Техническая информация
Для обеспечения автозапуска и распространения
Устанавливает следующие настройки сервисов
- [HKLM\System\CurrentControlSet\Services\IKEEXT] 'Start' = '00000002'
Создает следующие файлы на съемном носителе
- <Имя диска съемного носителя>:\rsakey-mj-mk9647023851.key
- <Имя диска съемного носителя>:\dectryption-guide.txt
- <Имя диска съемного носителя>:\dial.bmp.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- <Имя диска съемного носителя>:\delete.avi.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- <Имя диска съемного носителя>:\correct.avi.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- <Имя диска съемного носителя>:\dashborder_192.bmp.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- <Имя диска съемного носителя>:\toolbar.bmp.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- <Имя диска съемного носителя>:\join.avi.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- <Имя диска съемного носителя>:\coffee.bmp.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
Вредоносные функции
Запускает на исполнение
- '%WINDIR%\syswow64\net.exe' stop MSDTC
- '%WINDIR%\syswow64\net.exe' stop SQLSERVERAGENT
- '%WINDIR%\syswow64\net.exe' stop MSSQLSERVER
- '%WINDIR%\syswow64\net.exe' stop vds
- '%WINDIR%\syswow64\netsh.exe' advfirewall set currentprofile state off
- '%WINDIR%\syswow64\netsh.exe' firewall set opmode mode=disable
- '%WINDIR%\syswow64\net.exe' stop SQLWriter
- '%WINDIR%\syswow64\net.exe' stop SQLBrowser
- '%WINDIR%\syswow64\net.exe' stop MSSQL$CONTOSO1
Изменения в файловой системе
Создает следующие файлы
- %ALLUSERSPROFILE%\idk.txt
- %CommonProgramFiles%\microsoft shared\themes14\deepblue\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\deepblue\deepblue.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\deepblue\deepblue.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\bin\plugin2\npjp2.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\concrete\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\concrete\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\concrete\concrete.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\concrete\concrete.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\compass\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\compass\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\bin\t2k.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\bin\ssv.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\compass\compass.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\compass\compass.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\cascade\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\cascade\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\cascade\cascade.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\cascade\cascade.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\capsules\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\bin\splashscreen.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\capsules\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\capsules\capsules.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\capsules\capsules.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\deepblue\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\echo\echo.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\echo\echo.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\echo\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\ice\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\ice\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\ice\ice.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\lib\ext\sunjce_provider.jar.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\ice\ice.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\expeditn\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\expeditn\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\expeditn\expeditn.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\expeditn\expeditn.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\evrgreen\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\evrgreen\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\lib\cmm\pycc.pf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\evrgreen\evrgreen.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\evrgreen\evrgreen.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\edge\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\edge\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\edge\edge.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\edge\edge.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\eclipse\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\lib\jfr.jar.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\eclipse\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\eclipse\eclipse.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\eclipse\eclipse.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\echo\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\indust\indust.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\bin\lcms.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\bin\javafx_font_t2k.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\canyon\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\blends\blends.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\microsoft analysis services\as oledb\10\msolui100.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\axis\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\axis\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\axis\axis.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\axis\axis.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\arctic\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\bin\java.exe.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\arctic\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\arctic\arctic.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\lib\fonts\lucidasansdemibold.ttf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\arctic\arctic.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\aftrnoon\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\aftrnoon\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\aftrnoon\aftrnoon.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\bin\glass.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\aftrnoon\aftrnoon.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\themes.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\lib\ext\access-bridge-64.jar.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\textconv\wks9pxy.cnv.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\textconv\recovr32.cnv.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\lib\fonts\lucidabrightregular.ttf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\textconv\msconv97.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\bin\javaw.exe.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\blends\blends.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\blends\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\blends\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\canyon\canyon.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\bin\kcms.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\canyon\canyon.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\breeze\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\breeze\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\breeze\breeze.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\bin\jp2ssv.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\bin\glib-lite.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\breeze\breeze.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\boldstri\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\boldstri\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\boldstri\boldstri.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\boldstri\boldstri.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\bin\jp2iexp.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\blueprnt\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\blueprnt\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\blueprnt\blueprnt.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\blueprnt\blueprnt.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\bluecalm\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\bin\jdwp.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\bluecalm\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\bluecalm\bluecalm.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\bin\deploy.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\bluecalm\bluecalm.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\canyon\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\quad\quad.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\vba\vba7\1033\vbob6.chm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\indust\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\spring\spring.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\spring\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\sonora\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\sonora\sonora.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\sonora\sonora.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\sonora\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\slate\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\slate\slate.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\slate\slate.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\slate\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\sky\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\sky\sky.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\sky\sky.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\sky\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\satin\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\satin\satin.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\satin\satin.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\satin\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\rmnsque\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\rmnsque\rmnsque.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\rmnsque\rmnsque.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\rmnsque\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\ripple\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\spring\spring.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\spring\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\strtedge\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\strtedge\strtedge.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\vba\vba7\1033\vbhw6.chm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\vba\vba7\1033\vbendf98.chm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\vba\vba7\1033\vbcn6.chm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\translat\msb1xtor.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\translat\msb1cach.lex.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\watermar\watermar.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\watermar\watermar.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\watermar\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\watermar\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\water\water.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\microsoft office\clipart\pub60cor\na01421_.wmf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\water\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\water\water.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\water\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\sumipntg\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\sumipntg\sumipntg.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\sumipntg\sumipntg.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\sumipntg\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\studio\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\studio\studio.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\studio\studio.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\studio\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\strtedge\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\strtedge\strtedge.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\indust\indust.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\stationery\desktop.ini.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\ripple\ripple.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\ripple\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\network\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\network\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\network\network.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\network\network.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\level\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\level\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\level\level.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\level\level.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\lib\fonts\lucidatypewriterbold.ttf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\layers\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\layers\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\layers\layers.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\layers\layers.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\journal\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\journal\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\journal\journal.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\journal\journal.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\iris\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\iris\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\iris\iris.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\lib\ext\sunpkcs11.jar.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\iris\iris.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\indust\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\papyrus\papyrus.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\papyrus\papyrus.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\papyrus\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\papyrus\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\ricepapr\ricepapr.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\ricepapr\ricepapr.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\ricepapr\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\refined\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\refined\refined.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\refined\refined.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\refined\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\radial\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\radial\radial.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\radial\radial.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\radial\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\lib\jsse.jar.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\quad\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\quad\quad.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\quad\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\profile\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\profile\profile.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\profile\profile.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\profile\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\pixel\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\pixel\preview.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\pixel\pixel.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\pixel\pixel.elm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\lib\fonts\lucidatypewriterregular.ttf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\ricepapr\thmbnail.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\themes14\ripple\ripple.inf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\smart tag\lists\1033\time.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\outlook.en-us\outlookmui.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\grphflt\pictim32.flt.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\grphflt\ms.wpg.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\grphflt\ms.png.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\grphflt\ms.jpg.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\grphflt\ms.gif.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\grphflt\ms.eps.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\grphflt\ms.cgm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\grphflt\cgmimp32.cfg.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\help\msitss55.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\filters\msgfilt.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\grphflt\wpgimp32.flt.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\euro\msoeuro.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\grphflt\png32.flt.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\equation\1033\eeintl.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\equation\mtextra.ttf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\equation\eqnedt32.exe.manifest.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\equation\eqnedt32.cnt.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\designer\msaddndr.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\grphflt\jpegim32.flt.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\desktop.ini.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\access.en-us\accessmui.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\setup.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\grphflt\gifimp32.flt.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\msclientdatamgr\mscdm.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\aceoledb.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\acetxt.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\aceerr.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\ophproxy.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\offrel.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\muoptin.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\muauth.cab.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\smart tag\fstock.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\msoxmlmf.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\oarpmany.exe.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\aceodbc.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\smart tag\fplace.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\msoxmled.exe.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\msoxev.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\office.en-us\osetupui.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\acer3x.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\exp_xps.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\1033\alrtintl.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\liclua.exe.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\aceexch.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\exp_pdf.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\1033\aceintl.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\acerclr.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\aceodtxt.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\aceodexl.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\aceoddbs.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\fltldr.exe.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\acexbe.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\accessmuiset.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\1033\dwintl20.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\shellui.mst.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\setup.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\outlookmui.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-0019-0409-1000-0000000ff1ce}-c\setup.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-0019-0409-1000-0000000ff1ce}-c\publishermui.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-0018-0409-1000-0000000ff1ce}-c\setup.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-0018-0409-1000-0000000ff1ce}-c\powerpointmui.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\setup.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\excelmui.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\setup.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\proplusww.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\ose.exe.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- D:\dectryption-guide.txt
- C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\office32ww.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\kms\kms_vl_all_aio_debug.log.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- D:\$recycle.bin\s-1-5-21-1238866942-1249195528-555854008-1000\desktop.ini.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\kms\kms_vl_all_aio.cmd.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- D:\install.log.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\dectryption-guide.txt
- C:\$recycle.bin\s-1-5-21-1238866942-1249195528-555854008-1000\desktop.ini.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- D:\rsakey-mj-mk9647023851.key
- %ALLUSERSPROFILE%\rsakey.key
- %ALLUSERSPROFILE%\prvkey.txt
- %ALLUSERSPROFILE%\pkey.txt
- C:\msocache\all users\{90140000-001b-0409-1000-0000000ff1ce}-c\setup.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-001b-0409-1000-0000000ff1ce}-c\wordmui.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proofing.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\setup.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\setup.chm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\grphflt\cgmimp32.flt.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\equation\eqnedt32.exe.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\pss10r.chm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\equation\eqnedt32.hlp.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\officemuiset.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\officemui.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\access.en-us\branding.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\microsoft.vc90.crt.manifest.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\dwtrig20.exe.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-00ba-0409-1000-0000000ff1ce}-c\setup.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\dwdcw20.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-00ba-0409-1000-0000000ff1ce}-c\groovemui.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-00a1-0409-1000-0000000ff1ce}-c\setup.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-00a1-0409-1000-0000000ff1ce}-c\onenotemui.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-0044-0409-1000-0000000ff1ce}-c\setup.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-0044-0409-1000-0000000ff1ce}-c\infopathmui.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\osetupui.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\branding.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-0043-0409-1000-0000000ff1ce}-c\setup.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-0043-0409-1000-0000000ff1ce}-c\office32mui.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.fr\proof.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.es\proof.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.en\proof.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- C:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\setup.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\office.en-us\promointl.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\bin\fontmanager.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\vbajet32.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\officesoftwareprotectionplatform\osppwmi.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\officesoftwareprotectionplatform\ospprearm.exe.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\officesoftwareprotectionplatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\translat\esen\msb1esen.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\bin\fxplugins.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\vba\vba7\1033\fm20.chm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\officesoftwareprotectionplatform\osppc.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\word.en-us\wordmui.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\word.en-us\setup.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\publisher.en-us\setup.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\publisher.en-us\publishermui.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\proplus\setup.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\translat\wtsp61ms.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\proplus\proplusww.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\proofing.en-us\setup.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\proofing.en-us\proofing.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\bin\dcpr.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\proof.fr\proof.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\proof.es\proof.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\proof.en\proof.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\powerpoint.en-us\setup.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\powerpoint.en-us\powerpointmui.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\outlook.en-us\setup.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\bin\hprof.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\vba\vba7\1033\vbui6.chm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\officesoftwareprotectionplatform\osppwmi.mof.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\bin\java.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\bin\wsdetect.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\smart tag\lists\1033\stocks.dat.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\smart tag\lists\1033\phone.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\smart tag\lists\1033\dates.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\smart tag\1033\stintl.dll.idx_dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\smart tag\1033\stintl.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\smart tag\1033\mcabout.htm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\bin\unpack200.exe.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\smart tag\smarttaginstall.exe.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\bin\javaws.exe.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\smart tag\mstag.tlb.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\smart tag\metconv.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\bin\prism_d3d.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\proof\mslid.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\bin\jpeg.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\system\ole db\xmlrw.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\smart tag\imcontact.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\vsto\10.0\vstoloader.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\bin\jli.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\smart tag\fdate.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\bin\javacpl.cpl.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\smart tag\fbiblio.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\translat\fren\msb1fren.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\office.en-us\branding.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\proof\mswds_fr.lex.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\smart tag\lists\1033\stocks.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\odeploy.exe.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\onenote.en-us\setup.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\excel.en-us\excelmui.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\access.en-us\setup.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\vba\vba7\1033\vbe7intl.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\access.en-us\accessmuiset.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\access.en-us\accessmui.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\pkeyconfig.companion.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\osetupps.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\smart tag\ietag.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\expsrv.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\translat\msb1core.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\1033\xlsrvintl.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\1033\readme.htm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\1033\oarpmanr.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\proof\mswds_en.lex.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\1033\mssoapr3.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\1033\msointl.dll.idx_dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\smart tag\fperson.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\1033\acerecr.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\1033\aceodbci.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\textconv\wpft532.cnv.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\wisc30.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\source engine\ose.exe.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\acewss.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\excel.en-us\setup.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\groove.en-us\groovemui.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\groove.en-us\setup.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\infopath.en-us\infopathmui.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\office32.ww\office32ww.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\office32.en-us\setup.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\office32.en-us\office32mui.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\office.en-us\setup.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\thirdpartylicensereadme.txt.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\translat\msb1star.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\office.en-us\setup.chm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\office.en-us\pss10r.chm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\smart tag\mofl.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\office.en-us\pss10o.chm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\system\ole db\xmlrwbin.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\optinps.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\office.en-us\psconfig.chm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\office.en-us\officemuiset.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\office.en-us\officemui.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\web server extensions\14\bin\1033\fpext.msg.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\textconv\wpft632.cnv.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\msoicons.exe.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\office.en-us\oct.chm.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\proof\mswds_es.lex.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\vsto\vstoee.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\smart tag\lists\basmla.xsl.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\office.en-us\branding.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\infopath.en-us\setup.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\onenote.en-us\onenotemui.xml.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %CommonProgramFiles%\microsoft shared\vsto\vstoee100.tlb.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
Перемещает следующие файлы
- %ProgramFiles%\java\jre1.8.0_45\bin\gstreamer-lite.dll в %ProgramFiles%\java\jre1.8.0_45\bin\gstreamer-lite.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\microsoft analysis services\as oledb\10\msmdlocal.dll в %ProgramFiles%\microsoft analysis services\as oledb\10\msmdlocal.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\microsoft analysis services\as oledb\10\resources\1033\msmdsrv.rll в %ProgramFiles%\microsoft analysis services\as oledb\10\resources\1033\msmdsrv.rll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\lib\ext\nashorn.jar в %ProgramFiles%\java\jre1.8.0_45\lib\ext\nashorn.jar.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\lib\ext\localedata.jar в %ProgramFiles%\java\jre1.8.0_45\lib\ext\localedata.jar.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\lib\ext\jfxrt.jar в %ProgramFiles%\java\jre1.8.0_45\lib\ext\jfxrt.jar.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\lib\fonts\lucidasansregular.ttf в %ProgramFiles%\java\jre1.8.0_45\lib\fonts\lucidasansregular.ttf.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\lib\ext\cldrdata.jar в %ProgramFiles%\java\jre1.8.0_45\lib\ext\cldrdata.jar.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\lib\rt.jar в %ProgramFiles%\java\jre1.8.0_45\lib\rt.jar.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\lib\resources.jar в %ProgramFiles%\java\jre1.8.0_45\lib\resources.jar.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\lib\plugin.jar в %ProgramFiles%\java\jre1.8.0_45\lib\plugin.jar.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\lib\deploy.jar в %ProgramFiles%\java\jre1.8.0_45\lib\deploy.jar.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\lib\charsets.jar в %ProgramFiles%\java\jre1.8.0_45\lib\charsets.jar.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\lib\javaws.jar в %ProgramFiles%\java\jre1.8.0_45\lib\javaws.jar.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\bin\server\jvm.dll в %ProgramFiles%\java\jre1.8.0_45\bin\server\jvm.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\bin\dtplugin\npdeployjava1.dll в %ProgramFiles%\java\jre1.8.0_45\bin\dtplugin\npdeployjava1.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\bin\plugin2\msvcr100.dll в %ProgramFiles%\java\jre1.8.0_45\bin\plugin2\msvcr100.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\bin\dtplugin\deployjava1.dll в %ProgramFiles%\java\jre1.8.0_45\bin\dtplugin\deployjava1.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\bin\msvcr100.dll в %ProgramFiles%\java\jre1.8.0_45\bin\msvcr100.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\bin\mlib_image.dll в %ProgramFiles%\java\jre1.8.0_45\bin\mlib_image.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\bin\jfxwebkit.dll в %ProgramFiles%\java\jre1.8.0_45\bin\jfxwebkit.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\java\jre1.8.0_45\bin\awt.dll в %ProgramFiles%\java\jre1.8.0_45\bin\awt.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\microsoft analysis services\as oledb\10\msmgdsrv.dll в %ProgramFiles%\microsoft analysis services\as oledb\10\msmgdsrv.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
- %ProgramFiles%\microsoft analysis services\as oledb\10\msolap100.dll в %ProgramFiles%\microsoft analysis services\as oledb\10\msolap100.dll.[mj-mk9647023851](sunjun3412@onionmail.org).sunjn
Изменяет следующие файлы
- D:\install.log
- C:\msocache\all users\{90140000-001b-0409-1000-0000000ff1ce}-c\wordmui.xml
- C:\msocache\all users\{90140000-001b-0409-1000-0000000ff1ce}-c\setup.xml
- C:\msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\setup.xml
- C:\msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\excellr.cab
- C:\msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\outlookmui.xml
- C:\msocache\all users\{90140000-0019-0409-1000-0000000ff1ce}-c\setup.xml
- C:\msocache\all users\{90140000-0019-0409-1000-0000000ff1ce}-c\publishermui.xml
- C:\msocache\all users\{90140000-0018-0409-1000-0000000ff1ce}-c\setup.xml
- C:\msocache\all users\{90140000-0018-0409-1000-0000000ff1ce}-c\powerpointmui.xml
- C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\propsww2.cab
- <Имя диска съемного носителя>:\toolbar.bmp
- C:\msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\setup.xml
- <Имя диска съемного носителя>:\dashborder_192.bmp
- C:\msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\excelmui.xml
- C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\propsww.cab
- C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\proplusww.msi
- <Имя диска съемного носителя>:\correct.avi
- C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\setup.xml
- <Имя диска съемного носителя>:\delete.avi
- C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\owow32ww.cab
- C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\proplusww.xml
- <Имя диска съемного носителя>:\dial.bmp
- C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\pkeyconfig-office.xrm-ms
- C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\office32ww.xml
- C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\office32ww.msi
- C:\kms\kms_vl_all_aio_debug.log
- C:\kms\kms_vl_all_aio.cmd
- C:\msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\excelmui.msi
- C:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proofing.msi
Изменяет множество файлов.
Изменяет множество файлов пользовательских данных (Trojan.Encoder).
Сетевая активность
Подключается к
- 'localhost':49183
- 'localhost':49185
- 'ap#.#pify.org':443
TCP
Другие
- 'localhost':49183
- 'localhost':49185
- 'localhost':49186
- 'ap#.#pify.org':443
UDP
- DNS ASK ap#.#pify.org
- 'localhost':65009
- 'localhost':59147
Другое
Запускает на исполнение
- '%WINDIR%\syswow64\cmd.exe' /c net stop MSDTC
- '%WINDIR%\syswow64\net1.exe' stop SQLBrowser
- '%WINDIR%\syswow64\cmd.exe' /c net stop SQLBrowser
- '%WINDIR%\syswow64\net1.exe' stop SQLWriter
- '%WINDIR%\syswow64\cmd.exe' /c net stop SQLWriter
- '%WINDIR%\syswow64\cmd.exe' /c netsh firewall set opmode mode=disable
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall set currentprofile state off
- '%WINDIR%\syswow64\net1.exe' stop vds
- '%WINDIR%\syswow64\cmd.exe' /c net stop MSSQL$CONTOSO1
- '%WINDIR%\syswow64\cmd.exe' /c net stop vds
- '%WINDIR%\syswow64\cmd.exe' /c net stop MSSQLSERVER
- '%WINDIR%\syswow64\net1.exe' stop SQLSERVERAGENT
- '%WINDIR%\syswow64\cmd.exe' /c net stop SQLSERVERAGENT
- '%WINDIR%\syswow64\cmd.exe' /c wbadmin delete catalog -quiet
- '%WINDIR%\syswow64\cmd.exe' /c bcdedit /set {default} recoveryenabled no
- '%WINDIR%\syswow64\cmd.exe' /c bcdedit /set {default} bootstatuspolicy ignoreallfailures
- '%WINDIR%\syswow64\net1.exe' stop MSDTC
- '%WINDIR%\syswow64\net1.exe' stop MSSQLSERVER
- '%WINDIR%\syswow64\net1.exe' stop MSSQL$CONTOSO1
