
SHA256: a5ac06622277151bb7ce37f8520af2442b1380c6be7095d9318d1c647b0bf6b9
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Links\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Spaces.url.lvdfp
binary
MD5: 537ed73b327d4a553fffb294e9cef19c
SHA256: dcea47cbb69456476092d73f0a99164d95066ba537f35c3366e73959b8fe580d
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Mail.url.lvdfp
binary
MD5: 17f6b5dcd85461c90b9d58c7d8b64037
SHA256: 50e7c2e5a1c118d5b4bd27e6616a12711985ed66aebbb911481c99eefa8cf851
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Mail.url
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Spaces.url
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Gallery.url
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\MSN Websites\MSN Sports.url.lvdfp
binary
MD5: 983d29ed5d5d3b32446fcbc8160a8b21
SHA256: 808fbc9778b937df8af17400fe3bb6cb1f707801c86034eca387b306b379fa3d
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\Windows Live\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\MSN Websites\MSNBC News.url.lvdfp
binary
MD5: 182850d36c99f9c0991091feeae52b09
SHA256: a9e64be7520a2e075fe54d26886688b529a7d370c4d59059f7b58d80eedc3176
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\Windows Live\Get Windows Live.url.lvdfp
binary
MD5: 236ee221fba5eec448a5f58cc4e0006f
SHA256: a2a0256c8334ee2b1de069d9430a74d42f980b783bf85fffc4bb4c9cb80b4e0b
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\MSN Websites\MSN.url.lvdfp
binary
MD5: 1472c4aa935951ee746d0eb2c5d57fb8
SHA256: c5ba52a2cd727c2ec50afcc0b2f107d540b5b30846ab420f6f831df05e519341
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\Windows Live\Get Windows Live.url
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\MSN Websites\MSN Sports.url
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\MSN Websites\MSNBC News.url
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\MSN Websites\MSN.url
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\MSN Websites\MSN Money.url.lvdfp
binary
MD5: 814e18078cfc24dfceaead5a179577e4
SHA256: fbeb63b82b3c64ae11dfb061c48a5ead2bc534a5d6c057203ef693a6bfb233b5
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft Store.url.lvdfp
binary
MD5: a0a5484f2d36e65243083a56173fe58e
SHA256: 50f316a09a1e92d41f6e117de0d0dbc80035e2ceb8af1879cd31e5d6266f6e14
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\MSN Websites\MSN Entertainment.url.lvdfp
binary
MD5: afaaeb9f7e8cf788885b753adeba272b
SHA256: d1114a42824efddff72b626d55d78f9eb39a966dc978da2695aad5eb29831286
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\MSN Websites\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\MSN Websites\MSN Autos.url.lvdfp
binary
MD5: 7b65bac6c0d1aaac5a6747b6cf54f329
SHA256: 84c2db6bc9faee6c6221a2d0713638329ccac3652eb88e4c322252fae9f4a7df
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft Store.url
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\MSN Websites\MSN Entertainment.url
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\MSN Websites\MSN Money.url
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\MSN Websites\MSN Autos.url
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Work.url.lvdfp
binary
MD5: fc578398499ec80ea15058371170d4e2
SHA256: f3c3d12c76fe57cac27fd993332fb056d79261a41baf91c593403a5411acda0d
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Home.url.lvdfp
binary
MD5: bfcc73e1983b5a41a7a8ee033ef200a8
SHA256: 27a3eba9bec6a4171f13439c021701633a4ac9d2289a92c752e422ef0a62493f
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url.lvdfp
binary
MD5: 8c31f2cee35e2de2b845b3a42cf3915d
SHA256: e82b712a83ce1e986b237614fe2f8e8e7c08f86416c23625dc67443b151685ea
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Work.url
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Home.url
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\Links for United States\USA.gov.url.lvdfp
binary
MD5: f9fc67528b3f6de498e83a70e61fa702
SHA256: f75c65b21f5e7a0b8207e2ff542bae850feec94b9e0fee8aec7c5509f1c667d2
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\Microsoft Websites\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\Links for United States\GobiernoUSA.gov.url.lvdfp
binary
MD5: 4ed8e5f650bb34fae2bf20c01e9fe1a0
SHA256: 28f5279a403a7d33e5f037421405e2458d18ea519fed9c55caa2bd76e774fb80
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\Microsoft Websites\IE Add-on site.url.lvdfp
binary
MD5: 640cef877e812ca2a8ad47f67bfc545e
SHA256: 18c680659dcb66db6ef460e8b7ad85f610d3e5ddab4dd3b3e61d7274cdb45ad7
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\Links for United States\USA.gov.url
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\Microsoft Websites\IE Add-on site.url
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\Links for United States\GobiernoUSA.gov.url
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\Links for United States\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\Links\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Downloads\nudeguidelines.jpg.lvdfp
ini
MD5: 405b495339b5caabe50dd656002da921
SHA256: bca4004fb50453f225bbaca54201e7d4b465569be9e9cd6e205585dc21e1f851
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\Links\Suggested Sites.url.lvdfp
binary
MD5: 24923ba689ba069d93f6d0380b66ef97
SHA256: 3c9f0dca4a0691a678fd6dc035262b4ee054c362f7cd25402cbe624438ef9c43
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\Links\Web Slice Gallery.url.lvdfp
binary
MD5: acaf0d321d921a8e930c0917b445fef5
SHA256: e95e2e90788ddab04f7aa276bd08346a38ddec1f4ae69d70bf261065c4903e70
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Downloads\nudeguidelines.jpg
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Favorites\Links\Suggested Sites.url
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Downloads\franceweb.jpg.lvdfp
binary
MD5: 7585f9b7cb548bf51f64f34b3326a0e3
SHA256: 1a55b5579d14e9ddc177473a88cffc180ef81bccc2add83b124f0429a1056819
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Downloads\applicationscheck.png.lvdfp
binary
MD5: f8a6c48df5d869fcb1e498944be41e76
SHA256: 1ecd4963b815a23ff8116827ad4be6f60b2b8fcb931b127e29ef9710bbbbbbd3
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Downloads\filmtry.png.lvdfp
binary
MD5: 26f2ec848b1f2efed2bbddbc4a76326f
SHA256: dba1b761ae6e2eb1aee6b30a24d7fc5dc5bb558911a3d95774f1f181ee4ab094
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Downloads\insteadbackground.jpg.lvdfp
binary
MD5: 47297ac8b62389bfd606ee1038da129d
SHA256: 30fa99a08124154b1f71c07329919a6442688a114c05c8700672c3752318d93a
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Downloads\insteadbackground.jpg
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Downloads\franceweb.jpg
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Downloads\filmtry.png
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Downloads\applicationscheck.png
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Downloads\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Documents\Outlook Files\~Outlook.pst.tmp.lvdfp
binary
MD5: 270cb4bb9fe1d1e9bf8aa2d3a2c50758
SHA256: 42162d3922e0686f3b3ef87828a9abf3f91e367b2894fad047f925407c575033
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Documents\pointhours.rtf.lvdfp
binary
MD5: ae707f64855565bb52e510e199e42c6f
SHA256: ea561977be8fa705c91b38a73a9e0ef758c2ebcd73705555b49be166d35e4f5c
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Documents\westplans.rtf.lvdfp
binary
MD5: 54708bf444f2eaa3a1f3131908952792
SHA256: c8ea2c35dc41cfd42ae5fa18965faab2ebca6be2a909b15590a726614f89c347
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Documents\Outlook Files\Outlook.pst.lvdfp
binary
MD5: e0b5526cc87b781c9447c273290a38a7
SHA256: 58501dbdedc70c24d8f36c1f02d5b813387a19b5ad6389035cd953f09b631e05
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Documents\westplans.rtf
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Documents\Outlook Files\~Outlook.pst.tmp
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Documents\pointhours.rtf
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst.lvdfp
binary
MD5: a665dd628b6bf7730dcf5e82a07a8765
SHA256: 8bbd12198ef071668e07debec37e91276034211cc83b9545089d72300927b7da
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - test.pst.lvdfp
binary
MD5: bf492711b8be4485cf265c2758bafc52
SHA256: 069721a70fac0aec7373efa481dfb5fc8bde52c69ff26d5dceaa23043b4c0ae1
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - test.pst
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Documents\Outlook Files\Outlook.pst
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Documents\Outlook Files\[email protected]
binary
MD5: 967d12195544c66b5c7c3b71e0939484
SHA256: 77c3d34b1bf922badb92b5d09dd45696469ff8f42dcdae2c54db83d9e8003ce0
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Unfiled Notes.one.lvdfp
binary
MD5: 184354df56cee811021477cbc09b943c
SHA256: 1a340f9777ec7853e6486cc6e70ee836266402ae5734aa784d6d5ae3475cfc23
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Documents\Outlook Files\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Documents\Outlook Files\[email protected]
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Unfiled Notes.one
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\General.one.lvdfp
binary
MD5: 63cd290d8300f070605de6f55282a1cf
SHA256: 39104b98c09f422eaf0f7851bdcde80483e3cfec881429abd430084c0766cd01
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Open Notebook.onetoc2.lvdfp
binary
MD5: 95232c5df529b2b1aed52880f82d6c54
SHA256: 16158898de978ebfdaa8a4a46e6788e73f597d6ccbf27cacfc80e9d20acefdcc
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Open Notebook.onetoc2
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\General.one
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Documents\OneNote Notebooks\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Videos\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Pictures\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Documents\atrelated.rtf.lvdfp
binary
MD5: b2e876e35e258507e6c296d765b016ed
SHA256: 6597ccbd49f82ee7635cffc05c13e192c7383f7d4e43cf3be1bdac713e2a483b
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Desktop\ukchild.rtf.lvdfp
binary
MD5: 6c5a4cc9b45f8bf33f5057335fe0df91
SHA256: d989e279f1880396305542d6f1a3942f27ce1740b6037fe1e39e66e89ac2ac24
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Desktop\messageleast.png.lvdfp
binary
MD5: e395ed6df9c9ae64a85e57172c7bc099
SHA256: 714f4780ac8621fd4c572b40919633122f4b854b9a464cef9b9b97e495c1004f
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Documents\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Music\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Desktop\nfully.rtf.lvdfp
binary
MD5: ca8325079f2dce5b1f163e7ebb9b919c
SHA256: 6ea5d5ef7697f1422d2cdfeb9c3293c81d70bd8a1d98282f153363fa0f4e4c8f
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Desktop\sentmortgage.rtf.lvdfp
binary
MD5: 22a5724f79b973ddb97f98672158ea27
SHA256: e06bc7de7a769e04f102cf4634c7bdd1edb523a64fcd69932e5fb69916bec359
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Desktop\ukchild.rtf
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Desktop\nfully.rtf
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Desktop\sentmortgage.rtf
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Documents\atrelated.rtf
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Desktop\fairjuly.rtf.lvdfp
binary
MD5: 004fe1bc52e840ce17f0b643c35bf244
SHA256: b55001739178286341a50de867d019927345d1087d29fb477c7c20234b31beac
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Desktop\itest.rtf.lvdfp
binary
MD5: fd5e3a482d0a0d828b96a04c9a81f31f
SHA256: 5d7dcf7ca19bfd7b6742758e41d7f52143324abaa05d312775c2e43d101031e3
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Desktop\itest.rtf
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Desktop\fairjuly.rtf
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Desktop\messageleast.png
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Desktop\basicdeveloped.png.lvdfp
binary
MD5: 505c91038c52c816440df6db86c9baa5
SHA256: 1e9a6de45717aa277d03614f20acd4e156af552605650daea9fecf336636bdde
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Desktop\earthrequires.jpg.lvdfp
binary
MD5: f174a8b3054716e9888393472226dba4
SHA256: 6a51af6ad251ec0dc7c3c24fc9a2a1466af1862417e40ffa71c173940274f7b7
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Desktop\basicdeveloped.png
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Desktop\earthrequires.jpg
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Desktop\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Contacts\admin.contact.lvdfp
binary
MD5: 6e9838d40bb4ccc3c99bf706690e2086
SHA256: 916101ebc112530a578fb4de0b82277d0c5732978d535f1d0a0664f3be4a238f
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Contacts\admin.contact
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\WinRAR\version.dat.lvdfp
binary
MD5: 4a83d36c82249cfdd5cad2c38c63b932
SHA256: d2939f65568e6a548262676bd7382ab48a76ddb37174affe6a1db5c6fbeae3a5
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ul.conf.lvdfp
binary
MD5: 19c2e460316e05d1ec9b6c0b1ea79069
SHA256: 02b4e2f0d1e4dc51859bf6fc18cd9eeb13559d5877e0360df2c507def39584a6
2892
yeZjqHFMWjXi.exe
C:\Users\admin\Contacts\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Sun\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\WinRAR\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Sun\Java\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Sun\Java\Deployment\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\WinRAR\version.dat
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ul.conf
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ecs.conf.lvdfp
binary
MD5: 1f7be90d71804d3c9e5f75081684763f
SHA256: ee34d293176ce71480fc7fd5e1d5be41739aa2722d9debbd5fd33e98a516eb12
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\skypert.conf.lvdfp
binary
MD5: 2071cb76f9936726e125ec9cd88e8020
SHA256: 6dbd3f79eadaaa6cab14759832b1b8c60136ec99b0090b8ba0c24845eea69ea3
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\skypert.conf
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ecs.conf
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\queue.db.lvdfp
binary
MD5: 70a9bf934dc1bfc53c42ca1e56e0ada9
SHA256: 4c6d1f1af64447008f0da8f09de1e85cfed82362a9c54eea466659cf45c0b222
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\queue.db
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db.lvdfp
binary
MD5: a3671aa5215db7b6e94e825fb7a550f6
SHA256: cb1aa1e759788671ecde0072940164e92705e28519e1dde8d497a6c86fdd4dd9
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db-journal.lvdfp
binary
MD5: ef6c75da7267eb8c19d37d718888c1f0
SHA256: 3eb4a020b1450801fb409cb5cfd186bac6ccb61ce7212c6adee78c3c933e2cb2
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db-journal
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Skype\shared.xml.lvdfp
binary
MD5: fc161ad58207217b9f1942b67f329c66
SHA256: 79074aaea48099f45bcfdd32a396579af87d0ce4ee62b9d80fec9c63809f4ad6
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Skype\shared.xml
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Skype\logs\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\offline-storage.data.lvdfp
binary
MD5: cb044777e9c3e8f489424bbbea458efe
SHA256: 1447874e4160b35d3c58b9e7175f0f9f0970d84c4f7c9f08a9268ff197827fde
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\offline-storage.data
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Skype\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\users.xml.lvdfp
binary
MD5: 7327e06fd3d11d77000965b19c1a58d8
SHA256: 3a9c841702eb9c72ed0d522a41951228c718d8a82b171e52c266e54cde873d57
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\users.xml
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\wand.dat.lvdfp
binary
MD5: 1e00bd7fbac6646567aa5c8ba3de1315
SHA256: e7d9d181b7fb45db2e0a8610132edb81732165f72e549c3b9b983605c6365b12
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\vlink4.dat.lvdfp
binary
MD5: e9f86167c182e178293f92e047a78c33
SHA256: 75567e1605ab3576e9b972e2a90369ee81a4beb0dceb7d85d4f36c914fb95988
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\wand.dat
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\vlink4.dat
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\typed_history.xml.lvdfp
binary
MD5: cf3bfca1a44783993325d7173a678955
SHA256: bb0d1cb78f2585fe37b5185d43e5f1ab6f6ea995aed0568045d6600cef6ee55a
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\typed_history.xml
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tips.ini.lvdfp
binary
MD5: a86dde908e9193dcb2bf7f29e84eb96f
SHA256: 8160d555bf90b55baaa8867fa068454e2963bd3790507630457e99042abe2b45
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tips.ini
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml.lvdfp
binary
MD5: 1d3335c8350be991a31e574a1b994071
SHA256: a270bcaa4c673748720a39d9f4f207f2242d4647f7f4b73bc76f5e51903dca26
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\toc.css.lvdfp
binary
MD5: 6989a043580742842ed0053abedac9ca
SHA256: ae8d00bd8c6ad50e10d9cd72754d902a0904744bb90255a74419d810f4def23d
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\toc.css
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\tablelayout.css.lvdfp
binary
MD5: 10ea5a2f7a66037e3fc699b3581c4293
SHA256: c3d3088157aff20120905827035c7866fa941b65962fb4b86d9c23cbfa081ec0
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\tablelayout.css
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structuretables.css.lvdfp
binary
MD5: f18ec8a69e204c2046131831debac7a7
SHA256: a6ac828df67f4713d1bc3a358779711e71264b61b6fdeda25843d983279f4306
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structuretables.css
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureinline.css.lvdfp
binary
MD5: 1a3590bf8284961d63b031a9f2070fb6
SHA256: 9705c324b38f4b4b1853ae07606ed0b89efe532076250d61d87f98abde90ffef
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureinline.css
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureblock.css.lvdfp
binary
MD5: 8e0fbe6c03c6bde84cceab1c000fe226
SHA256: 3ae300e569bf4bc72f6635462115b3802fc2c0ca003adc9c95eec7b0d0d01a59
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureblock.css
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\outline.css.lvdfp
binary
MD5: 28d2d9c732b43ec127077bcf1143fddf
SHA256: 9a8a127a4e8ea0cbed9dd3514a232d258a7219b250c7963a19b39b30167e8ab6
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\outline.css
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disabletables.css.lvdfp
binary
MD5: 336751f97d8b404d34de0cf47f4b675c
SHA256: c0b9584c5f0f9ab8f961b73bfe175f56f3a562b659e27b5759e70e39191e4507
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disabletables.css
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablepositioning.css.lvdfp
binary
MD5: fea7f87654652c19ca33cabca94ba431
SHA256: 72d6dcee4cb606a3774874d645c7a3e2a6374a282805cef8128344a3c995e4fe
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablepositioning.css
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disableforms.css.lvdfp
binary
MD5: 46d9abe1936bda97e6e609a500ae09cb
SHA256: 53c974a5a3fabbff0c6b8c9aa2a6e6a639a63df6e96cea8fe032e97c2ed177ff
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disableforms.css
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablefloats.css.lvdfp
binary
MD5: edca188a9b430e55347ea31256fcb2b1
SHA256: ffe80288277a960679677c9e10d8fdde2d597c59d417ddf78cc20359cd15a303
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablefloats.css
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablebreaks.css.lvdfp
mp3
MD5: 436d1c0a2cccfb0ed5a3e796c11c6cf1
SHA256: 84c7412f519be41276de06cc8069c087b537c1d291b6c0f67552b6fb19c6f8ae
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablebreaks.css
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastwb.css.lvdfp
binary
MD5: 6a2ebd0d1b67566faa05b7450fa33e74
SHA256: fbc7f510a9a15904ce3d2cbb39967fc64ff35250a099f69e6255510aae4dbbd3
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastwb.css
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastbw.css.lvdfp
binary
MD5: a1cd05ae2aec2d466d89d4ed598e4a15
SHA256: f6682e481812ad45ecdea28b44fa096f045c0b8168288f1e041d9c336a8d8840
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastbw.css
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\classid.css.lvdfp
binary
MD5: 0fda6baa4c6937e0d060e5bc42e05ff4
SHA256: ee6079141d76722fa6b175941f0c25c05132f7fff7e6203c42e5e0b6d0840d8d
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\classid.css
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\altdebugger.css.lvdfp
binary
MD5: b76dc48795f1173be5ac88c83ab65ba3
SHA256: afd05ef46edee3d66c150c61c222431c353d2cf97ebc56b4fd602e595433d9a6
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\altdebugger.css
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\accessibility.css.lvdfp
binary
MD5: 949759e5b50e889dd6a3ffd3068c7e1c
SHA256: 30a0db22ed651eb351c5646822ed92febf9dbdfbe6657c6417b409951ee4e134
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\accessibility.css
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\speeddial.ini.lvdfp
binary
MD5: 111b40de6a7aee92ff2102d15b462255
SHA256: 0147b0133ea38150d535d4d2b695197fcdeaa04877e53a2900f9683eb28f15d7
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\speeddial.ini
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win.bak.lvdfp
binary
MD5: f7bfa45ff920e3219504a3758a61b8a6
SHA256: 37824ef31adc9fb812c9e5ab22b18c745ce3078fdd97dd0b4ffa0cdb8e6ce8d0
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win.bak
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win.lvdfp
binary
MD5: b852fdf258c6066afbdc69a753606b47
SHA256: 273a93cba01c34623b364574c8608cfc6a0671d15e1ea3a4ed8f5b7914016ba7
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opuntrust.dat.lvdfp
binary
MD5: eee8fed7ecf3892686945c03e2d595dc
SHA256: f409430eb6ee6606c49c4f69629e81eeb4974268ad0e149979b900b07cf7a05a
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opuntrust.dat
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\optrust.dat.lvdfp
binary
MD5: c48b29ee2a4aa200805b0ca8f68eb523
SHA256: a646e1fcc3c03fc93cafe13193f9f90952abe8f7fc9479c77941e27b1339838a
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\optrust.dat
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opthumb.dat.lvdfp
binary
MD5: e5f43be0c53c7d11ea3e9e8977e1ff81
SHA256: bce16ee79f0159c8eb3cf00e7cb77400a282798bc6f8c52071a9d89c2ccaa85e
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opthumb.dat
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat.lvdfp
binary
MD5: 830acd7772cf750bb8ed8907b26bfe5c
SHA256: bf6b4c505c8dbf640cf4e44dd6c7767f45331cfb84902f043722f58971d1d5c9
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprand.dat.lvdfp
binary
MD5: 5028f2dcf9a990856be55a56bd90ad4c
SHA256: ce80db6d0c9d47fe97cd6dae07994f409c852b4a006484a3a26abfe7ff5f5aa0
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprand.dat
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opicacrt6.dat.lvdfp
binary
MD5: 980b49bb5dd056f3b95148a8dcebd4d2
SHA256: 3ca4400bf9c7696d4cbcf89281f58a2f887ba9d8dfaa494dca75b9ee1939136b
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opicacrt6.dat
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini.lvdfp
binary
MD5: 51a02f33a607d8dc25f21a6504b72811
SHA256: 70ebcb5c0274f7fc364d1872e86673807716d11265a9a59f46fd213094b4a72a
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.dat.lvdfp
binary
MD5: 4fd17a3196bf7dcdc349d5b65ffbd707
SHA256: 3f9e2a0a45db3f625e8fb4638961099435f735e20885075c27c2c93d953c7068
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.dat
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat.lvdfp
binary
MD5: 45eadfc30be246a28ac4915b44043fb3
SHA256: eddd0756a6183cc1e62e5ccd5f81e81de7d0fda0dc6b8b58830dc672b3babe66
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\handlers.ini.lvdfp
binary
MD5: ce03b7a7927ce1f89bda63a025c86e42
SHA256: 90bad5bb44c589fe890f9424a8d566a950b8c58bf680d35cff2bc9212aaf2d70
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\handlers.ini
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\global_history.dat.lvdfp
binary
MD5: ad4f32fcb8a272b42c5ad91e3cba1cc0
SHA256: 0d63fce09af1786b6c734cabc31254373ec24a49a83870e4f153778f04f4324b
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\global_history.dat
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\download.dat.lvdfp
binary
MD5: 719b788db0d0c40e4b2fc60ca7e0de05
SHA256: 0f1ba0874298aac1256c849043fca4e7f6ea1a889e9d2feef31ddc8b3a554bec
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\download.dat
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\cookies4.dat.lvdfp
binary
MD5: df438cdb3debc00d6a9dacd6eb3cd709
SHA256: 6c13f6cc7da8cd98569edeb21eaf1aef719f7eebac922f3cfe171a7a7a9e792a
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\cookies4.dat
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\bookmarks.adr.lvdfp
binary
MD5: 79632fb2a640a6ab96c0f8d54a808460
SHA256: 677be80b6d07b38bdeee7973f5e88db2fb8761ead2d0822c700e4858481e179e
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\bookmarks.adr
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Opera\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Zenburn.xml.lvdfp
binary
MD5: 91ca5435539d368939de17c5bf224e7e
SHA256: 1c68c5083c68d68b21ce3c1423c2adea4ab37e7985670d7c38596dc6df893c12
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Zenburn.xml
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\vim Dark Blue.xml.lvdfp
binary
MD5: 76429fcb50ed6afa0416e97bad4119f2
SHA256: 66616ac5765367db2fb9e53efc254cce4201e03e199d562249a3d71c36785c61
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\vim Dark Blue.xml
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Vibrant Ink.xml.lvdfp
binary
MD5: 01ff3557dbcdcb2bd30a57fba6b7811f
SHA256: d55e4a2b79507a4246d0900fa20b679caae6a5a3d9150bc2ca515f2acc8af771
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Vibrant Ink.xml
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Twilight.xml.lvdfp
binary
MD5: 254ddc70b7b16af73c0bba19b6a9cba9
SHA256: d1b31abfcc04451ea34e7a740660109322ded532fad0a933450cd705366fdef1
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Twilight.xml
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized.xml.lvdfp
binary
MD5: e91e3dda74a0cf603077298fb741f17a
SHA256: 6fa14c3ab5e298b9157632750ed061251f29889a91d96fb663f2b5c3024493e9
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized.xml
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized-light.xml.lvdfp
binary
MD5: 9e8eb2328578b274810d1634af1a0721
SHA256: 8ab0ba83e250907e7c3b3251c15684b55146bf5845615367bf61be47812f8ae0
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized-light.xml
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Ruby Blue.xml.lvdfp
binary
MD5: 1df139bff5c76fa6302069fafc4df4cd
SHA256: b59d7e208a51881c72c3ce6054ebdce5a305ce301ee6ed4799ab486bf17ecd22
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Ruby Blue.xml
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Plastic Code Wrap.xml.lvdfp
binary
MD5: 951f8fecd77b70d07d8fc6506e014a7a
SHA256: 2cfbca9a18c94078996e49aba28a0b9d51a49121f2fa59d8e4885a85e59270d8
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Plastic Code Wrap.xml
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Obsidian.xml.lvdfp
binary
MD5: 6081d221cb4ce418f596842b841d58c8
SHA256: 341d5ac699a61fe4de0a4f1fc40af8e1c4d0bcd14706b9e08fe566157dff65b8
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Obsidian.xml
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Navajo.xml.lvdfp
binary
MD5: ccb8532964e9d0bceda0395b057a08d5
SHA256: 972a0d977de9b1c6afba7afdf3e1aec58b1fb4430ca7b33c856f75a427df5160
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Navajo.xml
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\MossyLawn.xml.lvdfp
binary
MD5: cec3fee7b4397a990e423ee5e57b65e8
SHA256: 63c99f680498a5e236c604f08a8ce2a31f59b5be2faac190d20ef303d248107c
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\MossyLawn.xml
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Monokai.xml.lvdfp
dur
MD5: faaf3bc47acae3d8f875ebc5256fed6d
SHA256: 10df0372f099c5b0a8477d9dbb19b67a64c0b5785c60f06da3a7ad3aadc21004
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Monokai.xml
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Mono Industrial.xml.lvdfp
binary
MD5: 862e1a8dd93713e9daa233752edd0436
SHA256: 0272c90b5a86758e9ca08375267fffa5c20778cdc935af025ee540b63a0e35fc
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Mono Industrial.xml
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\khaki.xml.lvdfp
binary
MD5: c40bb2cbc2365bc0a63e340636f36588
SHA256: 72c2d2da294df049f20ac8748de22b7e3f5e7a217f8eaf1d48e233b543d32a17
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\khaki.xml
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\HotFudgeSundae.xml.lvdfp
binary
MD5: b0da94120857d20c8e11b12d017fb11b
SHA256: 65f3940a2bb93e942d62f8300322bb4d8eb3d41e0f67c419db808bbdf7258762
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\HotFudgeSundae.xml
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Hello Kitty.xml.lvdfp
binary
MD5: 4ad4bd21003edf6dcbe3ea90cd483e99
SHA256: 06764f8b03d50bce3f7b13aafddb127acee0c891a42719e04b7a7d7a6153b94e
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Hello Kitty.xml
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Deep Black.xml.lvdfp
binary
MD5: 47e593e517a2708e2fa45bc567ce67c0
SHA256: 96ad1f0ebd39647876d8f6b04ff230e275a12bfa7fd87181fd583f773acf493d
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Deep Black.xml
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Choco.xml.lvdfp
vc
MD5: 88911ce543fa277400f650a740a150ca
SHA256: 47672d7ada59581b98d623f620dbfa142887486d66833c9de5790879829ca5ba
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Choco.xml
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Black board.xml.lvdfp
binary
MD5: 16829091d5e106242d8b3b7f7cf7610f
SHA256: 86fd2e6d07d78d22117012ca41b8198b5b79b7dae03ad5a53bb22cff6a1fa450
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Black board.xml
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Bespin.xml.lvdfp
binary
MD5: c5af949d33b7bd2039b35a983f084ea0
SHA256: 5a356114e46f91ecbae1c1a84361465e7dd7fd042257a5bdd25fd6485c6862fd
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Bespin.xml
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\functionList.xml.lvdfp
fli
MD5: 3695648f005f2d48ce123f8877dd3903
SHA256: f0156fb9d5e21e100c137a5af73f167cdca9287d96da22fef31c695831a06564
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\plugins\config\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\plugins\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\functionList.xml
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\contextMenu.xml.lvdfp
binary
MD5: be6a016c5e40f89598b9ea98134e5bfc
SHA256: 2dfe54766de337d4979907bb86cee74b9c117a906eabfbf139f69af56bb25c5c
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\contextMenu.xml
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Notepad++\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\profiles.ini.lvdfp
binary
MD5: 15056176b7ecfbb5e12e984954424bb5
SHA256: 7e46688312c28358706dfa30fbe5674f71f482cb75998de1886c714432e6b686
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\SystemExtensionsDev\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\profiles.ini
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json.lvdfp
ini
MD5: d9d16a37afa23fe22a993544cdb242dc
SHA256: ea20c04a962948af6ff883c7574b83dd16ea3839ff4c35cefdb4d922f0c1176b
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\webappsstore.sqlite.lvdfp
binary
MD5: 899c74a6554ed99f02e551e224a3559c
SHA256: c5f4a86348559187befe0491e85e1290d9f580e4deb86f7403f4de755a42585d
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\webappsstore.sqlite
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\toFetch\tabs.json.lvdfp
binary
MD5: 45f1be1bb60e0f1c36e628300c58f84c
SHA256: 4b8c7285ee02f78301dfbf64e150aafb3ca6816dc535f30c83a8351cd37d610a
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\toFetch\tabs.json
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\toFetch\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\failed\tabs.json.lvdfp
binary
MD5: 616b075ec459eef68d50131900e4c212
SHA256: 5c3c29c4e652ec2312e5f8221faa3dae9dc2f07cf47b035cf8a1f7ba2e43fce3
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\failed\tabs.json
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\times.json.lvdfp
binary
MD5: 8a16763a71dcfaa009ddddeeccc12ed1
SHA256: e5e7554881b5f068d83a6c83d499ce61aad46de6ba0de16b1c4d35348fb59b20
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\failed\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\times.json
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage.sqlite.lvdfp
binary
MD5: 02888bf1501fc680228cd5f6b840e404
SHA256: 589e4f8f38f3f335d84143bd3069e17f9e273ba3d01890a783652a55268103c8
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage.sqlite
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.sqlite.lvdfp
binary
MD5: b808d54ef3a5065217470c93e4a25d83
SHA256: 212cdcb854c165e2a742377745f16393936ffe40ac1d4678ffdbd46f9ca17566
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\temporary\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.sqlite
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.sqlite.lvdfp
binary
MD5: f27b476b0e7aee94aeff884ab2086347
SHA256: 630d314d19bf73513937836ea535bc3ac0d5c1066602f6858ccfdaf81f56c8a7
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.files\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.sqlite
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.files\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.lvdfp
binary
MD5: f4ba0bce87b45bac51e7c356ee83fef4
SHA256: b8a0df9de00170ba6b63c1f13e7a2490f4192a3c36a2288aeb4bf41ecc78acd4
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.sqlite.lvdfp
binary
MD5: 0bd690d58e92f3bde9902f1a5bd48da5
SHA256: ad08cd3bbb1c387b2b0512e60155344bd5755b67dabd71fbc99aa0cfae929a13
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.files\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.sqlite
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.files\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite.lvdfp
binary
MD5: a5a45a1553278d09c604a012512d5727
SHA256: ba627ddd25573bdec9513bba184f86cccd97c341e81cc9954bcee01a0f7a5fae
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite.lvdfp
binary
MD5: de9815bdcda7939f8dd53a1b924aa4b6
SHA256: 07f18e0df9cc1aeb6aa14e4c33f780899810700f67e148b6c6a6aafa291288f2
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.files\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.files\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.sqlite.lvdfp
binary
MD5: b11f7904bcc58360e254cc0b39e32f77
SHA256: 6dc3955087307dc1248ebb135d99616d4792405fa9fcb0d7e4dabcafd3c9aebb
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.sqlite
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.sqlite.lvdfp
binary
MD5: 86a5a2dfeb89c8a3bde4f5eb6c0d9a4f
SHA256: 70251aa003c1b2beff87145b66e0b09b00cc66823d526e5acda1279d7aa90491
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite.lvdfp
binary
MD5: 748abcfc2da865ccbebe1b5c0a087708
SHA256: 64d512535be966debfea982b62c402f7ce319bf7e762c80abd7556a0aab7eb45
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.sqlite
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata.lvdfp
binary
MD5: c8318223d4d9a1ba9692bb8bc0ab2fd3
SHA256: 27e17a93b73f722a67bdb0524949a8b265e750f3b852adef84334dba9fb60dfb
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.files\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
3008
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\CVREA06.tmp.cvr
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.sqlite.lvdfp
binary
MD5: dfa1b75993b8c1e801fc9ea985566331
SHA256: 665824255c84b507b43054e6272dd498a55781e0e0435b383e820bb802a50ee4
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata-v2
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.sqlite
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\journals\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\1
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\1.lvdfp
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata.lvdfp
binary
MD5: f823c77eddfc40e0cef44b28e7984b2f
SHA256: 9229fc6cfeea3ed79a7a2eab6481ff85d156b76a89f905780250e666b115147c
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata-v2.lvdfp
binary
MD5: a256d1f851d57cd5c2721a52daf6babc
SHA256: 74a533c93baefd64c5586e9ec423cbaf12eec57d1e5c96bcc42df4b70935afe9
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata-v2
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\journals\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.sqlite.lvdfp
binary
MD5: a043883b01ed891239d008ed528dae43
SHA256: 6e7fe9704ab27bd85543daaddf5a0f5cd3d360488298a58a3907a5b9d8838ab5
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.sqlite
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\1.lvdfp
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\1
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata-v2.lvdfp
binary
MD5: c490302d835666e76ff91ff02152ad4d
SHA256: 669ba7b70f6fd99ff763fc70224f88edc843cddda9c1bac5a054836c56c6b918
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata-v2
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata.lvdfp
binary
MD5: 1d56dc78005ede40a9ff1abc71a2bd86
SHA256: ee83c8520b3d45a3b06be038183a6225ae101617047af03a8577768636bf3c09
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\SiteSecurityServiceState.txt.lvdfp
binary
MD5: ec5c3c249e840314e29dbd7c23def160
SHA256: faf66d4a0610d65b4b48520ca3f0f012fca563f3b4630eaa35b7d29d5a1136bf
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore.jsonlz4.lvdfp
binary
MD5: a0190eda1e543f7bf7c08d1f3621a120
SHA256: efffe39674ae51f3e8f08f08c1d40d062abf7e2ecb839fce520fe06abb5b8c08
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore.jsonlz4
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\SiteSecurityServiceState.txt
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.lvdfp
binary
MD5: 83e5c11e6a8834b290289d90213fb77f
SHA256: 55af39186cceb4afbc9d66403361b16de184a8cda4d0c526139c67d028f46b84
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\previous.jsonlz4.lvdfp
binary
MD5: 0c1a9b80f0e1f05f8e214b0a1ec46f42
SHA256: 676a502d0c4e00d161a2d1b35d0ef198357b9b82533408c2c6fbead9e7bfd624
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4.lvdfp
binary
MD5: 2a3f4df7d9689e9c48c315dae40f0cac
SHA256: 7c561772669abd51761e3946ac405cae2579eefb17f230c7326d3edbc6a0d0ee
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\previous.jsonlz4
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pluginreg.dat.lvdfp
binary
MD5: 2206cbabf9b3d6c424ec157bb03b2330
SHA256: 0dfb4cab4e8186e38135676c7956dc0154388447a8d519f8bfbb03c1a6dc7258
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js.lvdfp
binary
MD5: 6126dfff716e530ff99794bc970dd674
SHA256: df97fa013f584936d9099128f3d4bda374653804ea424acdd7502d324bced7b6
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations.txt.lvdfp
binary
MD5: d0f47bf2d659799d0af17b2b3f3a5e5f
SHA256: b757d692532ef95b6bf793de81374cb13453fcce3288e431b7e7b8833d574450
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations.txt
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pluginreg.dat
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite.lvdfp
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite.lvdfp
binary
MD5: 865a981029a2a783788511b33f647cdf
SHA256: a75cb6b4cc50088e8d32134da0aae95622ffeef4853ad286644e1645ed0e324b
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\logins.json.lvdfp
binary
MD5: 45a6736fb8270c65ecd168ea0cc751ea
SHA256: 152ac91c6f915ee43548879b509f1a16218411fd5600404a108622923521502c
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\minidumps\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pkcs11.txt.lvdfp
binary
MD5: f82f5a7817ef4d2e4394b68af0db5beb
SHA256: 7815c95aec223936ec0b845f3af1911cf369d6deb3077e1284d03df09a1698de
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pkcs11.txt
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\logins.json
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\key4.db.lvdfp
binary
MD5: 480c811dab746b6b7e39ee0217edf986
SHA256: a5836cebb6a855a77e203bea4058c7f9b37fb5f7ed52b3cf0efa66ff68d415d0
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\handlers.json.lvdfp
binary
MD5: 0eed4a6d506c9481a723f4313438f0bc
SHA256: 0bc78bbb646e14e7a2ffe92ace02dea1830436b682743808d29f0433292380b1
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\key4.db
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\handlers.json
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.lib.lvdfp
binary
MD5: 0bd88b2194dd8792118dcc374f42d315
SHA256: 9456617a7fc3e206e9a90bf6cb84f264ec202b69e983350f87065aad9d8e217c
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.sig.lvdfp
binary
MD5: d5bb2704105432f7a40f517de4956a09
SHA256: 0b188dad2e061275067ba95abd5d51377657ccd2e80406b26a276b1186cd9bf5
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.lib
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.sig
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\manifest.json.lvdfp
binary
MD5: 0c32ee423596e4a9b8007a6635158bd7
SHA256: 42b7d6ad42be0a72d04aac0203c4856722abcca67fbab15a641508578f8a772c
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\manifest.json
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\LICENSE.txt.lvdfp
binary
MD5: 97f2a6487dc54932cf876144ef087870
SHA256: fae3bee198e5b984d8c727814baf91c4e580e5d83ef9558f6799f80301e4ae34
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp\WINNT_x86-msvc\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.7.1\gmpopenh264.info.lvdfp
binary
MD5: 84721feee8a4cd20c917a4bded91a400
SHA256: 819906aeb47c94ee6320c2849c488a6e2a91a1ae55906dc663af6e96b03ea323
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\formhistory.sqlite.lvdfp
binary
MD5: 4386dd7f5308350e0587e99483a06bb3
SHA256: 13f673dc46ffb0d688400c8b1bd49c0ec19292669cf73b487edd770108227c4d
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.7.1\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\LICENSE.txt
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.7.1\gmpopenh264.info
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\formhistory.sqlite
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\favicons.sqlite.lvdfp
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\favicons.sqlite
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json.lvdfp
binary
MD5: ab8a92e6440a3100261e025c1bcbc45f
SHA256: 2f2a2ba08b67a8927f19baae95113d40964727d1a0804a660df8d2ceab320994
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\state.json.lvdfp
binary
MD5: 132e7340d46a98355d5790b63c1a7106
SHA256: 6805b668539f7f14aa70af9634f3c4fae5f535a4968f30c4bb414e770cea1b28
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-09\1536511076670.6fb1a61f-96c8-4004-a260-a8d32e45a07f.main.jsonlz4.lvdfp
binary
MD5: 17e8d8a6aaac1b907104014e0e06e32d
SHA256: 386d5151ac3a849b846733fa9229525ba114fc35d952bf9a2340c66798552f36
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-09\1536510890757.0bd2c0b0-6051-4678-a27c-37f3c0a0c3bf.main.jsonlz4.lvdfp
binary
MD5: 416c1be4273d995e3a70f0164080a99d
SHA256: aed27a16848953e891053d4c8d9f899f5ad5909c7684dec8abffcb18b5624f8c
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json.lvdfp
binary
MD5: 7585e7330ac8a0b2934ffe228065a5b9
SHA256: 525273c7681011094c31f60afe8259fffa28c0d734a6e4334f31631799387a00
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-09\1536510890757.0bd2c0b0-6051-4678-a27c-37f3c0a0c3bf.main.jsonlz4
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-09\1536511076670.6fb1a61f-96c8-4004-a260-a8d32e45a07f.main.jsonlz4
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\state.json
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535455254239.6a6d1f6c-b378-42bd-83d4-6375a8d83c94.main.jsonlz4.lvdfp
binary
MD5: 45b05211d54c8ab2e4c8ca89f3f8f9c1
SHA256: 43927aaec4c57654ebdaac8a306894d612fc1409a37924ea4488e80ef13a6f7e
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-09\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535454589776.07f73e80-2b12-40ae-97b0-fa87f3167670.main.jsonlz4.lvdfp
binary
MD5: 53aedaff21d145e8c12cfc65a4a8dbb6
SHA256: bd0e25eafd448c2379bc080d0f8347bfe9f7cbc2586f5718ecb028541b437301
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535454589777.8901d324-d310-406e-8d96-2ba1529e4bea.first-shutdown.jsonlz4.lvdfp
binary
MD5: 518fa136fef0cacb8e21beca1a133bde
SHA256: 29180f334f6e4349e91b1fcd5dd547050c1ea7d973c565ee9f698404e971ada3
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-09\1536510464398.048632c6-c96b-486d-b119-7e1a7a9c9e9a.main.jsonlz4.lvdfp
binary
MD5: 62a7e1efcc57621377228dc128322c63
SHA256: a719011241ae610e0632dc2ba473e30ab4a3f49ad7011b9e34cc404ddb790fdf
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535454589776.07f73e80-2b12-40ae-97b0-fa87f3167670.main.jsonlz4
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-09\1536510464398.048632c6-c96b-486d-b119-7e1a7a9c9e9a.main.jsonlz4
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535455254239.6a6d1f6c-b378-42bd-83d4-6375a8d83c94.main.jsonlz4
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535454589777.8901d324-d310-406e-8d96-2ba1529e4bea.first-shutdown.jsonlz4
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\store.json.mozlz4.lvdfp
binary
MD5: 3899add0a9ec1cb899aa98dff3de74ce
SHA256: 1b4e70a9b53d11e26352d64ee05a0768f3699ed4fc7daba003847ab1e29b1a88
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535454581431.ff499cec-8d4b-47de-a059-a9aea3d69a66.main.jsonlz4.lvdfp
flc
MD5: 76f8d4134f1b584a43a54da9917fc0e8
SHA256: d33262af179b8e470fddf3fc85cf0ceed9eedb705c9d4bfc444373b211b69b07
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535454589752.05c13197-8f39-40a1-b976-59f6f9c1cc5f.new-profile.jsonlz4.lvdfp
ini
MD5: ce885e87a73d3fc89b11f45f7ce789fa
SHA256: e2ad59dfb192503cae2a7f95093b10c9a0ebdddcf06f675852f6a2c63be9c30f
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535454589752.05c13197-8f39-40a1-b976-59f6f9c1cc5f.new-profile.jsonlz4
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\store.json.mozlz4
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535454581431.ff499cec-8d4b-47de-a059-a9aea3d69a66.main.jsonlz4
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\content-prefs.sqlite.lvdfp
binary
MD5: 56a9276d5e9443d3ae75e24941404b10
SHA256: 316dbd3b35d74e98663eeb5c11bc83852bf83eef7cbb617adcf4c05d977a7765
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite.lvdfp
binary
MD5: 6be0877dc77161fe27453a14dd32f6c2
SHA256: 12448d96a5e641fb48368365ee7569efa9c43870dfe9ca967061630c710aa7b8
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\events\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\content-prefs.sqlite
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\compatibility.ini.lvdfp
binary
MD5: 5bca56422ef7c9be648c7d334f27d5f5
SHA256: 6593a5ecf795da72f3bdf3bdbcc42df5688a50e5f4474597ada27ec02afee165
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db.lvdfp
binary
MD5: 592c2bb3daa1108440097ebed548d990
SHA256: 8dec7e796b348163ddae2de59b41d6473c3b882d0bdc2e26afc6e8e79bb3ec3d
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\containers.json.lvdfp
binary
MD5: ce8822a445326494bf1d680cd83821c1
SHA256: b1e31d6ab9732f471d214f81b6ebce0615695e1eb3e878a7e37a6fba3429184d
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\compatibility.ini
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\containers.json
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\bookmarkbackups\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklists\addons.json.lvdfp
binary
MD5: 2e3874ad72242cfa4321d2b304a625e7
SHA256: b1399686963f535a4afd59508497719662559dfd295007ca5c2d4f7271d2f940
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\bookmarkbackups\bookmarks-2018-08-28_14_uZyx1cMFmZ7ZpL4NneCk2A==.jsonlz4.lvdfp
pgc
MD5: 50d87ec0f8576d25315731257f13efb1
SHA256: b8cda5e941fe279d5d9330081b75b10be12e8526acfb9aea3d02315888f494ea
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklists\plugins.json.lvdfp
binary
MD5: 675f0c6562f567bd4d6bbbe592016583
SHA256: 1a2f46f00aaa5432340c08f257e9bd441909ae1f217576ca60abd5cb0608eba0
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklists\plugins.json
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\bookmarkbackups\bookmarks-2018-08-28_14_uZyx1cMFmZ7ZpL4NneCk2A==.jsonlz4
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklists\addons.json
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklist.xml.lvdfp
binary
MD5: e2d32ec35e301976457bfe97b5823dd4
SHA256: e75a4d21781c5febfe9f5add18c6f65276a26865c10d948262f9ec5a803d0910
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklists\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklist.xml
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4.lvdfp
binary
MD5: bd7aceeca966a8c74085a5663055cde0
SHA256: 40b8790930c06bbb9e01ce48a6204620542bb6996ee719cb519b4ff9e038d4d3
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20180807170231.lvdfp
binary
MD5: e15809d3d733fd756654b5cc4b410c3d
SHA256: bddb03abae5f207592f04a6747f539ca37421b29acc077ac92e7ba28938f670e
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Pending Pings\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addons.json.lvdfp
binary
MD5: 7818dd829181b1036d13b64aab97f95f
SHA256: 6f760214301e15a7109c993cffdb8181d9295f562c592281fee408ac2335d087
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addons.json
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20180807170231
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Word\STARTUP\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm.lvdfp
binary
MD5: 8ccdf2f0b876a0bd585c463f984c8799
SHA256: 9cea784b90894e14ac24dacec101a2f417931e1e9fc3bbbe73da904c686d1a2c
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm.lvdfp
binary
MD5: 4155b7d240bf8a0c668f309c85a2c031
SHA256: 840652851a26a7d9a9882ed0b9d77113405093246b1311fe2aed3ee3cc8f9103
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Word\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Mozilla\Extensions\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC.lvdfp
binary
MD5: 0bf9345efdc526f88cedcdb89f9e943d
SHA256: 9f71d1556003f73a6fa82c0f5d2d483af46276c0c2406d6d02b03c6b6b8f741d
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\UProof\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Vault\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Access Parts\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\Normal.dotm.lvdfp
binary
MD5: 57c5b159ec9da3d1b9978e0a9daf251c
SHA256: 83fc8e3d86896471d7ff9f37e0e0106ad4d97d6054d64bc1a9ad5c1a3e446c71
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\ECCD4BA46722CB4F92060701865DDF09D8AF68B4.lvdfp
binary
MD5: a675298ecf992f33c4f1d092b28230e0
SHA256: 104707e271791b9087819134682d1d930dfadf41efaa4840a6e297dd05d683b4
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Access Parts\1033\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\ECCD4BA46722CB4F92060701865DDF09D8AF68B4
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Stationery\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\E02357FC7708441D4B0BE5F371F4B28961870F70.lvdfp
binary
MD5: 9f49ace2638826e3672c867ac557b40b
SHA256: d4a28a2105d437eb3e0dc7ad09d891a35f5b554b61c2ad1f5936934f6e42ba62
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Speech\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\slimcore-0-4223384469.blog.lvdfp
binary
MD5: 17e738375535a4ffece5acd61173eb81
SHA256: 731abe006e69079749465124e5a58df7672189a95eab3565b33b32492892a2a1
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\E02357FC7708441D4B0BE5F371F4B28961870F70
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\slimcore-0-4223384469.blog
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db.lvdfp
binary
MD5: 40d65c31a5e59f7fbe332029ff77742a
SHA256: 09570a644902b21f51fc7ecb9559f59621265d8a22c12b7f6891409a98b53192
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\shared.xml.lvdfp
binary
MD5: 5054a4bdc31d85c9d234c3f920ccb437
SHA256: 36120f670298b5b11c309f444388108b060af7c8e7ef5970c6abe06ac76d2a89
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db-journal.lvdfp
binary
MD5: fe4193a52eff5472c64376f56d0a6773
SHA256: 69567491833bf8566087fe68e1d9b44960767d013e772fecc71da62e56bdc1a9
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\shared.xml
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db-journal
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-wal.lvdfp
binary
MD5: bf81ec0e66fb920517872cfab8c31157
SHA256: a784dbad264626a3ed0643e6ff8f44ab0a495e80675d75748b40da387dfa0a39
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\config.xml.lvdfp
binary
MD5: ac54f95908f3dc5c7e21988d246d7f36
SHA256: f0e508d391b322cee525bbfbaade62430b7faad7af83480fbd0de4d9f0f969f2
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\config.xml
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-wal
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data.lvdfp
binary
MD5: f5395a47ac60e2506c0b8425f362bc96
SHA256: 97d47dbd21f54ebbed46571287956626b5b67bf6ec59239457c907f6d88171be
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-shm.lvdfp
binary
MD5: 6b5dae25c38311b369199c9e8ab439e2
SHA256: e9f76186bd270a239acc099a75f6c6d905ee2b5cefd5420bb73c3efaf760ca8f
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-shm
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\settings.json.lvdfp
binary
MD5: 24ffb3be3ed9524a9d32d19caa5fd821
SHA256: 63a393ef71213e19f07a9b9955fc9174a8c6d7a2136b8a1b0b34346fd6bdb48a
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Preferences.lvdfp
binary
MD5: 629df8853d4b2e8a353d5926de30eb53
SHA256: ebb71f4fc4f6053cc06dad67cf5d697cf527901cebd703c200e70101bce64262
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl.bak.lvdfp
binary
MD5: 772db40996f8d3b2335f0eef44feb696
SHA256: af039fd9a612860110ab2f2a723fc6f82db44328b34d30889640d25bcc26a0f0
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\QuotaManager.lvdfp
binary
MD5: 7cca63450edecc6b786d2ee928f26fe7
SHA256: 9f14a0139cd3efc90499a329139c703938f3c4638655feb68b148f4e037463e7
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Preferences
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\QuotaManager
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\settings.json
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype.msrtc-1-1870167131.blog.lvdfp
binary
MD5: af719bedba42e89795356720f67334d3
SHA256: 4b7c885e3308c175aeb1e267a8b9523bc8af591b728e16164ee702f7a8b4d901
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl.lvdfp
binary
MD5: af1414d6165781a2ae24f1f15511170e
SHA256: c5c02d047359ed4a48f9433e0768f5a9043c2ea984e562045ef9d998c9ef5f86
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype.msrtc-0-2576771366.blog.lvdfp
binary
MD5: e4c58a9a1b260652ca62581f2397d80e
SHA256: f91a366679272fde20485e4885a8aac78ff7d5b642c945ccf9eabcc4954c0eb6
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl.bak
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype.msrtc-0-2576771366.blog
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype.msrtc-1-1870167131.blog
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\MANIFEST-000001.lvdfp
binary
MD5: 3995ecbeb0447aac8d44912aa571fb74
SHA256: 2d11a1bccd164e1b480b926064a84afa3c4939fbe22f9691d7d7bc94dd9f8906
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG.lvdfp
binary
MD5: cf2d291ed431895214117931d57d4ffb
SHA256: 6f6556ebc10eb3385c718fb5ee0b0207e91498f79d195321f1d1308debb6bca1
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\logs\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG.old.lvdfp
binary
MD5: 304745b006b7e5a96fdc3beaf2444608
SHA256: 2e74b9579d8b52dafae246c4e7ffa3667c4153a94d34b276025f023f54e2de13
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG.old
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\MANIFEST-000001
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000017.log.lvdfp
binary
MD5: 779a56098906476df0f4207bedeb3182
SHA256: 994e35ceb70af9a6674e26cb3404eda7bb1ffeebc06cf4ddc4d783513048d712
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\CURRENT.lvdfp
binary
MD5: 380b85f182529d9eda1ef3773731b68e
SHA256: 90db1a080f5ac78c8258f90cfee6c001539f1aa6da5b905825e01334aacc9a11
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000018.ldb.lvdfp
binary
MD5: 9979416f550b6a22858427317a8d8df1
SHA256: 82e729c7379dbc813ce21a669ab995ce821e23c3eab3e733752841a526610d43
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000005.ldb.lvdfp
binary
MD5: 40343cc490bdc47a4e082674a73478fb
SHA256: 2f6ee82841fe7366e9fdae76ad90fff368bc5e7af1c2a72096fc9c4da49666bc
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\CURRENT
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000018.ldb
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000005.ldb
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000017.log
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG.old.lvdfp
binary
MD5: 51862cd4ddaeb29efe13dc97fb9773b5
SHA256: 3f26db098a187526a81c1b8c5e144446b4540bb797800d867970d2b9d9354cc5
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\MANIFEST-000001.lvdfp
binary
MD5: 03f88b1d7b45420db5820175d9c22030
SHA256: 2bed87b0202b8955254317270ddd87ec4184150425048116e38e663ec9804b85
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\MANIFEST-000001
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG.old
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG.lvdfp
binary
MD5: 28ad366af8220274b040bfb009fe1195
SHA256: a6fa22a4f7fd8315e6559d65671ba821cce313971f344f9f17ddf600c87def16
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\CURRENT.lvdfp
binary
MD5: 417fc71642c8a9eaeb3d6ea0a6c1c41b
SHA256: 721cab926c8c8af27103d7f3f94cca13b5daf902065b6f808d7c26839b8b2d50
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\CURRENT
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\000003.log.lvdfp
binary
MD5: 4adca5f3745da32633835551cbaab646
SHA256: afdcab6ce10ee00925f7ba07f15e71b5436c041e9b6f224101ea1e7960ef7a9e
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\000003.log
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\dictionaries\en-US.bdic.lvdfp
binary
MD5: de5e7309ce482398683a4fd5629a2a58
SHA256: 5f5e2e6e11a03a64d7d9293d7bf9e778c056487acd29a9ee63d79154bf1c8f23
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\ecscache.json.lvdfp
flc
MD5: be8659ce9f33941e5ad1df64c19882ff
SHA256: a18bd6aa1496b8ddd711db1f1c0f629aed84835744ee159375d39c58b97a1cd1
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\device-info.json.lvdfp
binary
MD5: a2fa5f1e356aa80e2bf8e57c24540c0a
SHA256: 4657a18aa1ec2975a8868a3415f1dc2d4850e41a29acd2898997c672d7310c0e
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\dictionaries\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\ecscache.json
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\dictionaries\en-US.bdic
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\device-info.json
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\index.lvdfp
binary
MD5: ee0b82defda5fccd5ad035a0109c65c8
SHA256: 16a7335deba6877d7ec04f185e8ac0ce0c61b191394d206c1758cb9e692351b7
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\databases\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\databases\Databases.db.lvdfp
binary
MD5: f49004df54ec1052607f0ec8ccd82e3d
SHA256: 21014ff83bef34cb2590c080f597f3495196e9467d1b3023b9505e49236edf74
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cookies.lvdfp
binary
MD5: 8e7accf7aa9ae5532f050097b6f0d6c1
SHA256: 28022d54b644368e2a82996e8adcac1fdee22e1dce5258a1042f15c04c0973c9
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\databases\Databases.db
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cookies
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\index
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000004.lvdfp
binary
MD5: 3638ec71e8d219c8749ceedfb15472be
SHA256: 1878fc53073c3c0d4434914b0489f68fb45e273dd8a0b419930e794d1d731af7
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000002.lvdfp
binary
MD5: 66963f2d57a45a36114aff1eca0b6730
SHA256: 4a97bb46c739599ced8a78895b2b82b65247a82e2a481d4fa04fc794777a8427
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000003.lvdfp
binary
MD5: aa25767b497fb3c6cd076f5e4558716d
SHA256: 26bd9c0757e5ea690166e6e23e3e0a298d0b2f12a1bbc14e4be85ca0db9b0583
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000004
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000003
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000002
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000001.lvdfp
binary
MD5: 3c6c69e5a6d0e6cb1e1eb49eb85106b9
SHA256: 0e0b1ddb4555de0bc49834d16f6d6cb59387ce80f2150961d74ec6a509b5df56
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000001
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_3.lvdfp
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_3
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_2.lvdfp
binary
MD5: 788c0e4ed879af7040b2e645c051f77b
SHA256: e66dd4a4416bd5d4d3841df3ca86913ca6a8c860e59d8223318a7ef5f6448729
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_2
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_1.lvdfp
binary
MD5: a02fa9ff80a264bdc87af02423bf6854
SHA256: 0e8dc443721f320171b2b13bad30bb82b356e731092d6f1d75d41799169c5d56
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_0.lvdfp
binary
MD5: 1b096d0f9448259d967cdf75b5f727f2
SHA256: 53c4acb45205d4dfdd39b5fd53e99719cafaa8df42a74cb65553ae639104aef8
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_1
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_0
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml.lvdfp
binary
MD5: a07fdc0cbb8b21c6d36d6b588f4915d2
SHA256: 1ad83ee2e0ceacd574dc864b38ed0ebbfeca8acf0beb6f13e9c8552279317f82
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Signatures\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Publisher\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\54ba308a-6a9a-4e0e-b137-b89d3579498b.lvdfp
binary
MD5: 29e885006eabd022bd65a3574b921834
SHA256: 430c44c45c81bfbf4591ba3cfaee0d3540688d98335d1563633f5de52db3fd45
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Publisher Building Blocks\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\Preferred.lvdfp
binary
MD5: d8780ae54ef21f6ce9de9c16f8cf85a0
SHA256: 7a731796d42d8507f298c41f0a9f515c0796b5b28d9d5d8b34c488c71ed1b735
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\8e5c3369-3c3c-43e1-833f-f4cae67310c6.lvdfp
binary
MD5: 98080aa3395df26c53c27ab70c82deae
SHA256: 729ef64aedca610cece2a42a464e8a7e8fc8d76e680b32fe4ce1d80ef003cf65
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\Preferred
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\8e5c3369-3c3c-43e1-833f-f4cae67310c6
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\54ba308a-6a9a-4e0e-b137-b89d3579498b
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\CREDHIST.lvdfp
binary
MD5: 106261b49ad8c3ba4541e910fbddbbbf
SHA256: b58412264937da8431857480420f1509e4c75255a22b8321d356cf681acd90a2
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\29fd2168-360f-422a-a685-e6961ea74ba8.lvdfp
binary
MD5: 10937ddaa135d64c457d720612cd321c
SHA256: 984158c269e9338171b0e75843124bfe59f96e85271e094a6bd38df1a87c4819
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\29fd2168-360f-422a-a685-e6961ea74ba8
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\CREDHIST
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.xml.lvdfp
binary
MD5: 976d579e84e65a995e6c3a1b6c06f282
SHA256: a999a3afa30bb5e298ed8e7317ac65b630664146d87e73f364d0c91bd0a06e47
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\PowerPoint\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Proof\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.xml
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.srs.lvdfp
binary
MD5: 5c4952ecf80f88c9ad56db8e129d46c4
SHA256: 922e80d38f89d73b2ff43259395530fe90c91bc07534a2472a490ac479da9c74
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.xml.lvdfp
binary
MD5: 6181d92651d4eb10ab78c38df389d243
SHA256: a3d765a47e2e1e22e2868910cdc6ad963777f31122560306250a63a9394bfae3
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.srs
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.xml
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.srs.lvdfp
flc
MD5: 302568ced86b554aa08cc1b549f562b2
SHA256: 9b29608367bbc15e6cab1f14e92fa5475b911a9a3996694576532380a178b1d2
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\14.0\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\14.0\Preferences.dat.lvdfp
binary
MD5: 011e78ed2a64d5a93bcc342b2ba746ee
SHA256: 4c616087cc1b0ceb81782efdf01602a441156dfe28fe09d604dee1ae763cbad8
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\NoMail.xml.lvdfp
binary
MD5: e15299f38f9f0d557d19a515afb420a0
SHA256: e1bd98890526fa7dc1288c0dd1dd61248558ca9e2df609090e1747a90f1026aa
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\14.0\Preferences.dat
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.srs
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\NoMail.xml
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Network\Connections\Pbk\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\MMC\taskschd.lvdfp
binary
MD5: a8ead6fb61257a096fced3fbc5c7fcb7
SHA256: 42324424284e67b5730b3eefab988c9a3fef9530ab0099635ee0e17890226038
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Network\Connections\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\MSO1033.acl.lvdfp
binary
MD5: 8033e7f3e13ae4a3b03a929a4987797b
SHA256: 8b62d8d796d21923cf38d8d747cc57dd69c127e473b39156636656f3844c5105
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Network\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\MMC\taskschd
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\MSO1033.acl
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\HTML Help\hh.dat.lvdfp
binary
MD5: ce6ddbf867b86ce0fbd349c9e4cdfeb9
SHA256: debbacf45fa341640ace36193902f4ee49a361e89ddf5411e5a3687bc0c2ec9d
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\MMC\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\HTML Help\hh.dat
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\Built-In Building Blocks.dotx.lvdfp
binary
MD5: a3b2eb67fb6776ad8e5971f8b7167d0e
SHA256: 849986050b20f4d0e53e7da6c8d432499147551f96952f2f2ee9603d445783d9
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Excel\XLSTART\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Forms\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Excel\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\HTML Help\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\Built-In Building Blocks.dotx
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\c43c9d3341c1ddc712bbe39db3c78fa5_90059c37-1320-41a4-b58d-2b75a9850d2f.lvdfp
binary
MD5: 60dcb9f700c21aecd4189b180923b9f2
SHA256: 497aea3a113a3224f37b4e92412b353e37ac46df0af4a041379bc692b0c5d49e
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\e3f86d7936454598ef98443d4fd3260d_90059c37-1320-41a4-b58d-2b75a9850d2f.lvdfp
binary
MD5: 2605c73ce2dd25044bfb48339f438303
SHA256: c8a2c1374fed7691a5cd6984c506df0d2a613106fc765222755875053adc8d61
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\e3f86d7936454598ef98443d4fd3260d_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\0f5007522459c86e95ffcc62f32308f1_90059c37-1320-41a4-b58d-2b75a9850d2f.lvdfp
binary
MD5: 19945d84bd3099ed6990cbc908dbcb49
SHA256: 186e45719ffe5b017a0f6ca2c5117a70f27e48bc536ee6171060917945c6fc67
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\1f91d2d17ea675d4c2c3192e241743f9_90059c37-1320-41a4-b58d-2b75a9850d2f.lvdfp
binary
MD5: c26bb8560a3b3ab575dda447bab78d66
SHA256: 087c861f1b046a31020b516a09bd6fd58b3e9e7e1b24ee212065e5d6968c2cf6
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\7be1242ebc44e45985bd1ffa382e997c_90059c37-1320-41a4-b58d-2b75a9850d2f.lvdfp
binary
MD5: 9f5ce16c3085d59e3312c75511e4f7ba
SHA256: 73d3f5d1eeeaa5aae2537890672763dceed87c4c69e406d1e88fe22579d700f5
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\a551dda6b1d5ee0d0c4637af6c004413_90059c37-1320-41a4-b58d-2b75a9850d2f.lvdfp
binary
MD5: 91d37fd24ca1d04a6c241eda4562e6a9
SHA256: 8773f3fff994cf8e887051e02276ec84815421acde54eec22266616cda248a84
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\1f91d2d17ea675d4c2c3192e241743f9_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\c43c9d3341c1ddc712bbe39db3c78fa5_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\7be1242ebc44e45985bd1ffa382e997c_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\a551dda6b1d5ee0d0c4637af6c004413_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Media Center Programs\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Credentials\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\AddIns\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\FileZilla\queue.sqlite3.lvdfp
binary
MD5: b13175f1fedefe93339457d3feb393cf
SHA256: d788d31a4b62ac25faac9d22da37f517a8046085afb738f08c3e753ae0c6adce
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Identities\{E4CE17A7-FC47-4CD1-8FF6-45436C8F45DB}\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Identities\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\FileZilla\queue.sqlite3
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\0f5007522459c86e95ffcc62f32308f1_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml.lvdfp
binary
MD5: bf06bdbb43cb0a486c90d7ea38237093
SHA256: 64d0058c3bd704e6560e98dafcee2357748ee6014c3a3f605b8e8bc838414f86
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\FileZilla\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\FileZilla\filezilla.xml.lvdfp
binary
MD5: 2660ca897750f2419ae374fe8a470a69
SHA256: b49089fb94061f827cb5c3857d38dda19ed4e130c727791a7bde6d165054dca8
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\FileZilla\layout.xml.lvdfp
binary
MD5: f763957c453f02ead5cf8d6b25929f2f
SHA256: cc0389849536f9ad020e40a0d83a062b9054942f01e9b618c03a9944d4059433
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\FileZilla\filezilla.xml
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\FileZilla\layout.xml
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg.lvdfp
binary
MD5: ce4d2ccb4c0bd0aaa76ec9a77f9fa8ee
SHA256: 404f226de9806cb4fe2260f54d9724224836e21b805019e2fc785cb50e2e2c33
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_HeadlightsOptinProductFamily_HeadlightsOptinProduct_00000000-0000-0000-0000-000000000000_dc2ece58-8a8b-40bf-98c2-48039a3392bd.log.lvdfp
binary
MD5: b05617163335943799a2d89b41660e1d
SHA256: 56c25c71d6b75e985b54b1cff0ab63acf0ba7735385c977d0d52abe18745f42d
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_Reader_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_02f147fa-0489-4885-b993-ed9936fcacc0_0.rdy.lvdfp
binary
MD5: ce7ce42bbb075e31d167eb7c759dc380
SHA256: 46fa1145bd20551c26889cf2900a4a447596556a7b9e69e85b1b25d05dd55874
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\Sonar1.0\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_Reader_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_02f147fa-0489-4885-b993-ed9936fcacc0_0.rdy
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_HeadlightsOptinProductFamily_HeadlightsOptinProduct_00000000-0000-0000-0000-000000000000_dc2ece58-8a8b-40bf-98c2-48039a3392bd.log
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_ARM2Update_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_fea03e67-af51-4fcb-b57f-c238867edb9b_0.log.lvdfp
binary
MD5: 3766fdea49953adc9ab895a315f44df6
SHA256: ac438599a7c7a8df595a700ac49ed8237060d2b4cd5bd4b741b62e67665363b1
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\AssetCache\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\AssetCache\J7D4H966\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\Headlights\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\Linguistics\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_ARM2Update_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_fea03e67-af51-4fcb-b57f-c238867edb9b_0.log
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl.lvdfp
binary
MD5: 0ed49ffc410f02b2e9dcdb8bc892c991
SHA256: a6c0a011b1d567b7ce53883638b2bfccb498809d8c8b157fc155d587f1b89e21
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl.lvdfp
binary
MD5: ffe485e8038cc0045170bdce2711ff85
SHA256: f1c4eefdc39bb995a6d7af853d0a87e32c2057b122327bd81a646f4d7f99b5a7
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings.lvdfp
binary
MD5: 785b1c5f5e6d6b1b405c10b465839e81
SHA256: 5adee0cd1ea796845099617593b95a985cc1f6afc5d76a698b4e4210d0a74498
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata.lvdfp
binary
MD5: d76e9fb798679fbf49474db5d6d89b23
SHA256: 22d7a891ec3b386dce8072ce89b38f69b11ccd300eaaaf7527d61083c2c99cb3
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData.lvdfp
binary
MD5: fe6ad746bae5350fb7bf07a9d30fbafd
SHA256: 11670bfc5e8e61f97d03e7d7be041d5a02712fa0b535b4613b41439c7782a09f
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Forms\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Collab\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData
––
MD5:  ––
SHA256:  ––
2892
yeZjqHFMWjXi.exe
C:\Users\admin\.oracle_jre_usage\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\$Recycle.Bin\S-1-5-21-1302019708-1500728564-335382590-1000\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\LVDFP-DECRYPT.txt
text
MD5: e6c4dc898a61a28bf5bd83a7b4de8d61
SHA256: 3e0d16c2c1d14263d66b61a8f78197e3880b24cc89f1fde4856a119b2c24b403
2892
yeZjqHFMWjXi.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp.lvdfp
binary
MD5: 8506cc51c6c5ef29b054f521dafedfcd
SHA256: 92f71cae78541e63fe9cd8f4de02bb59d3c0788c0bdc3c36e44ba730de63cf05
2892
yeZjqHFMWjXi.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp
––
MD5:  ––
SHA256:  ––
3008
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\~DFC48597FA443B8577.TMP
binary
MD5: 679672a5004e0af50529f33db5469699
SHA256: 205d000aa762f3a96ac3ad4b25d791b5f7fc8efb9056b78f299f671a02b9fd21
3008
WINWORD.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{34548643-48F5-4E33-9EB0-FCD0B1D44F93}.tmp
binary
MD5: e856c3b18a15817d93b5d217b361d364
SHA256: 80dd0c09510038ed690fbf634488e925b7920150cc47fa41a683a2e951bf999b
3008
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\~DF2293A6EC8EAC38F8.TMP
––
MD5:  ––
SHA256:  ––
3008
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\~DF298F016DBE48DD26.TMP
––
MD5:  ––
SHA256:  ––
3008
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\~DFB1A3790111E2CF63.TMP
––
MD5:  ––
SHA256:  ––
3008
WINWORD.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{0B4C83C6-5501-47DD-B1AB-326D74EA6C66}.tmp
smt
MD5: 5d4d94ee7e06bbb0af9584119797b23a
SHA256: 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: f29126f80293e74e6671638c614b41f8
SHA256: f116f2071abd870701308778a4353bbffe3108f8a8260e1a89f0285b8d74f214
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
3008
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\VBE\MSForms.exd
tlb
MD5: e4a5a58be4fc5a3898a7a487d0d41223
SHA256: 48a0576055b9b3e52a59ecea08ed756ba9d4c5489b42dbb827a1bc661c51c76e
3008
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\~$chnungen.doc
pgc
MD5: f01a6a7ad2370af89e2d2737178bdc32
SHA256: 4d3503c8917414adbea50af09d9b59e0cf3b0565ea0889c01d306ae1f12b9d79
3008
WINWORD.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
pgc
MD5: 7bafc70a170eb811a819c2f144a4e4fd
SHA256: 669486c35034ebf5ddc0f7c691028dc76bd5b02d47712efc74e63495e5ae3526
2892
yeZjqHFMWjXi.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
text
MD5: 2ff2a79197568496a648094c3113d444
SHA256: b44ab2a0b82f23f0e825be34f66d528e43b7592592fe6ebe80f25a2976656bfb

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
68
TCP/UDP connections
126
DNS requests
58
Threats
30

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3008 WINWORD.EXE GET 200 94.73.146.109:80 http://karbonkoko.com/rundll.exe TR
executable
suspicious
2892 yeZjqHFMWjXi.exe GET –– 78.46.77.98:80 http://www.2mmotorsport.biz/ DE
––
––
malicious
2892 yeZjqHFMWjXi.exe GET –– 217.26.53.161:80 http://www.haargenau.biz/ CH
––
––
malicious
2892 yeZjqHFMWjXi.exe POST 404 217.26.53.161:80 http://www.haargenau.biz/content/graphic/sosehedeme.png CH
text
html
malicious
2892 yeZjqHFMWjXi.exe GET 200 74.220.215.73:80 http://www.bizziniinfissi.com/ US
html
malicious
2892 yeZjqHFMWjXi.exe POST 404 74.220.215.73:80 http://www.bizziniinfissi.com/content/pictures/zuim.png US
text
html
malicious
2892 yeZjqHFMWjXi.exe GET 200 136.243.13.215:80 http://www.holzbock.biz/ DE
html
malicious
2892 yeZjqHFMWjXi.exe POST 510 136.243.13.215:80 http://www.holzbock.biz/news/pics/zume.bmp DE
text
html
malicious
2892 yeZjqHFMWjXi.exe GET 301 138.201.162.99:80 http://www.fliptray.biz/ DE
html
malicious
2892 yeZjqHFMWjXi.exe GET 302 192.185.159.253:80 http://www.pizcam.com/ US
––
––
malicious
2892 yeZjqHFMWjXi.exe GET 301 83.138.82.107:80 http://www.swisswellness.com/ DE
––
––
malicious
2892 yeZjqHFMWjXi.exe GET –– 212.59.186.61:80 http://www.hotelweisshorn.com/ CH
––
––
malicious
2892 yeZjqHFMWjXi.exe POST 404 212.59.186.61:80 http://www.hotelweisshorn.com/content/pics/zuthdeka.gif CH
text
html
malicious
2892 yeZjqHFMWjXi.exe GET 301 83.166.138.7:80 http://www.whitepod.com/ CH
––
––
malicious
2892 yeZjqHFMWjXi.exe GET 301 69.16.175.10:80 http://www.hardrockhoteldavos.com/ US
html
malicious
2892 yeZjqHFMWjXi.exe GET 301 104.24.22.22:80 http://www.belvedere-locarno.com/ US
––
––
malicious
2892 yeZjqHFMWjXi.exe GET 301 80.244.187.247:80 http://www.hotelfarinet.com/ GB
––
––
malicious
2892 yeZjqHFMWjXi.exe GET –– 217.26.53.37:80 http://www.hrk-ramoz.com/ CH
––
––
malicious
2892 yeZjqHFMWjXi.exe POST 404 217.26.53.37:80 http://www.hrk-ramoz.com/wp-content/graphic/kada.png CH
text
xml
malicious
2892 yeZjqHFMWjXi.exe GET 301 212.59.186.61:80 http://www.morcote-residenza.com/ CH
––
––
malicious
2892 yeZjqHFMWjXi.exe GET 301 136.243.162.140:80 http://www.seitensprungzimmer24.com/ DE
html
malicious
2892 yeZjqHFMWjXi.exe GET 200 13.107.4.50:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab US
compressed
whitelisted
2892 yeZjqHFMWjXi.exe GET 200 13.107.4.50:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/DF3C24F9BFD666761B268073FE06D1CC8D4F82A4.crt US
der
whitelisted
2892 yeZjqHFMWjXi.exe GET 302 213.186.33.5:80 http://www.arbezie-hotel.com/ FR
html
malicious
2892 yeZjqHFMWjXi.exe GET 404 213.186.33.50:80 http://www.arbezie.com/static/tmp/memekaesru.gif FR
html
suspicious
2892 yeZjqHFMWjXi.exe GET –– 217.26.55.5:80 http://www.aubergemontblanc.com/ CH
––
––
malicious
2892 yeZjqHFMWjXi.exe POST –– 217.26.55.5:80 http://www.aubergemontblanc.com/static/images/memoimeska.bmp CH
text
––
––
malicious
2892 yeZjqHFMWjXi.exe GET 200 93.88.241.198:80 http://www.torhotel.com/ CH
html
malicious
2892 yeZjqHFMWjXi.exe POST 404 93.88.241.198:80 http://www.torhotel.com/news/image/imrumoam.bmp CH
text
html
malicious
2892 yeZjqHFMWjXi.exe GET 301 83.137.114.198:80 http://www.alpenlodge.com/ AT
––
––
malicious
2892 yeZjqHFMWjXi.exe GET 301 79.170.40.230:80 http://www.aparthotelzurich.com/ GB
html
malicious
2892 yeZjqHFMWjXi.exe GET 301 199.34.228.70:80 http://www.bnbdelacolline.com/ US
html
malicious
2892 yeZjqHFMWjXi.exe GET 301 80.74.144.93:80 http://www.elite-hotel.com/ CH
html
malicious
2892 yeZjqHFMWjXi.exe GET 302 213.186.33.17:80 http://www.bristol-adelboden.com/ FR
html
malicious
2892 yeZjqHFMWjXi.exe GET 301 94.126.23.52:80 http://www.nationalzermatt.com/ CH
html
malicious
2892 yeZjqHFMWjXi.exe GET –– 52.51.32.94:80 http://www.waageglarus.com/ IE
––
––
malicious
2892 yeZjqHFMWjXi.exe POST 403 52.51.32.94:80 http://www.waageglarus.com/includes/tmp/sorumo.png IE
text
html
malicious
2892 yeZjqHFMWjXi.exe GET 301 217.26.52.10:80 http://www.limmathof.com/ CH
––
––
malicious
2892 yeZjqHFMWjXi.exe GET 301 217.26.60.27:80 http://www.apartmenthaus.com/ CH
html
malicious
2892 yeZjqHFMWjXi.exe GET 301 80.74.145.65:80 http://www.berginsel.com/ CH
––
––
malicious
2892 yeZjqHFMWjXi.exe GET 301 52.210.177.133:80 http://www.chambre-d-hote-chez-fleury.com/ IE
––
––
malicious
2892 yeZjqHFMWjXi.exe GET 301 63.33.82.40:80 http://www.hotel-blumental.com/ US
––
––
malicious
2892 yeZjqHFMWjXi.exe GET 302 157.240.1.35:80 http://www.facebook.com/ US
––
––
whitelisted
2892 yeZjqHFMWjXi.exe GET 301 173.212.202.129:80 http://www.la-fontaine.com/ DE
html
malicious
2892 yeZjqHFMWjXi.exe GET 301 63.33.82.40:80 http://www.mountainhostel.com/ US