Trojan.AutoIt.SONBOKLI.USXVPAE20

2020年4月25日

別名:

Ransomware-GVY!293453E61363 (McAfee); Trojan.Win32.Zenpak.tno (Kaspersky); Trojan.Win32.Generic!BT (Sunbelt)

プラットフォーム:

Windows

危険度:

ダメージ度:

感染力:

感染確認数:

マルウェアタイプ: トロイの木馬型
破壊活動の有無: なし
暗号化:
感染報告の有無: はい

概要

マルウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。

詳細

ファイルサイズ 235,008 bytes

タイプ EXE

メモリ常駐はい

発見日 2020年4月25日

侵入方法

マルウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。

インストール

マルウェアは、以下のプロセスを追加します。

cmd.exe /c vssadmin resize shadowstorage /for=A: /on=A: /maxsize=401MB
cmd.exe /c vssadmin resize shadowstorage /for=A: /on=A: /maxsize=unbounded
cmd.exe /c vssadmin resize shadowstorage /for=%System Root% /on=%System Root% /maxsize=401MB
cmd.exe /c vssadmin resize shadowstorage /for=%System Root% /on=%System Root% /maxsize=unbounded
cmd.exe /c vssadmin resize shadowstorage /for=F: /on=F: /maxsize=401MB
cmd.exe /c vssadmin resize shadowstorage /for=F: /on=F: /maxsize=unbounded
cmd.exe /c taskkill /f /im sql.* & taskkill /f /im winword.* & taskkill /f /im wordpad.* & taskkill /f /im outlook.* & taskkill /f /im thunderbird.* & taskkill /f /im oracle.* & taskkill /f /im excel.* & taskkill /f /im onenote.* & taskkill /f /im virtualboxvm.* & taskkill /f /im node.* & taskkill /f /im QBW32.* & taskkill /f /im WBGX.* & taskkill /f /im Teams.* & taskkill /f /im Flow.*
cmd.exe /c net stop DbxSvc & net stop OracleXETNSListener & net stop OracleServiceXE & net stop AcrSch2Svc & net stop AcronisAgent & net stop Apache2.4 & net stop SQLWriter & net stop MSSQL$SQLEXPRESS & net stop MSSQLServerADHelper100 & net stop MongoDB & net stop SQLAgent$SQLEXPRESS & net stop SQLBrowser & net stop CobianBackup11 & net stop cbVSCService11 & net stop QBCFMontorService & net stop QBVSS
cmd.exe /c bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet & wmic shadowcopy delete
powershell.exe -e RwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAFMAaABhAGQAbwB3AGMAbwBwAHkAIAB8ACAARgBvAHIARQBhAGMAaAAtAE8AYgBqAGUAYwB0ACAAewAkAF8ALgBEAGUAbABlAHQAZQAoACkAOwB9AA==
vssadmin resize shadowstorage /for=A: /on=A: /maxsize=401MB
vssadmin resize shadowstorage /for=A: /on=A: /maxsize=unbounded
vssadmin resize shadowstorage /for=%System Root% /on=%System Root% /maxsize=401MB
vssadmin resize shadowstorage /for=%System Root% /on=%System Root% /maxsize=unbounded
vssadmin resize shadowstorage /for=F: /on=F: /maxsize=401MB
vssadmin resize shadowstorage /for=F: /on=F: /maxsize=unbounded
taskkill /f /im sql.*
taskkill /f /im winword.*
taskkill /f /im wordpad.*
taskkill /f /im outlook.*
taskkill /f /im thunderbird.*
taskkill /f /im oracle.*
taskkill /f /im excel.*
taskkill /f /im onenote.*
taskkill /f /im virtualboxvm.*
taskkill /f /im node.*
taskkill /f /im QBW32.*
taskkill /f /im WBGX.*
taskkill /f /im Teams.*
taskkill /f /im Flow.*
%System%\Wbem\WMIC.exe wmic shadowcopy delete

(註：%System Root%フォルダは、オペレーティングシステム(OS)が存在する場所で、いずれのOSでも通常、 "C:" です。.. %System%フォルダは、システムフォルダで、いずれのオペレーティングシステム(OS)でも通常、"C:\Windows\System32" です。.)

自動実行方法

マルウェアは、自身のコピーがWindows起動時に自動実行されるよう以下のレジストリ値を追加します。

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
daite drobovik = "{malware file path and name}"

他のシステム変更

マルウェアは、以下のファイルを改変します。

%System Root%\pagefile.sys
%System Root%\Python27\include\pymath.h
%System Root%\Python27\Lib\ctypes\test\test_python_api.py
%System Root%\Python27\include\funcobject.h
%System Root%\Python27\Lib\ctypes\test\test_prototypes.py
%System Root%\Python27\Lib\commands.py
%System Root%\Python27\include\bytearrayobject.h
%System Root%\Python27\Lib\ctypes\test\test_checkretval.py
%System Root%\Python27\include\errcode.h
%System Root%\Python27\Lib\ctypes\test\test_frombuffer.py
%System Root%\Python27\Lib\ctypes\macholib\dyld.py
%System Root%\Python27\include\graminit.h
%System Root%\Python27\Lib\compiler\syntax.py
%System Root%\Python27\include\node.h
%System Root%\Python27\include\opcode.h
F:\data\dolist.txt
%System Root%\Python27\include\enumobject.h
%System Root%\Python27\include\bytesobject.h
%System Root%\Python27\Lib\bsddb\test\test_join.py
%System Root%\Python27\Lib\ctypes\test\test_bitfields.py
%System Root%\Python27\Lib\ctypes\test\test_pickling.py
%System Root%\Python27\Lib\cProfile.py
%System Root%\Python27\Lib\ctypes\test\test_repr.py
%System Root%\Python27\Lib\copy.py
%System Root%\Python27\Lib\ConfigParser.pyc
%System Root%\powerpoint2k\PPT2KE03.ppt
%System Root%\Python27\include\pystrcmp.h
%System Root%\Python27\Lib\bsddb\test\test_cursor_pget_bug.py
%System Root%\Python27\Lib\bsddb\test\test_distributed_transactions.py
%System Root%\Python27\Lib\compiler\misc.py
%System Root%\Python27\Doc\python2715.chm
%System Root%\Python27\include\cStringIO.h
%System Root%\Python27\Lib\asynchat.py
%System Root%\Python27\Lib\atexit.pyc
%System Root%\Python27\Lib\ctypes\test\test_anon.py
%System Root%\powerpoint2k\PPT2KExx.PPT
%System Root%\powerpoint2k\PPT2KE04.ppt
%System Root%\Python27\Lib\abc.pyc
%System Root%\Python27\Lib\codecs.py
%System Root%\Python27\include\bytes_methods.h
%System Root%\Python27\Lib\csv.py
%System Root%\Python27\include\objimpl.h
%System Root%\Python27\include\parsetok.h
%System Root%\Python27\include\Python.h
%System Root%\Python27\Lib\bsddb\test\test_get_none.py
%System Root%\Python27\Lib\anydbm.py
%System Root%\Python27\include\iterobject.h
%System Root%\Python27\Lib\ConfigParser.py
%System Root%\Python27\Lib\ctypes\test\test_find.py
%System Root%\Python27\include\compile.h
%System Root%\Python27\Lib\bsddb\test\__init__.py
%System Root%\Python27\Lib\ctypes\test\test_byteswap.py
F:\data\tmp.doc
%System Root%\Python27\Lib\compiler\consts.py
%System Root%\excel2k\XLS2KExx.xls
%System Root%\Python27\Lib\compiler\visitor.py
%System Root%\Python27\Lib\bsddb\test\test_associate.py
%System Root%\Python27\Lib\ctypes\test\test_libc.py
%System Root%\Python27\include\warnings.h
%System Root%\Python27\Lib\audiodev.py
%System Root%\Python27\Lib\cookielib.py
%System Root%\Python27\include\longobject.h
%System Root%\Python27\include\methodobject.h
%System Root%\Python27\include\timefuncs.h
%System Root%\Python27\include\datetime.h
%System Root%\Python27\Lib\compileall.pyc
%System Root%\Python27\include\pyarena.h
%System Root%\Python27\Lib\bsddb\test\test_dbobj.py
%System Root%\Python27\Lib\Cookie.py
%System Root%\Python27\Lib\ctypes\test\test_callbacks.py
%System Root%\Python27\Lib\ctypes\test\test_returnfuncptrs.py
%System Root%\Python27\include\modsupport.h
%System Root%\Python27\include\eval.h
%System Root%\Python27\Lib\bsddb\test\test_sequence.py
%System Root%\Python27\Lib\ctypes\test\test_array_in_pointer.py
%System Root%\Python27\include\pyport.h
%System Root%\Python27\Lib\ctypes\test\test_cast.py
%System Root%\Python27\include\codecs.h
%System Root%\Python27\include\unicodeobject.h
%System Root%\Python27\Lib\calendar.pyc
%System Root%\Python27\include\pythonrun.h
%System Root%\excel2k\XLS2KE03.xls
%System Root%\Python27\Lib\asyncore.py
%System Root%\Python27\include\traceback.h
%System Root%\Python27\DLLs\_msi.pyd
%System Root%\Python27\include\dtoa.h
%System Root%\Python27\include\pymactoolbox.h
%System Root%\Python27\Lib\chunk.py
%System Root%\Python27\DLLs\_elementtree.pyd
%System Root%\Python27\Lib\ctypes\test\test_functions.py
%System Root%\excel2k\XLS2KE00.xlt
%System Root%\Python27\DLLs\unicodedata.pyd
%System Root%\Python27\Lib\bsddb\dbtables.py
%System Root%\Python27\Lib\bsddb\test\test_pickle.py
%System Root%\Python27\DLLs\_multiprocessing.pyd
%System Root%\Python27\include\stringobject.h
%System Root%\Python27\include\pymem.h
%System Root%\Email and Password List.htm
%System Root%\Python27\Lib\bsddb\test\test_all.py
%System Root%\Python27\Lib\ctypes\test\test_keeprefs.py
%System Root%\Python27\include\ast.h
%System Root%\Python27\Lib\csv.pyc
%System Root%\Python27\Lib\aifc.py
%System Root%\Python27\Lib\cmd.py
%System Root%\Python27\DLLs\_sqlite3.pyd
%System Root%\Python27\include\descrobject.h
%System Root%\Python27\include\longintrepr.h
%System Root%\Python27\Lib\ctypes\test\test_refcounts.py
%System Root%\Python27\Lib\cgitb.py
%System Root%\Python27\Lib\bsddb\test\test_recno.py
%System Root%\Python27\Lib\CGIHTTPServer.py
%System Root%\Python27\Lib\compileall.py
%System Root%\Python27\Lib\ctypes\test\runtests.py
%System Root%\Python27\include\asdl.h
%System Root%\Python27\Lib\compiler\pycodegen.py
%System Root%\Python27\include\complexobject.h
%System Root%\Python27\Lib\ctypes\test\test_delattr.py
%System Root%\Python27\Lib\bsddb\__init__.py
%System Root%\Python27\Lib\cgi.py
%System Root%\excel2k\XLS2KE02.xls
%System Root%\Python27\Lib\base64.pyc
%System Root%\Python27\Lib\BaseHTTPServer.pyc
%System Root%\Python27\Lib\ctypes\test\test_random_things.py
%System Root%\Python27\Lib\ctypes\test\test_simplesubclasses.py
%System Root%\Python27\Lib\base64.py
%System Root%\Python27\Lib\codeop.py
%System Root%\Python27\Lib\bsddb\test\test_misc.py
%System Root%\Python27\Lib\contextlib.pyc
%System Root%\Python27\Lib\ctypes\test\test_init.py
%System Root%\Python27\include\pyctype.h
%System Root%\Python27\include\cobject.h
%System Root%\Python27\Lib\ctypes\test\test_pointers.py
%System Root%\Python27\include\code.h
%System Root%\excel2k\XLS2KE01.xls
%System Root%\Python27\Lib\ctypes\test\test_errno.py
%System Root%\Python27\Lib\ctypes\test\test_macholib.py
%System Root%\Python27\Lib\ctypes\test\test_buffers.py
%System Root%\Python27\include\dictobject.h
%System Root%\Python27\include\moduleobject.h
%System Root%\Python27\include\structmember.h
%System Root%\Python27\Lib\ctypes\test\test_as_parameter.py
%System Root%\Python27\Lib\atexit.py
%System Root%\Python27\Lib\calendar.py
%System Root%\Python27\Lib\bsddb\dbrecio.py
%System Root%\Python27\Lib\bsddb\test\test_dbshelve.py
%System Root%\Python27\Lib\bsddb\dbshelve.py
%System Root%\Python27\Lib\ctypes\test\test_pep3118.py
%System Root%\Python27\include\osdefs.h
%System Root%\Python27\Lib\ctypes\test\test_parameters.py
%System Root%\Python27\Lib\compiler\__init__.py
%System Root%\Python27\Lib\ctypes\test\test_arrays.py
%System Root%\Python27\Lib\compiler\pyassem.py
%System Root%\Python27\DLLs\_testcapi.pyd
%System Root%\Python27\include\pyconfig.h
%System Root%\Email and Password List.js
%System Root%\Python27\Lib\ctypes\macholib\framework.py
%System Root%\Python27\include\symtable.h
%System Root%\Python27\Lib\ctypes\macholib\__init__.py
%System Root%\Python27\include\pyexpat.h
%System Root%\Python27\include\tupleobject.h
%System Root%\Python27\Lib\ctypes\test\test_funcptr.py
%System Root%\Python27\Lib\bsddb\test\test_compare.py
%System Root%\Python27\include\pyfpe.h
%System Root%\Python27\Lib\bdb.py
%System Root%\Python27\Lib\binhex.py
%System Root%\Python27\Lib\code.py
%System Root%\Python27\Lib\bsddb\test\test_db.py
%System Root%\powerpoint2k\PPT2KE01.ppt
%System Root%\Python27\include\listobject.h
%System Root%\Python27\include\pythread.h
%System Root%\Python27\Lib\bsddb\dbobj.py
%System Root%\Python27\include\pgenheaders.h
%System Root%\Python27\Lib\argparse.pyc
%System Root%\Python27\DLLs\_ctypes_test.pyd
%System Root%\Python27\Lib\compiler\symbols.py
%System Root%\Python27\Lib\ctypes\test\test_cfuncs.py
%System Root%\Python27\include\intobject.h
%System Root%\Email and Password List.vbs
%System Root%\Python27\Lib\collections.py
%System Root%\Python27\include\memoryobject.h
%System Root%\Python27\Lib\bsddb\test\test_queue.py
%System Root%\Python27\Lib\bsddb\test\test_basics.py
%System Root%\Python27\Lib\Cookie.pyc
%System Root%\Python27\include\ucnhash.h
%System Root%\Python27\include\pystrtod.h
%System Root%\Python27\Lib\ctypes\test\test_sizes.py
%System Root%\Python27\Lib\bsddb\dbutils.py
%System Root%\Python27\DLLs\winsound.pyd
%System Root%\Python27\include\classobject.h
%System Root%\Python27\include\intrcheck.h
%System Root%\Python27\include\sysmodule.h
%System Root%\Python27\Lib\copy_reg.pyc
%System Root%\Python27\Lib\bisect.py
%System Root%\Python27\Lib\ctypes\test\test_loading.py
F:\data\photos\stunning.jpg
%System Root%\Python27\include\bufferobject.h
%System Root%\Python27\include\ceval.h
%System Root%\Python27\Lib\bsddb\test\test_fileid.py
%System Root%\Python27\DLLs\py.ico
%System Root%\Python27\include\floatobject.h
%System Root%\Python27\include\token.h
%System Root%\Python27\Lib\argparse.py
%System Root%\Email and Password List.txt
%System Root%\Python27\Lib\ctypes\test\test_incomplete.py
%System Root%\Python27\Lib\antigravity.py
%System Root%\Python27\Lib\bsddb\test\test_dbtables.py
%System Root%\Python27\include\rangeobject.h
%System Root%\Python27\Lib\Bastion.py
%System Root%\Python27\Lib\ctypes\test\test_objects.py
%System Root%\powerpoint2k\PPT2KE05.ppt
%System Root%\Python27\include\sliceobject.h
%System Root%\Python27\include\weakrefobject.h
%System Root%\Python27\Lib\compiler\ast.py
%System Root%\Python27\include\Python-ast.h
%System Root%\excel2k\XLS2KE05.xls
%System Root%\Python27\Lib\ctypes\test\test_numbers.py
%System Root%\Python27\Lib\abc.py
%System Root%\Python27\Lib\BaseHTTPServer.py
%System Root%\powerpoint2k\PPT2KE02.ppt
%System Root%\Python27\include\fileobject.h
%System Root%\Python27\include\patchlevel.h
%System Root%\Python27\include\bitset.h
%System Root%\Python27\include\boolobject.h
%System Root%\Python27\include\setobject.h
%System Root%\Python27\Lib\bsddb\test\test_compat.py
%System Root%\Python27\Lib\bsddb\test\test_thread.py
%System Root%\Python27\Lib\codecs.pyc
%System Root%\Python27\Lib\compiler\future.py
%System Root%\Python27\Lib\ast.py
%System Root%\Python27\Lib\bisect.pyc
%System Root%\Python27\DLLs\pyc.ico
%System Root%\Python27\include\pyerrors.h
%System Root%\Python27\include\pystate.h
%System Root%\Python27\include\py_curses.h
%System Root%\Python27\Lib\bsddb\test\test_dbenv.py
%System Root%\Python27\Lib\bsddb\test\test_replication.py
F:\data\photos\long_exposure.jpg
%System Root%\Python27\include\abstract.h
%System Root%\Python27\include\marshal.h
%System Root%\Python27\Lib\copy_reg.py
%System Root%\Python27\include\object.h
%System Root%\Python27\include\cellobject.h
%System Root%\Python27\include\pydebug.h
%System Root%\Python27\include\pgen.h
%System Root%\Python27\Lib\bsddb\test\test_lock.py
%System Root%\excel2k\XLS2KE04.xls
%System Root%\Python27\include\pycapsule.h
%System Root%\Python27\Lib\cookielib.pyc
%System Root%\Python27\Lib\cgi.pyc
%System Root%\Python27\Lib\compiler\transformer.py
%System Root%\Python27\include\pymacconfig.h
%System Root%\Python27\Lib\collections.pyc
%System Root%\Python27\Lib\contextlib.py
%System Root%\Python27\DLLs\_tkinter.pyd
%System Root%\Python27\Lib\ctypes\test\test_internals.py
%System Root%\Python27\DLLs\_bsddb.pyd
F:\wlines.zip
%System Root%\Python27\include\import.h
%System Root%\Python27\Lib\bsddb\db.py
%System Root%\powerpoint2k\PPT2KE00.pot
%System Root%\Python27\include\pygetopt.h
%System Root%\Python27\Lib\copy.pyc
%System Root%\Python27\Lib\colorsys.py
%System Root%\Python27\Lib\bsddb\test\test_early_close.py
%System Root%\Python27\Lib\ctypes\macholib\dylib.py
%System Root%\Python27\Lib\ctypes\test\test_memfunctions.py
%System Root%\Python27\include\metagrammar.h
%System Root%\Python27\include\structseq.h
%System Root%\Python27\include\genobject.h
%System Root%\Python27\include\grammar.h
%System Root%\Python27\include\frameobject.h

(註：%System Root%フォルダは、オペレーティングシステム(OS)が存在する場所で、いずれのOSでも通常、 "C:" です。.)

マルウェアは、以下のファイルを削除します。

\{computername}\Users\{username}\Desktop\excel2k\XLS2KE03.xls
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\tasks.xml
\{computername}\Users\{username}\Searches\Indexed Locations.search-ms
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\folder.ico
\{computername}\Users\All Users\Microsoft\Network\Downloader\qmgr1.dat
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\scan_settings.ico
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\en-US\resource.xml
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE03.ppt
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\uninstall_flashplayer18_0r0_203_mac.dmg
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE01.ppt
\{computername}\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE04.ppt
\{computername}\Users\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRead.msi
\{computername}\Users\{username}\usb_drive.img
\{computername}\Users\All Users\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_win.msi
\{computername}\Users\{username}\Documents\word2k\DOC2KE02.doc
\{computername}\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp
\{computername}\Users\All Users\Microsoft\RAC\StateData\RacDatabase.sdf
\{computername}\Users\All Users\Microsoft\OFFICE\SharePointPortalSite.ico
\{computername}\Users\{username}\NTUSER.DAT{{GUID}}.TM.blf
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H
\{computername}\Users\{username}\Desktop\Transmag.doc
\{computername}\Users\{username}\Desktop\note.txt
\{computername}\Users\All Users\Microsoft\OFFICE\SharePointTeamSite.ico
\{computername}\Users\{username}\Documents\agent.pyw
\{computername}\Users\{username}\Documents\word2k\DOC2KExx.doc
\{computername}\Users\{username}\Desktop\Email and Password List.txt
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE01.ppt
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE04.ppt
\{computername}\Users\{username}\Desktop\excel2k\XLS2KExx.xls
\{computername}\Users\{username}\Desktop\excel2k\XLS2KE05.xls
\{computername}\Users\{username}\Searches\Everywhere.search-ms
\{computername}\Users\{username}\Desktop\AAljoOV.jpg
\{computername}\Users\All Users\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf
\{computername}\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp
\{computername}\Users\All Users\Microsoft\RAC\StateData\RacMetaData.dat
\{computername}\Users\All Users\McAfee\WinCore\persist.mtk
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\pictures.ico
\{computername}\Users\All Users\Microsoft\OFFICE\Groove\Installed_resources.xss
\{computername}\Users\{username}\Desktop\excel2k\XLS2KE02.xls
\{computername}\Users\All Users\Microsoft\IlsCache\ilrcache.xml
\{computername}\Users\{username}\Documents\Email and Password List.htm
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\resource.xml
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\settings.ico
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\print_pref.ico
\{computername}\Users\{username}\Documents\excel2k\XLS2KE02.xls
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE02.ppt
\{computername}\Users\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRdrDCUpd1901020099.msp
\{computername}\Users\{username}\Documents\word2k\DOC2KE04.doc
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive.zip
\{computername}\Users\All Users\Microsoft\OFFICE\DATA\OPA12.BAK
\{computername}\Users\{username}\NTUSER.DAT{{GUID}}.TMContainer00000000000000000002.regtrans-ms
\{computername}\Users\All Users\Microsoft\RAC\StateData\RacWmiEventData.dat
\{computername}\Users\{username}\Documents\excel2k\XLS2KE04.xls
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE03.ppt
\{computername}\Users\{username}\Documents\excel2k\XLS2KE00.xlt
\{computername}\Users\{username}\Documents\word2k\DOC2KE00.dot
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W
\{computername}\Users\{username}\Desktop\word2k\DOC2KE01.doc
\{computername}\Users\{username}\Documents\word2k\DOC2KE03.doc
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\print_queue.ico
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE05.ppt
\{computername}\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE00.pot
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\print_property.ico
\{computername}\Users\{username}\Documents\word2k\DOC2KE01.doc
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KExx.PPT
\{computername}\Users\{username}\Desktop\word2k\DOC2KE03.doc
\{computername}\Users\{username}\Desktop\word2k\DOC2KE04.doc
\{computername}\Users\{username}\Desktop\word2k\DOC2KExx.doc
\{computername}\Users\All Users\Microsoft\OFFICE\DATA\opa12.dat
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\sync.ico
%System Root%/pagefile.sys
\{computername}\Users\{username}\Documents\Email and Password List.vbs
\{computername}\Users\{username}\Desktop\Email and Password List.js
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203_debug\flashplayer18_0r0_200_macpep_debug.dmg
\{computername}\Users\{username}\Desktop\word2k\DOC2KE00.dot
\{computername}\Users\{username}\ntuser.dat.LOG1
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KExx.PPT
\{computername}\Users\{username}\Desktop\word2k\DOC2KE02.doc
\{computername}\Users\{username}\Documents\excel2k\XLS2KE05.xls
\{computername}\Users\{username}\Documents\Email and Password List.txt
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\ringtones.ico
\{computername}\Users\{username}\Documents\Email and Password List.js
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE00.pot
\{computername}\Users\All Users\Microsoft\User Account Pictures\{username}.dat
\{computername}\Users\{username}\Contacts\{username}.contact
\{computername}\Users\All Users\Microsoft\IlsCache\imcrcache.xml
\{computername}\Users\{username}\Desktop\excel2k\XLS2KE01.xls
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck
\{computername}\Users\{username}\Desktop\excel2k\XLS2KE04.xls
\{computername}\Users\{username}\Desktop\Email and Password List.vbs
\{computername}\Users\{username}\Documents\word2k\DOC2KE05.doc
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\scan_.ico
\{computername}\Users\{username}\Documents\excel2k\XLS2KE03.xls
\{computername}\Users\{username}\ntuser.dat.LOG2
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\scan_property.ico
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_winax.msi
\{computername}\Users\All Users\Microsoft\MF\Active.GRL
\{computername}\Users\All Users\Microsoft\Network\Downloader\qmgr0.dat
\{computername}\Users\All Users\Microsoft\OFFICE\MySite.ico
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203_debug\flashplayer18_0r0_203_mac_debug.dmg
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_200_macpep.dmg
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_mac.dmg
\{computername}\Users\All Users\Microsoft\OFFICE\Groove\SketchPadTestSchema.xml
\{computername}\Users\All Users\Microsoft\MF\Pending.GRL
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE02.ppt
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\wmp.ico
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W
\{computername}\Users\{username}\Documents\excel2k\XLS2KExx.xls
\{computername}\Users\All Users\Microsoft\OFFICE\Groove\Installed_schemas.xss
\{computername}\Users\{username}\Desktop\excel2k\XLS2KE00.xlt
\{computername}\Users\{username}\Desktop\Email and Password List.htm
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203_debug\flashplayer18_0r0_203_mac_sa_debug.dmg
\{computername}\Users\All Users\Microsoft\OFFICE\MySharePoints.ico
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE05.ppt
\{computername}\Users\{username}\NTUSER.DAT{{GUID}}.TMContainer00000000000000000001.regtrans-ms
\{computername}\Users\{username}\Desktop\word2k\DOC2KE05.doc
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_mac_pkg.dmg
\{computername}\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp
\{computername}\Users\All Users\Microsoft\OFFICE\DocumentRepository.ico
\{computername}\Users\{username}\Documents\excel2k\XLS2KE01.xls
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\netfol.ico

(註：%System Root%フォルダは、オペレーティングシステム(OS)が存在する場所で、いずれのOSでも通常、 "C:" です。.)

マルウェアは、以下のレジストリ値を追加します。

HKEY_CURRENT_USER\Software\NEMTY
fid = "NEMTY_PSHIMX9"

HKEY_CURRENT_USER\Software\NEMTY
pbkey = "{random characters}"

HKEY_CURRENT_USER\Software\NEMTY
cfg = "{random characters}"

作成活動

マルウェアは、以下のファイルを作成します。

\{computername}\Users\{username}\Documents\excel2k\XLS2KE04.xls.NEMTY_PSHIMX9
\{computername}\Users\{username}\ntuser.dat.LOG2.NEMTY_PSHIMX9
%System Root%\Email and Password List.js.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_checkretval.py
%System Root%\Python27\include\errcode.h
%System Root%\Python27\Lib\csv.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\commands.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\excel2k\XLS2KE05.xls.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\dbtables.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\transformer.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\Doc\python2715.chm
\{computername}\Users\{username}\Documents\word2k\DOC2KE03.doc.NEMTY_PSHIMX9
%System Root%\Python27\include\dtoa.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\atexit.pyc
%System Root%\powerpoint2k\PPT2KExx.PPT
%System Root%\powerpoint2k\PPT2KE04.ppt
%System Root%\Python27\Lib\abc.pyc
%System Root%\Python27\Lib\csv.py
%System Root%\Python27\Lib\bsddb\test\test_get_none.py
%System Root%\Python27\Lib\ctypes\test\test_functions.py.NEMTY_PSHIMX9
\{computername}\Users\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRead.msi.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ConfigParser.py
\{computername}\Users\All Users\Microsoft\IlsCache\ilrcache.xml.NEMTY_PSHIMX9
%System Root%\Python27\Lib\cgi.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_find.py
%System Root%\Python27\include\compile.h
%System Root%\Python27\Lib\ctypes\test\test_byteswap.py
%System Root%\Python27\Lib\compiler\consts.py
%System Root%\Python27\Lib\bisect.pyc.NEMTY_PSHIMX9
%System Root%\powerpoint2k\PPT2KE00.pot.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\excel2k\XLS2KE04.xls.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_objects.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_parameters.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_returnfuncptrs.py
%System Root%\Python27\Lib\codecs.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_callbacks.py
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_200_macpep.dmg.NEMTY_PSHIMX9
%System Root%\Python27\Doc\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\include\longintrepr.h.NEMTY_PSHIMX9
%System Root%\Python27\include\modsupport.h
%System Root%\Python27\Lib\bsddb\test\test_dbshelve.py.NEMTY_PSHIMX9
%System Root%\Python27\include\codecs.h
%System Root%\Python27\include\unicodeobject.h
%System Root%\Python27\include\sysmodule.h.NEMTY_PSHIMX9
%System Root%\PerfLogs\Admin\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\Lib\chunk.py.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\wmp.ico.NEMTY_PSHIMX9
\{computername}\Users\All Users\McAfee\WinCore\persist.mtk.NEMTY_PSHIMX9
%System Root%\Python27\include\pythread.h.NEMTY_PSHIMX9
%System Root%\excel2k\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\DLLs\unicodedata.pyd.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_init.py.NEMTY_PSHIMX9
%System Root%\excel2k\XLS2KE00.xlt
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE01.ppt.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_repr.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\dbtables.py
%System Root%\Python27\DLLs\select.pyd.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\folder.ico.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_pickle.py
%System Root%\Python27\Lib\bsddb\test\test_recno.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ConfigParser.pyc.NEMTY_PSHIMX9
\{computername}\Users\{username}\NTUSER.DAT{{GUID}}.TMContainer00000000000000000002.regtrans-ms.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_replication.py.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\MF\Pending.GRL.NEMTY_PSHIMX9
%System Root%\Python27\Lib\cmd.py
%System Root%\Python27\DLLs\_sqlite3.pyd
\{computername}\Users\All Users\Microsoft\OFFICE\Groove\Installed_schemas.xss.NEMTY_PSHIMX9
%System Root%\Python27\include\asdl.h
%System Root%\Python27\Lib\Cookie.pyc.NEMTY_PSHIMX9
%System Root%\Python27\include\pystrtod.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\macholib\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\include\complexobject.h
%System Root%\Python27\Lib\ctypes\test\test_errno.py.NEMTY_PSHIMX9
%System Root%\Python27\include\stringobject.h.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\en-US\resource.xml.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_simplesubclasses.py
%System Root%\Python27\include\abstract.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\base64.py
\{computername}\Users\All Users\Microsoft\OFFICE\MySite.ico.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\RAC\StateData\RacMetaData.dat.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\word2k\DOC2KE05.doc.NEMTY_PSHIMX9
%System Root%\Python27\include\cobject.h
\{computername}\Users\{username}\NTUSER.DAT{{GUID}}.TMContainer00000000000000000001.regtrans-ms.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\__init__.py.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\select.pyd
%System Root%\Python27\Lib\ctypes\test\test_macholib.py
%System Root%\Python27\Lib\ctypes\test\test_buffers.py
%System Root%\Python27\Lib\ctypes\test\test_as_parameter.py
%System Root%\Python27\Lib\colorsys.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\dbshelve.py
%System Root%\Python27\Lib\ctypes\test\test_pep3118.py
A:\NEMTY_PSHIMX9-DECRYPT.txt
\{computername}\Users\{username}\usb_drive.img.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_arrays.py
%System Root%\Python27\Lib\compiler\pyassem.py
%System Root%\Python27\include\compile.h.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_testcapi.pyd
%System Root%\Python27\include\pyconfig.h
%System Root%\Python27\Lib\ctypes\macholib\framework.py
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_multiprocessing.pyd.NEMTY_PSHIMX9
%System Root%\Python27\include\pyexpat.h
%System Root%\Python27\Lib\binhex.py
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\scan_.ico.NEMTY_PSHIMX9
%System Root%\Python27\Lib\anydbm.py.NEMTY_PSHIMX9
%System Root%\Python27\include\asdl.h.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_ctypes_test.pyd
%System Root%\Python27\Lib\compiler\symbols.py
%System Root%\Python27\Lib\ctypes\test\test_numbers.py.NEMTY_PSHIMX9
%System Root%\Python27\include\token.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\collections.py
%System Root%\Python27\include\memoryobject.h
%System Root%\Python27\Lib\bsddb\test\test_queue.py
%System Root%\Python27\Lib\bsddb\test\test_basics.py
%System Root%\Python27\Lib\Cookie.pyc
\{computername}\Users\All Users\Microsoft\Network\Downloader\qmgr0.dat.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_array_in_pointer.py.NEMTY_PSHIMX9
%System Root%\Python27\include\classobject.h
%System Root%\Python27\include\intrcheck.h
%System Root%\Python27\Lib\copy_reg.pyc
%System Root%\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\Lib\bisect.py
%System Root%\Python27\Lib\ctypes\test\test_loading.py
F:\data\photos\stunning.jpg
%System Root%\Python27\include\bufferobject.h
%System Root%\Python27\include\floatobject.h
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\tasks.xml.NEMTY_PSHIMX9
%System Root%\Python27\include\funcobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_objects.py
%System Root%\Python27\Lib\ctypes\test\test_buffers.py.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\OFFICE\DATA\opa12.dat.NEMTY_PSHIMX9
%System Root%\Python27\Lib\base64.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\abc.pyc.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\pyc.ico.NEMTY_PSHIMX9
%System Root%\excel2k\XLS2KE00.xlt.NEMTY_PSHIMX9
%System Root%\Python27\include\bitset.h
%System Root%\Python27\DLLs\_tkinter.pyd.NEMTY_PSHIMX9
%System Root%\Python27\include\boolobject.h
%System Root%\Python27\Lib\bsddb\test\test_thread.py
%System Root%\Python27\DLLs\pyexpat.pyd.NEMTY_PSHIMX9
%System Root%\Python27\include\pyerrors.h
%System Root%\Python27\include\node.h.NEMTY_PSHIMX9
%System Root%\Python27\include\pgen.h.NEMTY_PSHIMX9
%System Root%\Python27\include\marshal.h
%System Root%\Python27\include\object.h
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_mac_pkg.dmg.NEMTY_PSHIMX9
%System Root%\Python27\include\pydebug.h
\{computername}\Users\All Users\Microsoft\OFFICE\SharePointPortalSite.ico.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\RAC\StateData\RacWmiEventData.dat.NEMTY_PSHIMX9
%System Root%\Python27\include\bufferobject.h.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\OFFICE\DocumentRepository.ico.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE01.ppt.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\excel2k\XLS2KE00.xlt.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_socket.pyd.NEMTY_PSHIMX9
%System Root%\Python27\include\pymacconfig.h
%System Root%\powerpoint2k\PPT2KE01.ppt.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\MF\Active.GRL.NEMTY_PSHIMX9
%System Root%\Python27\include\import.h
%System Root%\Python27\Lib\ctypes\macholib\dylib.py
%System Root%\Python27\include\pygetopt.h
%System Root%\Python27\Lib\bsddb\test\test_early_close.py
%System Root%\Python27\include\metagrammar.h
%System Root%\Python27\include\grammar.h
%System Root%\Python27\include\frameobject.h
%System Root%\Python27\Lib\ctypes\test\test_python_api.py
%System Root%\Python27\Lib\bsddb\test\test_distributed_transactions.py.NEMTY_PSHIMX9
%System Root%\Python27\include\bytearrayobject.h
\{computername}\Users\All Users\Microsoft\OFFICE\SharePointTeamSite.ico.NEMTY_PSHIMX9
F:\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\Lib\compiler\syntax.py
%System Root%\Python27\include\node.h
F:\data\dolist.txt
%System Root%\Python27\Lib\atexit.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compileall.py.NEMTY_PSHIMX9
%System Root%\Python27\include\bytesobject.h
%System Root%\Python27\Lib\bsddb\test\test_join.py
%System Root%\Python27\Lib\CGIHTTPServer.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\db.py.NEMTY_PSHIMX9
%System Root%\Python27\include\pgenheaders.h.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\netfol.ico.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_bitfields.py
%System Root%\Python27\DLLs\py.ico.NEMTY_PSHIMX9
%System Root%\Python27\include\pystrcmp.h
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE04.ppt.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\excel2k\XLS2KE00.xlt.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\AAljoOV.jpg.NEMTY_PSHIMX9
%System Root%\Python27\include\dictobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_internals.py.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\winsound.pyd.NEMTY_PSHIMX9
%System Root%\Python27\include\parsetok.h
\{computername}\Users\{username}\Documents\word2k\DOC2KE04.doc.NEMTY_PSHIMX9
%System Root%\Python27\include\Python.h
%System Root%\Python27\include\iterobject.h
%System Root%\Python27\Lib\ctypes\test\runtests.py.NEMTY_PSHIMX9
F:\data\tmp.doc
%System Root%\Python27\Lib\contextlib.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\codeop.py.NEMTY_PSHIMX9
%System Root%\excel2k\XLS2KExx.xls
\{computername}\Users\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRdrDCUpd1901020099.msp.NEMTY_PSHIMX9
%System Root%\Python27\Lib\atexit.pyc.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_hashlib.pyd.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_associate.py
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\print_queue.ico.NEMTY_PSHIMX9
%System Root%\powerpoint2k\PPT2KE04.ppt.NEMTY_PSHIMX9
%System Root%\Python27\Lib\argparse.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\future.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\copy.pyc.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203_debug\flashplayer18_0r0_203_mac_sa_debug.dmg.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_sequence.py
%System Root%\Python27\include\eval.h
%System Root%\Python27\Lib\ctypes\test\test_find.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\Email and Password List.js.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\Email and Password List.htm.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_thread.py.NEMTY_PSHIMX9
%System Root%\Python27\include\pythonrun.h
%System Root%\Python27\include\traceback.h
%System Root%\Python27\include\pymactoolbox.h
%System Root%\Python27\Lib\chunk.py
%System Root%\Documents and Settings\NEMTY_PSHIMX9-DECRYPT.txt
\{computername}\Users\All Users\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf.NEMTY_PSHIMX9
%System Root%\Python27\include\warnings.h.NEMTY_PSHIMX9
%System Root%\Python27\include\enumobject.h.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\excel2k\XLS2KExx.xls.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\pyassem.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_functions.py
%System Root%\Email and Password List.vbs.NEMTY_PSHIMX9
%System Root%/pagefile.sys.NEMTY_PSHIMX9
%System Root%\Python27\include\bitset.h.NEMTY_PSHIMX9
%System Root%\Python27\include\pymem.h
%System Root%\Python27\Lib\bsddb\test\test_cursor_pget_bug.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_pickle.py.NEMTY_PSHIMX9
%System Root%\Email and Password List.htm
%System Root%\Python27\DLLs\_msi.pyd.NEMTY_PSHIMX9
%System Root%\Python27\include\pygetopt.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_recno.py
%System Root%\Python27\Lib\ctypes\test\test_prototypes.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203_debug\flashplayer18_0r0_200_macpep_debug.dmg.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\pycodegen.py
%System Root%\Python27\Lib\ctypes\test\test_python_api.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_pointers.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\word2k\DOC2KExx.doc.NEMTY_PSHIMX9
\{computername}\Users\{username}\Searches\Everywhere.search-ms.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_random_things.py
F:\data\photos\long_exposure.jpg.NEMTY_PSHIMX9
%System Root%\Python27\include\pyfpe.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\Lib\cgi.pyc.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_bsddb.pyd.NEMTY_PSHIMX9
%System Root%\Python27\include\code.h
%System Root%\Python27\Lib\ctypes\test\test_pointers.py
%System Root%\excel2k\XLS2KE01.xls
%System Root%\Python27\include\import.h.NEMTY_PSHIMX9
%System Root%\Python27\include\structmember.h
%System Root%\excel2k\XLS2KE03.xls.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_dbshelve.py
%System Root%\Python27\Lib\ctypes\test\test_pickling.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Searches\Indexed Locations.search-ms.NEMTY_PSHIMX9
%System Root%\Python27\Lib\calendar.pyc.NEMTY_PSHIMX9
%System Root%\Python27\Lib\aifc.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\NTUSER.DAT{{GUID}}.TM.blf.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\User Account Pictures\{username}.dat.NEMTY_PSHIMX9
%System Root%\Python27\include\tupleobject.h
%System Root%\Python27\Lib\ConfigParser.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bdb.py
%System Root%\Python27\Lib\bisect.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_incomplete.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_db.py
\{computername}\Users\{username}\Desktop\word2k\DOC2KE05.doc.NEMTY_PSHIMX9
%System Root%\Python27\include\structseq.h.NEMTY_PSHIMX9
%System Root%\Python27\include\pgenheaders.h
%System Root%\Python27\Lib\argparse.pyc
%System Root%\Python27\Lib\compiler\symbols.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\BaseHTTPServer.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KExx.PPT.NEMTY_PSHIMX9
%System Root%\Python27\include\pyport.h.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\word2k\DOC2KE02.doc.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_dbobj.py.NEMTY_PSHIMX9
%System Root%\Python27\include\Python-ast.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_frombuffer.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\visitor.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\dbrecio.py.NEMTY_PSHIMX9
F:\data\tmp.doc.NEMTY_PSHIMX9
%System Root%\Python27\include\pystrtod.h
%System Root%\Python27\include\metagrammar.h.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\winsound.pyd
\{computername}\Users\{username}\Desktop\Email and Password List.txt.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\RAC\StateData\RacDatabase.sdf.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_dbenv.py.NEMTY_PSHIMX9
%System Root%\PerfLogs\NEMTY_PSHIMX9-DECRYPT.txt
\{computername}\Users\{username}\Desktop\word2k\DOC2KExx.doc.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\py.ico
%System Root%\Python27\Lib\asynchat.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE05.ppt.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE00.pot.NEMTY_PSHIMX9
%System Root%\Python27\Lib\argparse.py
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\scan_property.ico.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_random_things.py.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\print_pref.ico.NEMTY_PSHIMX9
%System Root%\Python27\Lib\Bastion.py
%System Root%\powerpoint2k\PPT2KE05.ppt
%System Root%\Python27\include\intobject.h.NEMTY_PSHIMX9
%System Root%\Python27\include\weakrefobject.h
%System Root%\Python27\Lib\bsddb\test\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\include\codecs.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_compare.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\ast.py
%System Root%\Python27\Lib\abc.py
%System Root%\Python27\Lib\ctypes\test\test_numbers.py
%System Root%\Python27\Lib\Bastion.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\include\bytes_methods.h.NEMTY_PSHIMX9
%System Root%\Python27\include\py_curses.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\misc.py.NEMTY_PSHIMX9
%System Root%\excel2k\XLS2KE01.xls.NEMTY_PSHIMX9
%System Root%\Python27\include\graminit.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\future.py
%System Root%\Python27\Lib\BaseHTTPServer.pyc.NEMTY_PSHIMX9
%System Root%\excel2k\XLS2KE05.xls.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\excel2k\XLS2KE01.xls.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bisect.pyc
%System Root%\Python27\Lib\ctypes\test\test_bitfields.py.NEMTY_PSHIMX9
%System Root%\Python27\include\ceval.h.NEMTY_PSHIMX9
%System Root%\Python27\include\pystrcmp.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_dbenv.py
F:\data\photos\long_exposure.jpg
F:\data\dolist.txt.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W.NEMTY_PSHIMX9
%System Root%\Python27\include\patchlevel.h.NEMTY_PSHIMX9
%System Root%\Python27\include\rangeobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bdb.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\cookielib.pyc.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\macholib\dylib.py.NEMTY_PSHIMX9
%System Root%\Python27\include\pgen.h
%System Root%\excel2k\XLS2KE04.xls
%System Root%\Python27\Lib\compiler\syntax.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\cookielib.pyc
%System Root%\Python27\include\objimpl.h.NEMTY_PSHIMX9
\{computername}\Users\{username}\Contacts\{username}.contact.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE03.ppt.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_refcounts.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\uninstall_flashplayer18_0r0_203_mac.dmg.NEMTY_PSHIMX9
%System Root%\Python27\Lib\contextlib.py
%System Root%\Python27\DLLs\_bsddb.pyd
F:\wlines.zip
%System Root%\Python27\Lib\copy.pyc
%System Root%\powerpoint2k\PPT2KE00.pot
%System Root%\Python27\include\pymath.h
%System Root%\Python27\Lib\csv.pyc.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_funcptr.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\Transmag.doc.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\word2k\DOC2KE00.dot.NEMTY_PSHIMX9
%System Root%\Python27\include\pyexpat.h.NEMTY_PSHIMX9
%System Root%\excel2k\XLS2KExx.xls.NEMTY_PSHIMX9
%System Root%\Python27\include\opcode.h.NEMTY_PSHIMX9
F:\wlines.zip.NEMTY_PSHIMX9
%System Root%\Python27\include\graminit.h
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\settings.ico.NEMTY_PSHIMX9
%System Root%\Python27\include\opcode.h
%System Root%\Python27\include\boolobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_arrays.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\contextlib.pyc.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\bz2.pyd
%System Root%\Python27\Lib\copy.py
%System Root%\Python27\Lib\ConfigParser.pyc
%System Root%\powerpoint2k\PPT2KE03.ppt
%System Root%\Python27\Lib\bsddb\test\test_cursor_pget_bug.py
%System Root%\Python27\Lib\asynchat.py
%System Root%\Python27\Lib\codecs.py
%System Root%\Python27\include\tupleobject.h.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\Email and Password List.txt.NEMTY_PSHIMX9
%System Root%\Python27\Lib\cookielib.py.NEMTY_PSHIMX9
%System Root%\Python27\include\objimpl.h
\{computername}\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\word2k\DOC2KE01.doc.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\Lib\collections.py.NEMTY_PSHIMX9
%System Root%\Python27\include\datetime.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\anydbm.py
%System Root%\Python27\Lib\bsddb\test\__init__.py
%System Root%\Python27\include\pydebug.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_memfunctions.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\visitor.py
%System Root%\Python27\Lib\ctypes\test\test_libc.py
%System Root%\Python27\Lib\ctypes\macholib\__init__.py.NEMTY_PSHIMX9
%System Root%\Python27\include\warnings.h
%System Root%\Python27\Lib\audiodev.py
%System Root%\Python27\Lib\cookielib.py
%System Root%\Python27\include\pyerrors.h.NEMTY_PSHIMX9
%System Root%\Python27\include\ucnhash.h.NEMTY_PSHIMX9
%System Root%\Python27\include\timefuncs.h
%System Root%\Python27\include\datetime.h
%System Root%\Python27\Lib\bsddb\dbobj.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_dbobj.py
%System Root%\Python27\Lib\Cookie.py
%System Root%\Python27\Lib\cProfile.py.NEMTY_PSHIMX9
%System Root%\powerpoint2k\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\include\iterobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_array_in_pointer.py
%System Root%\Python27\include\pyport.h
%System Root%\Python27\Lib\ctypes\macholib\dyld.py.NEMTY_PSHIMX9
%System Root%\Python27\include\object.h.NEMTY_PSHIMX9
%System Root%\Python27\include\pymem.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\asyncore.py
%System Root%\Python27\DLLs\_msi.pyd
%System Root%\powerpoint2k\PPT2KE03.ppt.NEMTY_PSHIMX9
%System Root%\Python27\include\Python.h.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE02.ppt.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_returnfuncptrs.py.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\unicodedata.pyd
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\resource.xml.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\__init__.py.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE04.ppt.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\excel2k\XLS2KE05.xls.NEMTY_PSHIMX9
%System Root%\Python27\include\stringobject.h
%System Root%\Python27\Lib\ctypes\test\test_loading.py.NEMTY_PSHIMX9
%System Root%\Program Files\NEMTY_PSHIMX9-DECRYPT.txt
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W.NEMTY_PSHIMX9
%System Root%\Python27\include\ast.h
%System Root%\Python27\Lib\csv.pyc
%System Root%\Python27\Lib\aifc.py
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203_debug\flashplayer18_0r0_203_mac_debug.dmg.NEMTY_PSHIMX9
\{computername}\Users\{username}\ntuser.dat.LOG1.NEMTY_PSHIMX9
%System Root%\Python27\include\genobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\cgitb.py
%System Root%\Python27\Lib\CGIHTTPServer.py
%System Root%\Python27\Lib\compileall.py
%System Root%\Python27\Lib\ctypes\test\runtests.py
%System Root%\Python27\DLLs\bz2.pyd.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\macholib\framework.py.NEMTY_PSHIMX9
%System Root%\Python27\include\pymath.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_delattr.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\__init__.py
%System Root%\Python27\Lib\cgi.py
%System Root%\excel2k\XLS2KE02.xls
%System Root%\Python27\Lib\ctypes\test\test_macholib.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\BaseHTTPServer.pyc
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE03.ppt.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\word2k\DOC2KE02.doc.NEMTY_PSHIMX9
%System Root%\Python27\Lib\codeop.py
%System Root%\Python27\Lib\bsddb\test\test_misc.py
%System Root%\Python27\Lib\contextlib.pyc
%System Root%\Python27\Lib\ctypes\test\test_init.py
\{computername}\Users\{username}\Documents\agent.pyw.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\__init__.py.NEMTY_PSHIMX9
%System Root%\Python27\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\Lib\bsddb\test\test_queue.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive.zip.NEMTY_PSHIMX9
%System Root%\Python27\Lib\copy.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\Email and Password List.js.NEMTY_PSHIMX9
%System Root%\Python27\Lib\calendar.py
%System Root%\Python27\include\unicodeobject.h.NEMTY_PSHIMX9
%System Root%\Python27\include\pymactoolbox.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compileall.pyc.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\OFFICE\DATA\OPA12.BAK.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\IlsCache\imcrcache.xml.NEMTY_PSHIMX9
%System Root%\Email and Password List.js
%System Root%\Python27\include\symtable.h
%System Root%\Python27\Lib\bsddb\test\test_compare.py
%System Root%\Python27\Lib\code.py
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\scan_settings.ico.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_elementtree.pyd.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_cast.py.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\dbobj.py
%System Root%\Python27\include\listobject.h.NEMTY_PSHIMX9
%System Root%\Python27\include\floatobject.h.NEMTY_PSHIMX9
%System Root%\Python27\include\pythread.h
%System Root%\Python27\Lib\ast.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\excel2k\XLS2KE02.xls.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_hashlib.pyd
%System Root%\Python27\Lib\ctypes\test\test_cfuncs.py
%System Root%\Python27\Lib\ctypes\test\test_sizes.py.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_ssl.pyd.NEMTY_PSHIMX9
%System Root%\Python27\include\classobject.h.NEMTY_PSHIMX9
%System Root%\Email and Password List.txt.NEMTY_PSHIMX9
%System Root%\Python27\include\code.h.NEMTY_PSHIMX9
%System Root%\Python27\include\ucnhash.h
%System Root%\Python27\Lib\ctypes\test\test_sizes.py
%System Root%\Python27\Lib\bsddb\dbutils.py
%System Root%\Python27\include\ceval.h
\{computername}\Users\{username}\Desktop\word2k\DOC2KE04.doc.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_fileid.py
%System Root%\Python27\include\token.h
%System Root%\Python27\Lib\code.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\antigravity.py
%System Root%\Python27\Lib\bsddb\test\test_lock.py.NEMTY_PSHIMX9
%System Root%\Python27\include\rangeobject.h
%System Root%\Python27\Lib\audiodev.py.NEMTY_PSHIMX9
%System Root%\Python27\include\sliceobject.h
%System Root%\excel2k\XLS2KE05.xls
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_winax.msi.NEMTY_PSHIMX9
%System Root%\powerpoint2k\PPT2KE02.ppt
%System Root%\Python27\include\frameobject.h.NEMTY_PSHIMX9
%System Root%\Python27\include\symtable.h.NEMTY_PSHIMX9
%System Root%\Python27\include\patchlevel.h
%System Root%\Python27\Lib\bsddb\dbutils.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_compat.py
%System Root%\Python27\include\setobject.h
%System Root%\Python27\Lib\codecs.pyc
%System Root%\Python27\Lib\ast.py
%System Root%\Python27\include\sliceobject.h.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\pyc.ico
%System Root%\Python27\include\pystate.h
%System Root%\Python27\include\abstract.h
%System Root%\Python27\Lib\copy_reg.py
%System Root%\Python27\include\cellobject.h
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\ringtones.ico.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\excel2k\XLS2KE03.xls.NEMTY_PSHIMX9
%System Root%\Python27\include\traceback.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_lock.py
%System Root%\Python27\include\pystate.h.NEMTY_PSHIMX9
%System Root%\Python27\include\pyarena.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\transformer.py
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KExx.PPT.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\excel2k\XLS2KExx.xls.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\db.py
F:\data\photos\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\include\longobject.h.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Network\Downloader\qmgr1.dat.NEMTY_PSHIMX9
%System Root%\Python27\include\cobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\abc.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_misc.py.NEMTY_PSHIMX9
%System Root%\Python27\include\genobject.h
%System Root%\Python27\Lib\base64.pyc
%System Root%\Python27\include\funcobject.h
%System Root%\Python27\Lib\cmd.py.NEMTY_PSHIMX9
%System Root%\Python27\include\pythonrun.h.NEMTY_PSHIMX9
%System Root%\Python27\include\timefuncs.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\commands.py
%System Root%\Python27\Lib\compiler\pycodegen.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_frombuffer.py
%System Root%\Python27\Lib\ctypes\test\test_prototypes.py
%System Root%\Python27\Lib\ctypes\macholib\dyld.py
F:\data\photos\stunning.jpg.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\Email and Password List.htm.NEMTY_PSHIMX9
%System Root%\Python27\include\enumobject.h
%System Root%\Python27\Lib\bsddb\test\test_early_close.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\note.txt.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\Email and Password List.vbs.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_pickling.py
%System Root%\Python27\Lib\ctypes\test\test_repr.py
%System Root%\Python27\Lib\cProfile.py
\{computername}\Users\{username}\Documents\excel2k\XLS2KE01.xls.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\word2k\DOC2KE01.doc.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_distributed_transactions.py
%System Root%\Python27\Lib\compiler\misc.py
%System Root%\Python27\include\cStringIO.h
%System Root%\Python27\include\marshal.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_anon.py
%System Root%\Python27\Lib\cgitb.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_callbacks.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_get_none.py.NEMTY_PSHIMX9
%System Root%\Python27\include\bytes_methods.h
F:\data\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Email and Password List.htm.NEMTY_PSHIMX9
%System Root%\Python27\Lib\argparse.pyc.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_socket.pyd
%System Root%\excel2k\XLS2KE04.xls.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\excel2k\XLS2KE02.xls.NEMTY_PSHIMX9
%System Root%\Python27\Lib\copy_reg.py.NEMTY_PSHIMX9
%System Root%\Python27\include\weakrefobject.h.NEMTY_PSHIMX9
%System Root%\Python27\include\ast.h.NEMTY_PSHIMX9
%System Root%\Python27\include\fileobject.h.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_keeprefs.py.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp.NEMTY_PSHIMX9
%System Root%\Python27\include\longobject.h
%System Root%\Python27\include\methodobject.h
%System Root%\Python27\Lib\compileall.pyc
%System Root%\Python27\include\pyarena.h
%System Root%\Python27\Lib\bsddb\test\test_join.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\collections.pyc.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\sync.ico.NEMTY_PSHIMX9
%System Root%\Python27\include\cStringIO.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\dbshelve.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_cast.py
%System Root%\Python27\DLLs\_ctypes.pyd
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\pictures.ico.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE00.pot.NEMTY_PSHIMX9
%System Root%\Python27\Lib\calendar.pyc
%System Root%\excel2k\XLS2KE03.xls
%System Root%\Python27\include\parsetok.h.NEMTY_PSHIMX9
%System Root%\Python27\include\dtoa.h
%System Root%\Python27\Lib\bsddb\test\test_compat.py.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_elementtree.pyd
%System Root%\Python27\Lib\ctypes\test\test_simplesubclasses.py.NEMTY_PSHIMX9
%System Root%\Python27\include\pyconfig.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_associate.py.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_multiprocessing.pyd
%System Root%\Python27\Lib\bsddb\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\Lib\bsddb\test\test_all.py
%System Root%\Python27\Lib\ctypes\test\test_keeprefs.py
%System Root%\Python27\include\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\powerpoint2k\PPT2KE02.ppt.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_win.msi.NEMTY_PSHIMX9
%System Root%\Python27\include\descrobject.h
%System Root%\Python27\include\longintrepr.h
%System Root%\Python27\Lib\ctypes\test\test_refcounts.py
%System Root%\Python27\Lib\bsddb\test\test_all.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_delattr.py
%System Root%\Python27\Lib\ctypes\test\test_libc.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_basics.py.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\print_property.ico.NEMTY_PSHIMX9
%System Root%\Python27\Lib\calendar.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\word2k\DOC2KE00.dot.NEMTY_PSHIMX9
%System Root%\Python27\include\pyctype.h
%System Root%\Python27\Lib\ctypes\test\test_errno.py
%System Root%\excel2k\XLS2KE02.xls.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_checkretval.py.NEMTY_PSHIMX9
%System Root%\Python27\include\cellobject.h.NEMTY_PSHIMX9
%System Root%\Python27\include\dictobject.h
%System Root%\Python27\include\moduleobject.h
%System Root%\Python27\Lib\atexit.py
%System Root%\Python27\Lib\bsddb\dbrecio.py
\{computername}\Users\{username}\Desktop\Email and Password List.vbs.NEMTY_PSHIMX9
%System Root%\Python27\Lib\antigravity.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\copy_reg.pyc.NEMTY_PSHIMX9
%System Root%\powerpoint2k\PPT2KE05.ppt.NEMTY_PSHIMX9
%System Root%\Python27\include\osdefs.h
%System Root%\Python27\Lib\ctypes\test\test_parameters.py
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\__init__.py
%System Root%\Python27\include\intrcheck.h.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\OFFICE\Groove\Installed_resources.xss.NEMTY_PSHIMX9
%System Root%\Python27\include\eval.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\macholib\__init__.py
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE02.ppt.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_funcptr.py
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_db.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_pep3118.py.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_ssl.pyd
%System Root%\Python27\Lib\bsddb\test\test_dbtables.py.NEMTY_PSHIMX9
%System Root%\Python27\include\pyfpe.h
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE05.ppt.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_anon.py.NEMTY_PSHIMX9
%System Root%\Python27\include\pycapsule.h.NEMTY_PSHIMX9
%System Root%\Python27\include\setobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_sequence.py.NEMTY_PSHIMX9
%System Root%\powerpoint2k\PPT2KE01.ppt
%System Root%\Python27\include\listobject.h
%System Root%\Python27\include\modsupport.h.NEMTY_PSHIMX9
%System Root%\Python27\include\intobject.h
%System Root%\Python27\Lib\bsddb\test\test_fileid.py.NEMTY_PSHIMX9
%System Root%\Python27\include\pyctype.h.NEMTY_PSHIMX9
%System Root%\Email and Password List.vbs
%System Root%\Python27\include\descrobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\asyncore.py.NEMTY_PSHIMX9
%System Root%\Python27\include\sysmodule.h
%System Root%\Python27\Lib\Cookie.py.NEMTY_PSHIMX9
%System Root%\Python27\include\memoryobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_as_parameter.py.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_ctypes_test.pyd.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_ctypes.pyd.NEMTY_PSHIMX9
%System Root%\Email and Password List.txt
%System Root%\Python27\Lib\ctypes\test\test_incomplete.py
%System Root%\Python27\include\bytearrayobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_dbtables.py
\{computername}\Users\All Users\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat.NEMTY_PSHIMX9
%System Root%\Python27\include\Python-ast.h
%System Root%\Python27\DLLs\pyexpat.pyd
%System Root%\Python27\include\grammar.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\BaseHTTPServer.py
%System Root%\Python27\include\fileobject.h
%System Root%\Python27\Lib\compiler\consts.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\ast.py.NEMTY_PSHIMX9
%System Root%\Python27\include\errcode.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_cfuncs.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\codecs.pyc.NEMTY_PSHIMX9
%System Root%\Python27\include\moduleobject.h.NEMTY_PSHIMX9
%System Root%\powerpoint2k\PPT2KExx.PPT.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_replication.py
%System Root%\Python27\include\osdefs.h.NEMTY_PSHIMX9
%System Root%\Python27\include\py_curses.h
%Program Files%\NEMTY_PSHIMX9-DECRYPT.txt
\{computername}\Users\All Users\Microsoft\OFFICE\MySharePoints.ico.NEMTY_PSHIMX9
%System Root%\Python27\include\structmember.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\DLLs\_sqlite3.pyd.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\OFFICE\Groove\SketchPadTestSchema.xml.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_testcapi.pyd.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\word2k\DOC2KE03.doc.NEMTY_PSHIMX9
%System Root%\Python27\include\complexobject.h.NEMTY_PSHIMX9
%System Root%\Python27\include\pycapsule.h
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_mac.dmg.NEMTY_PSHIMX9
%System Root%\Python27\Lib\cgi.pyc
\{computername}\Users\{username}\Desktop\excel2k\XLS2KE03.xls.NEMTY_PSHIMX9
%System Root%\Python27\Lib\base64.pyc.NEMTY_PSHIMX9
%System Root%\Python27\include\pymacconfig.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\binhex.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\collections.pyc
%System Root%\Python27\DLLs\_tkinter.pyd
%System Root%\Python27\Lib\ctypes\test\test_internals.py
%System Root%\Python27\Doc\python2715.chm.NEMTY_PSHIMX9
%System Root%\Python27\include\bytesobject.h.NEMTY_PSHIMX9
%System Root%\Python27\include\methodobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\colorsys.py
%System Root%\Python27\Lib\ctypes\test\test_byteswap.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_memfunctions.py
%System Root%\Python27\include\structseq.h

(註：%System Root%フォルダは、オペレーティングシステム(OS)が存在する場所で、いずれのOSでも通常、 "C:" です。.. %Program Files%フォルダは、デフォルトのプログラムファイルフォルダです。C:\Program Files in Windows 2000(32-bit)、Server 2003(32-bit)、XP、Vista(64-bit)、7、8、8.1、2008(64-bit)、2012(64-bit)、10(64-bit)の場合、通常 "C:\Program Files"です。また、Windows XP(64-bit)、Vista(64-bit)、7(64-bit)、8(64-bit)、8.1(64-bit)、2008(64-bit)、2012(64-bit)、10(64-bit)の場合、通常 "C:\Program Files（x86）" です。)

その他

マルウェアは、以下の不正なWebサイトにアクセスします。

http://www.{BLOCKED}rnalip.com
http://{BLOCKED}0.hk

このウイルス情報は、自動解析システムにより作成されました。

対応方法

対応検索エンジン: 9.850

手順 1

Windows XP、Windows Vista 、Windows 7、および Windows 10 のユーザは、コンピュータからマルウェアもしくはアドウェア等を完全に削除するために、ウイルス検索の実行前には必ず「システムの復元」を無効にしてください。

手順 2

Windowsをセーフモードで再起動します。

[ 詳細 ]

セーフモードでの起動：

• Windows 2000 の場合：

コンピュータを起動させます。
「Windows **** を起動しています・・・」のメッセージが表示されている間に［F8］を押します。
「Windows 拡張オプションメニュー」が表示されるので、［↓］［↑］キーを使って［セーフモード］を選択し、［Enter］を押します。

• Windows XP の場合：

コンピュータを起動させます。
「Windows **** を起動しています・・・」のメッセージが表示されている間に［F8］を押します。
「Windows 拡張オプションメニュー」が表示されるので、［↓］［↑］キーを使って［セーフモード］を選択し、［Enter］を押します。

• Windows Server 2003 の場合：

コンピュータを起動させます。
「Windows **** を起動しています・・・」のメッセージが表示されている間に［F8］を押します。
「Windows 拡張オプションメニュー」が表示されるので、［↓］［↑］キーを使って［セーフモード］を選択し、［Enter］を押します。

• Windows Vista、Windows 7 および Windows Server 2008 の場合：

コンピュータを起動させます。
「Windows **** を起動しています・・・」のメッセージが表示されている間に［F8］を押します。
「詳細ブートオプション」が表示されるので、［↓］［↑］キーを使って［セーフモード］を選択し、［Enter］を押します。

• Windows 8、8.1 および Server 2012の場合：

画面の右上隅へマウスポインタを移動し、[チャーム]バーを表示します。
マウスで、[設定]－[PC設定の変更]を選択します。
左側のパネルで、[全般]を選択します。
右側のパネルで、[PCの起動をカスタマイズする]が表示されるまで下にスクロールし、[今すぐ再起動]をクリック。コンピュータが再起動するまで待ちます。
[オプションの選択]メニューで、[トラブルシューティング]－[詳細オプション]－[スタートアップ設定]－[再起動]をクリックします。
[スタートアップ設定]メニューで、[4]キーを押し、「4）セーフモードを有効にする」を選択します。

手順 3

「Trojan.AutoIt.SONBOKLI.USXVPAE20」で検出したファイル名を確認し、そのファイルを終了します。

[ 詳細 ]

すべての実行中プロセスが、Windows のタスクマネージャに表示されない場合があります。この場合、"Process Explorer" などのツールを使用しマルウェアのファイルを終了してください。"Process Explorer" については、こちらをご参照下さい。
検出ファイルが、Windows のタスクマネージャまたは "Process Explorer" に表示されるものの、削除できない場合があります。この場合、コンピュータをセーフモードで再起動してください。
セーフモードについては、こちらをご参照下さい。
検出ファイルがタスクマネージャ上で表示されない場合、次の手順にお進みください。

手順 4

このレジストリ値を削除します。

[ 詳細 ]

警告：レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。

In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- daite drobovik = "{malware file path and name}"

In HKEY_CURRENT_USER\Software\NEMTY
- fid = "NEMTY_PSHIMX9"

In HKEY_CURRENT_USER\Software\NEMTY
- pbkey = "{random characters}"

In HKEY_CURRENT_USER\Software\NEMTY
- cfg = "{random characters}"

手順 5

以下のファイルを検索し削除します。

[ 詳細 ]

コンポーネントファイルが隠しファイル属性の場合があります。[詳細設定オプション]をクリックし、[隠しファイルとフォルダの検索]のチェックボックスをオンにし、検索結果に隠しファイルとフォルダが含まれるようにしてください。

\{computername}\Users\{username}\Documents\excel2k\XLS2KE04.xls.NEMTY_PSHIMX9
\{computername}\Users\{username}\ntuser.dat.LOG2.NEMTY_PSHIMX9
%System Root%\Email and Password List.js.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_checkretval.py
%System Root%\Python27\include\errcode.h
%System Root%\Python27\Lib\csv.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\commands.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\excel2k\XLS2KE05.xls.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\dbtables.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\transformer.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\Doc\python2715.chm
\{computername}\Users\{username}\Documents\word2k\DOC2KE03.doc.NEMTY_PSHIMX9
%System Root%\Python27\include\dtoa.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\atexit.pyc
%System Root%\powerpoint2k\PPT2KExx.PPT
%System Root%\powerpoint2k\PPT2KE04.ppt
%System Root%\Python27\Lib\abc.pyc
%System Root%\Python27\Lib\csv.py
%System Root%\Python27\Lib\bsddb\test\test_get_none.py
%System Root%\Python27\Lib\ctypes\test\test_functions.py.NEMTY_PSHIMX9
\{computername}\Users\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRead.msi.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ConfigParser.py
\{computername}\Users\All Users\Microsoft\IlsCache\ilrcache.xml.NEMTY_PSHIMX9
%System Root%\Python27\Lib\cgi.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_find.py
%System Root%\Python27\include\compile.h
%System Root%\Python27\Lib\ctypes\test\test_byteswap.py
%System Root%\Python27\Lib\compiler\consts.py
%System Root%\Python27\Lib\bisect.pyc.NEMTY_PSHIMX9
%System Root%\powerpoint2k\PPT2KE00.pot.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\excel2k\XLS2KE04.xls.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_objects.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_parameters.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_returnfuncptrs.py
%System Root%\Python27\Lib\codecs.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_callbacks.py
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_200_macpep.dmg.NEMTY_PSHIMX9
%System Root%\Python27\Doc\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\include\longintrepr.h.NEMTY_PSHIMX9
%System Root%\Python27\include\modsupport.h
%System Root%\Python27\Lib\bsddb\test\test_dbshelve.py.NEMTY_PSHIMX9
%System Root%\Python27\include\codecs.h
%System Root%\Python27\include\unicodeobject.h
%System Root%\Python27\include\sysmodule.h.NEMTY_PSHIMX9
%System Root%\PerfLogs\Admin\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\Lib\chunk.py.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\wmp.ico.NEMTY_PSHIMX9
\{computername}\Users\All Users\McAfee\WinCore\persist.mtk.NEMTY_PSHIMX9
%System Root%\Python27\include\pythread.h.NEMTY_PSHIMX9
%System Root%\excel2k\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\DLLs\unicodedata.pyd.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_init.py.NEMTY_PSHIMX9
%System Root%\excel2k\XLS2KE00.xlt
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE01.ppt.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_repr.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\dbtables.py
%System Root%\Python27\DLLs\select.pyd.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\folder.ico.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_pickle.py
%System Root%\Python27\Lib\bsddb\test\test_recno.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ConfigParser.pyc.NEMTY_PSHIMX9
\{computername}\Users\{username}\NTUSER.DAT{{GUID}}.TMContainer00000000000000000002.regtrans-ms.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_replication.py.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\MF\Pending.GRL.NEMTY_PSHIMX9
%System Root%\Python27\Lib\cmd.py
%System Root%\Python27\DLLs\_sqlite3.pyd
\{computername}\Users\All Users\Microsoft\OFFICE\Groove\Installed_schemas.xss.NEMTY_PSHIMX9
%System Root%\Python27\include\asdl.h
%System Root%\Python27\Lib\Cookie.pyc.NEMTY_PSHIMX9
%System Root%\Python27\include\pystrtod.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\macholib\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\include\complexobject.h
%System Root%\Python27\Lib\ctypes\test\test_errno.py.NEMTY_PSHIMX9
%System Root%\Python27\include\stringobject.h.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\en-US\resource.xml.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_simplesubclasses.py
%System Root%\Python27\include\abstract.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\base64.py
\{computername}\Users\All Users\Microsoft\OFFICE\MySite.ico.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\RAC\StateData\RacMetaData.dat.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\word2k\DOC2KE05.doc.NEMTY_PSHIMX9
%System Root%\Python27\include\cobject.h
\{computername}\Users\{username}\NTUSER.DAT{{GUID}}.TMContainer00000000000000000001.regtrans-ms.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\__init__.py.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\select.pyd
%System Root%\Python27\Lib\ctypes\test\test_macholib.py
%System Root%\Python27\Lib\ctypes\test\test_buffers.py
%System Root%\Python27\Lib\ctypes\test\test_as_parameter.py
%System Root%\Python27\Lib\colorsys.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\dbshelve.py
%System Root%\Python27\Lib\ctypes\test\test_pep3118.py
A:\NEMTY_PSHIMX9-DECRYPT.txt
\{computername}\Users\{username}\usb_drive.img.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_arrays.py
%System Root%\Python27\Lib\compiler\pyassem.py
%System Root%\Python27\include\compile.h.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_testcapi.pyd
%System Root%\Python27\include\pyconfig.h
%System Root%\Python27\Lib\ctypes\macholib\framework.py
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_multiprocessing.pyd.NEMTY_PSHIMX9
%System Root%\Python27\include\pyexpat.h
%System Root%\Python27\Lib\binhex.py
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\scan_.ico.NEMTY_PSHIMX9
%System Root%\Python27\Lib\anydbm.py.NEMTY_PSHIMX9
%System Root%\Python27\include\asdl.h.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_ctypes_test.pyd
%System Root%\Python27\Lib\compiler\symbols.py
%System Root%\Python27\Lib\ctypes\test\test_numbers.py.NEMTY_PSHIMX9
%System Root%\Python27\include\token.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\collections.py
%System Root%\Python27\include\memoryobject.h
%System Root%\Python27\Lib\bsddb\test\test_queue.py
%System Root%\Python27\Lib\bsddb\test\test_basics.py
%System Root%\Python27\Lib\Cookie.pyc
\{computername}\Users\All Users\Microsoft\Network\Downloader\qmgr0.dat.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_array_in_pointer.py.NEMTY_PSHIMX9
%System Root%\Python27\include\classobject.h
%System Root%\Python27\include\intrcheck.h
%System Root%\Python27\Lib\copy_reg.pyc
%System Root%\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\Lib\bisect.py
%System Root%\Python27\Lib\ctypes\test\test_loading.py
F:\data\photos\stunning.jpg
%System Root%\Python27\include\bufferobject.h
%System Root%\Python27\include\floatobject.h
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\tasks.xml.NEMTY_PSHIMX9
%System Root%\Python27\include\funcobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_objects.py
%System Root%\Python27\Lib\ctypes\test\test_buffers.py.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\OFFICE\DATA\opa12.dat.NEMTY_PSHIMX9
%System Root%\Python27\Lib\base64.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\abc.pyc.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\pyc.ico.NEMTY_PSHIMX9
%System Root%\excel2k\XLS2KE00.xlt.NEMTY_PSHIMX9
%System Root%\Python27\include\bitset.h
%System Root%\Python27\DLLs\_tkinter.pyd.NEMTY_PSHIMX9
%System Root%\Python27\include\boolobject.h
%System Root%\Python27\Lib\bsddb\test\test_thread.py
%System Root%\Python27\DLLs\pyexpat.pyd.NEMTY_PSHIMX9
%System Root%\Python27\include\pyerrors.h
%System Root%\Python27\include\node.h.NEMTY_PSHIMX9
%System Root%\Python27\include\pgen.h.NEMTY_PSHIMX9
%System Root%\Python27\include\marshal.h
%System Root%\Python27\include\object.h
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_mac_pkg.dmg.NEMTY_PSHIMX9
%System Root%\Python27\include\pydebug.h
\{computername}\Users\All Users\Microsoft\OFFICE\SharePointPortalSite.ico.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\RAC\StateData\RacWmiEventData.dat.NEMTY_PSHIMX9
%System Root%\Python27\include\bufferobject.h.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\OFFICE\DocumentRepository.ico.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE01.ppt.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\excel2k\XLS2KE00.xlt.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_socket.pyd.NEMTY_PSHIMX9
%System Root%\Python27\include\pymacconfig.h
%System Root%\powerpoint2k\PPT2KE01.ppt.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\MF\Active.GRL.NEMTY_PSHIMX9
%System Root%\Python27\include\import.h
%System Root%\Python27\Lib\ctypes\macholib\dylib.py
%System Root%\Python27\include\pygetopt.h
%System Root%\Python27\Lib\bsddb\test\test_early_close.py
%System Root%\Python27\include\metagrammar.h
%System Root%\Python27\include\grammar.h
%System Root%\Python27\include\frameobject.h
%System Root%\Python27\Lib\ctypes\test\test_python_api.py
%System Root%\Python27\Lib\bsddb\test\test_distributed_transactions.py.NEMTY_PSHIMX9
%System Root%\Python27\include\bytearrayobject.h
\{computername}\Users\All Users\Microsoft\OFFICE\SharePointTeamSite.ico.NEMTY_PSHIMX9
F:\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\Lib\compiler\syntax.py
%System Root%\Python27\include\node.h
F:\data\dolist.txt
%System Root%\Python27\Lib\atexit.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compileall.py.NEMTY_PSHIMX9
%System Root%\Python27\include\bytesobject.h
%System Root%\Python27\Lib\bsddb\test\test_join.py
%System Root%\Python27\Lib\CGIHTTPServer.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\db.py.NEMTY_PSHIMX9
%System Root%\Python27\include\pgenheaders.h.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\netfol.ico.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_bitfields.py
%System Root%\Python27\DLLs\py.ico.NEMTY_PSHIMX9
%System Root%\Python27\include\pystrcmp.h
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE04.ppt.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\excel2k\XLS2KE00.xlt.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\AAljoOV.jpg.NEMTY_PSHIMX9
%System Root%\Python27\include\dictobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_internals.py.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\winsound.pyd.NEMTY_PSHIMX9
%System Root%\Python27\include\parsetok.h
\{computername}\Users\{username}\Documents\word2k\DOC2KE04.doc.NEMTY_PSHIMX9
%System Root%\Python27\include\Python.h
%System Root%\Python27\include\iterobject.h
%System Root%\Python27\Lib\ctypes\test\runtests.py.NEMTY_PSHIMX9
F:\data\tmp.doc
%System Root%\Python27\Lib\contextlib.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\codeop.py.NEMTY_PSHIMX9
%System Root%\excel2k\XLS2KExx.xls
\{computername}\Users\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRdrDCUpd1901020099.msp.NEMTY_PSHIMX9
%System Root%\Python27\Lib\atexit.pyc.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_hashlib.pyd.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_associate.py
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\print_queue.ico.NEMTY_PSHIMX9
%System Root%\powerpoint2k\PPT2KE04.ppt.NEMTY_PSHIMX9
%System Root%\Python27\Lib\argparse.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\future.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\copy.pyc.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203_debug\flashplayer18_0r0_203_mac_sa_debug.dmg.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_sequence.py
%System Root%\Python27\include\eval.h
%System Root%\Python27\Lib\ctypes\test\test_find.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\Email and Password List.js.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\Email and Password List.htm.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_thread.py.NEMTY_PSHIMX9
%System Root%\Python27\include\pythonrun.h
%System Root%\Python27\include\traceback.h
%System Root%\Python27\include\pymactoolbox.h
%System Root%\Python27\Lib\chunk.py
%System Root%\Documents and Settings\NEMTY_PSHIMX9-DECRYPT.txt
\{computername}\Users\All Users\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf.NEMTY_PSHIMX9
%System Root%\Python27\include\warnings.h.NEMTY_PSHIMX9
%System Root%\Python27\include\enumobject.h.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\excel2k\XLS2KExx.xls.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\pyassem.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_functions.py
%System Root%\Email and Password List.vbs.NEMTY_PSHIMX9
%System Root%/pagefile.sys.NEMTY_PSHIMX9
%System Root%\Python27\include\bitset.h.NEMTY_PSHIMX9
%System Root%\Python27\include\pymem.h
%System Root%\Python27\Lib\bsddb\test\test_cursor_pget_bug.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_pickle.py.NEMTY_PSHIMX9
%System Root%\Email and Password List.htm
%System Root%\Python27\DLLs\_msi.pyd.NEMTY_PSHIMX9
%System Root%\Python27\include\pygetopt.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_recno.py
%System Root%\Python27\Lib\ctypes\test\test_prototypes.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203_debug\flashplayer18_0r0_200_macpep_debug.dmg.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\pycodegen.py
%System Root%\Python27\Lib\ctypes\test\test_python_api.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_pointers.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\word2k\DOC2KExx.doc.NEMTY_PSHIMX9
\{computername}\Users\{username}\Searches\Everywhere.search-ms.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_random_things.py
F:\data\photos\long_exposure.jpg.NEMTY_PSHIMX9
%System Root%\Python27\include\pyfpe.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\Lib\cgi.pyc.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_bsddb.pyd.NEMTY_PSHIMX9
%System Root%\Python27\include\code.h
%System Root%\Python27\Lib\ctypes\test\test_pointers.py
%System Root%\excel2k\XLS2KE01.xls
%System Root%\Python27\include\import.h.NEMTY_PSHIMX9
%System Root%\Python27\include\structmember.h
%System Root%\excel2k\XLS2KE03.xls.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_dbshelve.py
%System Root%\Python27\Lib\ctypes\test\test_pickling.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Searches\Indexed Locations.search-ms.NEMTY_PSHIMX9
%System Root%\Python27\Lib\calendar.pyc.NEMTY_PSHIMX9
%System Root%\Python27\Lib\aifc.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\NTUSER.DAT{{GUID}}.TM.blf.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\User Account Pictures\{username}.dat.NEMTY_PSHIMX9
%System Root%\Python27\include\tupleobject.h
%System Root%\Python27\Lib\ConfigParser.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bdb.py
%System Root%\Python27\Lib\bisect.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_incomplete.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_db.py
\{computername}\Users\{username}\Desktop\word2k\DOC2KE05.doc.NEMTY_PSHIMX9
%System Root%\Python27\include\structseq.h.NEMTY_PSHIMX9
%System Root%\Python27\include\pgenheaders.h
%System Root%\Python27\Lib\argparse.pyc
%System Root%\Python27\Lib\compiler\symbols.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\BaseHTTPServer.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KExx.PPT.NEMTY_PSHIMX9
%System Root%\Python27\include\pyport.h.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\word2k\DOC2KE02.doc.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_dbobj.py.NEMTY_PSHIMX9
%System Root%\Python27\include\Python-ast.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_frombuffer.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\visitor.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\dbrecio.py.NEMTY_PSHIMX9
F:\data\tmp.doc.NEMTY_PSHIMX9
%System Root%\Python27\include\pystrtod.h
%System Root%\Python27\include\metagrammar.h.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\winsound.pyd
\{computername}\Users\{username}\Desktop\Email and Password List.txt.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\RAC\StateData\RacDatabase.sdf.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_dbenv.py.NEMTY_PSHIMX9
%System Root%\PerfLogs\NEMTY_PSHIMX9-DECRYPT.txt
\{computername}\Users\{username}\Desktop\word2k\DOC2KExx.doc.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\py.ico
%System Root%\Python27\Lib\asynchat.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE05.ppt.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE00.pot.NEMTY_PSHIMX9
%System Root%\Python27\Lib\argparse.py
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\scan_property.ico.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_random_things.py.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\print_pref.ico.NEMTY_PSHIMX9
%System Root%\Python27\Lib\Bastion.py
%System Root%\powerpoint2k\PPT2KE05.ppt
%System Root%\Python27\include\intobject.h.NEMTY_PSHIMX9
%System Root%\Python27\include\weakrefobject.h
%System Root%\Python27\Lib\bsddb\test\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\include\codecs.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_compare.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\ast.py
%System Root%\Python27\Lib\abc.py
%System Root%\Python27\Lib\ctypes\test\test_numbers.py
%System Root%\Python27\Lib\Bastion.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\include\bytes_methods.h.NEMTY_PSHIMX9
%System Root%\Python27\include\py_curses.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\misc.py.NEMTY_PSHIMX9
%System Root%\excel2k\XLS2KE01.xls.NEMTY_PSHIMX9
%System Root%\Python27\include\graminit.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\future.py
%System Root%\Python27\Lib\BaseHTTPServer.pyc.NEMTY_PSHIMX9
%System Root%\excel2k\XLS2KE05.xls.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\excel2k\XLS2KE01.xls.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bisect.pyc
%System Root%\Python27\Lib\ctypes\test\test_bitfields.py.NEMTY_PSHIMX9
%System Root%\Python27\include\ceval.h.NEMTY_PSHIMX9
%System Root%\Python27\include\pystrcmp.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_dbenv.py
F:\data\photos\long_exposure.jpg
F:\data\dolist.txt.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W.NEMTY_PSHIMX9
%System Root%\Python27\include\patchlevel.h.NEMTY_PSHIMX9
%System Root%\Python27\include\rangeobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bdb.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\cookielib.pyc.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\macholib\dylib.py.NEMTY_PSHIMX9
%System Root%\Python27\include\pgen.h
%System Root%\excel2k\XLS2KE04.xls
%System Root%\Python27\Lib\compiler\syntax.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\cookielib.pyc
%System Root%\Python27\include\objimpl.h.NEMTY_PSHIMX9
\{computername}\Users\{username}\Contacts\{username}.contact.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE03.ppt.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_refcounts.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\uninstall_flashplayer18_0r0_203_mac.dmg.NEMTY_PSHIMX9
%System Root%\Python27\Lib\contextlib.py
%System Root%\Python27\DLLs\_bsddb.pyd
F:\wlines.zip
%System Root%\Python27\Lib\copy.pyc
%System Root%\powerpoint2k\PPT2KE00.pot
%System Root%\Python27\include\pymath.h
%System Root%\Python27\Lib\csv.pyc.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_funcptr.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\Transmag.doc.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\word2k\DOC2KE00.dot.NEMTY_PSHIMX9
%System Root%\Python27\include\pyexpat.h.NEMTY_PSHIMX9
%System Root%\excel2k\XLS2KExx.xls.NEMTY_PSHIMX9
%System Root%\Python27\include\opcode.h.NEMTY_PSHIMX9
F:\wlines.zip.NEMTY_PSHIMX9
%System Root%\Python27\include\graminit.h
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\settings.ico.NEMTY_PSHIMX9
%System Root%\Python27\include\opcode.h
%System Root%\Python27\include\boolobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_arrays.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\contextlib.pyc.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\bz2.pyd
%System Root%\Python27\Lib\copy.py
%System Root%\Python27\Lib\ConfigParser.pyc
%System Root%\powerpoint2k\PPT2KE03.ppt
%System Root%\Python27\Lib\bsddb\test\test_cursor_pget_bug.py
%System Root%\Python27\Lib\asynchat.py
%System Root%\Python27\Lib\codecs.py
%System Root%\Python27\include\tupleobject.h.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\Email and Password List.txt.NEMTY_PSHIMX9
%System Root%\Python27\Lib\cookielib.py.NEMTY_PSHIMX9
%System Root%\Python27\include\objimpl.h
\{computername}\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\word2k\DOC2KE01.doc.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\Lib\collections.py.NEMTY_PSHIMX9
%System Root%\Python27\include\datetime.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\anydbm.py
%System Root%\Python27\Lib\bsddb\test\__init__.py
%System Root%\Python27\include\pydebug.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_memfunctions.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\visitor.py
%System Root%\Python27\Lib\ctypes\test\test_libc.py
%System Root%\Python27\Lib\ctypes\macholib\__init__.py.NEMTY_PSHIMX9
%System Root%\Python27\include\warnings.h
%System Root%\Python27\Lib\audiodev.py
%System Root%\Python27\Lib\cookielib.py
%System Root%\Python27\include\pyerrors.h.NEMTY_PSHIMX9
%System Root%\Python27\include\ucnhash.h.NEMTY_PSHIMX9
%System Root%\Python27\include\timefuncs.h
%System Root%\Python27\include\datetime.h
%System Root%\Python27\Lib\bsddb\dbobj.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_dbobj.py
%System Root%\Python27\Lib\Cookie.py
%System Root%\Python27\Lib\cProfile.py.NEMTY_PSHIMX9
%System Root%\powerpoint2k\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\include\iterobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_array_in_pointer.py
%System Root%\Python27\include\pyport.h
%System Root%\Python27\Lib\ctypes\macholib\dyld.py.NEMTY_PSHIMX9
%System Root%\Python27\include\object.h.NEMTY_PSHIMX9
%System Root%\Python27\include\pymem.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\asyncore.py
%System Root%\Python27\DLLs\_msi.pyd
%System Root%\powerpoint2k\PPT2KE03.ppt.NEMTY_PSHIMX9
%System Root%\Python27\include\Python.h.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE02.ppt.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_returnfuncptrs.py.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\unicodedata.pyd
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\resource.xml.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\__init__.py.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE04.ppt.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\excel2k\XLS2KE05.xls.NEMTY_PSHIMX9
%System Root%\Python27\include\stringobject.h
%System Root%\Python27\Lib\ctypes\test\test_loading.py.NEMTY_PSHIMX9
%System Root%\Program Files\NEMTY_PSHIMX9-DECRYPT.txt
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W.NEMTY_PSHIMX9
%System Root%\Python27\include\ast.h
%System Root%\Python27\Lib\csv.pyc
%System Root%\Python27\Lib\aifc.py
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203_debug\flashplayer18_0r0_203_mac_debug.dmg.NEMTY_PSHIMX9
\{computername}\Users\{username}\ntuser.dat.LOG1.NEMTY_PSHIMX9
%System Root%\Python27\include\genobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\cgitb.py
%System Root%\Python27\Lib\CGIHTTPServer.py
%System Root%\Python27\Lib\compileall.py
%System Root%\Python27\Lib\ctypes\test\runtests.py
%System Root%\Python27\DLLs\bz2.pyd.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\macholib\framework.py.NEMTY_PSHIMX9
%System Root%\Python27\include\pymath.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_delattr.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\__init__.py
%System Root%\Python27\Lib\cgi.py
%System Root%\excel2k\XLS2KE02.xls
%System Root%\Python27\Lib\ctypes\test\test_macholib.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\BaseHTTPServer.pyc
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE03.ppt.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\word2k\DOC2KE02.doc.NEMTY_PSHIMX9
%System Root%\Python27\Lib\codeop.py
%System Root%\Python27\Lib\bsddb\test\test_misc.py
%System Root%\Python27\Lib\contextlib.pyc
%System Root%\Python27\Lib\ctypes\test\test_init.py
\{computername}\Users\{username}\Documents\agent.pyw.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\__init__.py.NEMTY_PSHIMX9
%System Root%\Python27\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\Lib\bsddb\test\test_queue.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive.zip.NEMTY_PSHIMX9
%System Root%\Python27\Lib\copy.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\Email and Password List.js.NEMTY_PSHIMX9
%System Root%\Python27\Lib\calendar.py
%System Root%\Python27\include\unicodeobject.h.NEMTY_PSHIMX9
%System Root%\Python27\include\pymactoolbox.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compileall.pyc.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\OFFICE\DATA\OPA12.BAK.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\IlsCache\imcrcache.xml.NEMTY_PSHIMX9
%System Root%\Email and Password List.js
%System Root%\Python27\include\symtable.h
%System Root%\Python27\Lib\bsddb\test\test_compare.py
%System Root%\Python27\Lib\code.py
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\scan_settings.ico.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_elementtree.pyd.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_cast.py.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\dbobj.py
%System Root%\Python27\include\listobject.h.NEMTY_PSHIMX9
%System Root%\Python27\include\floatobject.h.NEMTY_PSHIMX9
%System Root%\Python27\include\pythread.h
%System Root%\Python27\Lib\ast.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\excel2k\XLS2KE02.xls.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_hashlib.pyd
%System Root%\Python27\Lib\ctypes\test\test_cfuncs.py
%System Root%\Python27\Lib\ctypes\test\test_sizes.py.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_ssl.pyd.NEMTY_PSHIMX9
%System Root%\Python27\include\classobject.h.NEMTY_PSHIMX9
%System Root%\Email and Password List.txt.NEMTY_PSHIMX9
%System Root%\Python27\include\code.h.NEMTY_PSHIMX9
%System Root%\Python27\include\ucnhash.h
%System Root%\Python27\Lib\ctypes\test\test_sizes.py
%System Root%\Python27\Lib\bsddb\dbutils.py
%System Root%\Python27\include\ceval.h
\{computername}\Users\{username}\Desktop\word2k\DOC2KE04.doc.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_fileid.py
%System Root%\Python27\include\token.h
%System Root%\Python27\Lib\code.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\antigravity.py
%System Root%\Python27\Lib\bsddb\test\test_lock.py.NEMTY_PSHIMX9
%System Root%\Python27\include\rangeobject.h
%System Root%\Python27\Lib\audiodev.py.NEMTY_PSHIMX9
%System Root%\Python27\include\sliceobject.h
%System Root%\excel2k\XLS2KE05.xls
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_winax.msi.NEMTY_PSHIMX9
%System Root%\powerpoint2k\PPT2KE02.ppt
%System Root%\Python27\include\frameobject.h.NEMTY_PSHIMX9
%System Root%\Python27\include\symtable.h.NEMTY_PSHIMX9
%System Root%\Python27\include\patchlevel.h
%System Root%\Python27\Lib\bsddb\dbutils.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_compat.py
%System Root%\Python27\include\setobject.h
%System Root%\Python27\Lib\codecs.pyc
%System Root%\Python27\Lib\ast.py
%System Root%\Python27\include\sliceobject.h.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\pyc.ico
%System Root%\Python27\include\pystate.h
%System Root%\Python27\include\abstract.h
%System Root%\Python27\Lib\copy_reg.py
%System Root%\Python27\include\cellobject.h
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\ringtones.ico.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\excel2k\XLS2KE03.xls.NEMTY_PSHIMX9
%System Root%\Python27\include\traceback.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_lock.py
%System Root%\Python27\include\pystate.h.NEMTY_PSHIMX9
%System Root%\Python27\include\pyarena.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\transformer.py
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KExx.PPT.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\excel2k\XLS2KExx.xls.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\db.py
F:\data\photos\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\include\longobject.h.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Network\Downloader\qmgr1.dat.NEMTY_PSHIMX9
%System Root%\Python27\include\cobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\abc.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_misc.py.NEMTY_PSHIMX9
%System Root%\Python27\include\genobject.h
%System Root%\Python27\Lib\base64.pyc
%System Root%\Python27\include\funcobject.h
%System Root%\Python27\Lib\cmd.py.NEMTY_PSHIMX9
%System Root%\Python27\include\pythonrun.h.NEMTY_PSHIMX9
%System Root%\Python27\include\timefuncs.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\commands.py
%System Root%\Python27\Lib\compiler\pycodegen.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_frombuffer.py
%System Root%\Python27\Lib\ctypes\test\test_prototypes.py
%System Root%\Python27\Lib\ctypes\macholib\dyld.py
F:\data\photos\stunning.jpg.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\Email and Password List.htm.NEMTY_PSHIMX9
%System Root%\Python27\include\enumobject.h
%System Root%\Python27\Lib\bsddb\test\test_early_close.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\note.txt.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\Email and Password List.vbs.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_pickling.py
%System Root%\Python27\Lib\ctypes\test\test_repr.py
%System Root%\Python27\Lib\cProfile.py
\{computername}\Users\{username}\Documents\excel2k\XLS2KE01.xls.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\word2k\DOC2KE01.doc.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_distributed_transactions.py
%System Root%\Python27\Lib\compiler\misc.py
%System Root%\Python27\include\cStringIO.h
%System Root%\Python27\include\marshal.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_anon.py
%System Root%\Python27\Lib\cgitb.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_callbacks.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_get_none.py.NEMTY_PSHIMX9
%System Root%\Python27\include\bytes_methods.h
F:\data\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Email and Password List.htm.NEMTY_PSHIMX9
%System Root%\Python27\Lib\argparse.pyc.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_socket.pyd
%System Root%\excel2k\XLS2KE04.xls.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\excel2k\XLS2KE02.xls.NEMTY_PSHIMX9
%System Root%\Python27\Lib\copy_reg.py.NEMTY_PSHIMX9
%System Root%\Python27\include\weakrefobject.h.NEMTY_PSHIMX9
%System Root%\Python27\include\ast.h.NEMTY_PSHIMX9
%System Root%\Python27\include\fileobject.h.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_keeprefs.py.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp.NEMTY_PSHIMX9
%System Root%\Python27\include\longobject.h
%System Root%\Python27\include\methodobject.h
%System Root%\Python27\Lib\compileall.pyc
%System Root%\Python27\include\pyarena.h
%System Root%\Python27\Lib\bsddb\test\test_join.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\collections.pyc.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\sync.ico.NEMTY_PSHIMX9
%System Root%\Python27\include\cStringIO.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\dbshelve.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_cast.py
%System Root%\Python27\DLLs\_ctypes.pyd
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\pictures.ico.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE00.pot.NEMTY_PSHIMX9
%System Root%\Python27\Lib\calendar.pyc
%System Root%\excel2k\XLS2KE03.xls
%System Root%\Python27\include\parsetok.h.NEMTY_PSHIMX9
%System Root%\Python27\include\dtoa.h
%System Root%\Python27\Lib\bsddb\test\test_compat.py.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_elementtree.pyd
%System Root%\Python27\Lib\ctypes\test\test_simplesubclasses.py.NEMTY_PSHIMX9
%System Root%\Python27\include\pyconfig.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_associate.py.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_multiprocessing.pyd
%System Root%\Python27\Lib\bsddb\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\Lib\bsddb\test\test_all.py
%System Root%\Python27\Lib\ctypes\test\test_keeprefs.py
%System Root%\Python27\include\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\powerpoint2k\PPT2KE02.ppt.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_win.msi.NEMTY_PSHIMX9
%System Root%\Python27\include\descrobject.h
%System Root%\Python27\include\longintrepr.h
%System Root%\Python27\Lib\ctypes\test\test_refcounts.py
%System Root%\Python27\Lib\bsddb\test\test_all.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_delattr.py
%System Root%\Python27\Lib\ctypes\test\test_libc.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_basics.py.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\print_property.ico.NEMTY_PSHIMX9
%System Root%\Python27\Lib\calendar.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\word2k\DOC2KE00.dot.NEMTY_PSHIMX9
%System Root%\Python27\include\pyctype.h
%System Root%\Python27\Lib\ctypes\test\test_errno.py
%System Root%\excel2k\XLS2KE02.xls.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_checkretval.py.NEMTY_PSHIMX9
%System Root%\Python27\include\cellobject.h.NEMTY_PSHIMX9
%System Root%\Python27\include\dictobject.h
%System Root%\Python27\include\moduleobject.h
%System Root%\Python27\Lib\atexit.py
%System Root%\Python27\Lib\bsddb\dbrecio.py
\{computername}\Users\{username}\Desktop\Email and Password List.vbs.NEMTY_PSHIMX9
%System Root%\Python27\Lib\antigravity.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\copy_reg.pyc.NEMTY_PSHIMX9
%System Root%\powerpoint2k\PPT2KE05.ppt.NEMTY_PSHIMX9
%System Root%\Python27\include\osdefs.h
%System Root%\Python27\Lib\ctypes\test\test_parameters.py
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\__init__.py
%System Root%\Python27\include\intrcheck.h.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\OFFICE\Groove\Installed_resources.xss.NEMTY_PSHIMX9
%System Root%\Python27\include\eval.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\macholib\__init__.py
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE02.ppt.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_funcptr.py
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_db.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_pep3118.py.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_ssl.pyd
%System Root%\Python27\Lib\bsddb\test\test_dbtables.py.NEMTY_PSHIMX9
%System Root%\Python27\include\pyfpe.h
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE05.ppt.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_anon.py.NEMTY_PSHIMX9
%System Root%\Python27\include\pycapsule.h.NEMTY_PSHIMX9
%System Root%\Python27\include\setobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_sequence.py.NEMTY_PSHIMX9
%System Root%\powerpoint2k\PPT2KE01.ppt
%System Root%\Python27\include\listobject.h
%System Root%\Python27\include\modsupport.h.NEMTY_PSHIMX9
%System Root%\Python27\include\intobject.h
%System Root%\Python27\Lib\bsddb\test\test_fileid.py.NEMTY_PSHIMX9
%System Root%\Python27\include\pyctype.h.NEMTY_PSHIMX9
%System Root%\Email and Password List.vbs
%System Root%\Python27\include\descrobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\asyncore.py.NEMTY_PSHIMX9
%System Root%\Python27\include\sysmodule.h
%System Root%\Python27\Lib\Cookie.py.NEMTY_PSHIMX9
%System Root%\Python27\include\memoryobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_as_parameter.py.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_ctypes_test.pyd.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_ctypes.pyd.NEMTY_PSHIMX9
%System Root%\Email and Password List.txt
%System Root%\Python27\Lib\ctypes\test\test_incomplete.py
%System Root%\Python27\include\bytearrayobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_dbtables.py
\{computername}\Users\All Users\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat.NEMTY_PSHIMX9
%System Root%\Python27\include\Python-ast.h
%System Root%\Python27\DLLs\pyexpat.pyd
%System Root%\Python27\include\grammar.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\BaseHTTPServer.py
%System Root%\Python27\include\fileobject.h
%System Root%\Python27\Lib\compiler\consts.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\ast.py.NEMTY_PSHIMX9
%System Root%\Python27\include\errcode.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_cfuncs.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\codecs.pyc.NEMTY_PSHIMX9
%System Root%\Python27\include\moduleobject.h.NEMTY_PSHIMX9
%System Root%\powerpoint2k\PPT2KExx.PPT.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_replication.py
%System Root%\Python27\include\osdefs.h.NEMTY_PSHIMX9
%System Root%\Python27\include\py_curses.h
%Program Files%\NEMTY_PSHIMX9-DECRYPT.txt
\{computername}\Users\All Users\Microsoft\OFFICE\MySharePoints.ico.NEMTY_PSHIMX9
%System Root%\Python27\include\structmember.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\DLLs\_sqlite3.pyd.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\OFFICE\Groove\SketchPadTestSchema.xml.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_testcapi.pyd.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\word2k\DOC2KE03.doc.NEMTY_PSHIMX9
%System Root%\Python27\include\complexobject.h.NEMTY_PSHIMX9
%System Root%\Python27\include\pycapsule.h
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_mac.dmg.NEMTY_PSHIMX9
%System Root%\Python27\Lib\cgi.pyc
\{computername}\Users\{username}\Desktop\excel2k\XLS2KE03.xls.NEMTY_PSHIMX9
%System Root%\Python27\Lib\base64.pyc.NEMTY_PSHIMX9
%System Root%\Python27\include\pymacconfig.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\binhex.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\collections.pyc
%System Root%\Python27\DLLs\_tkinter.pyd
%System Root%\Python27\Lib\ctypes\test\test_internals.py
%System Root%\Python27\Doc\python2715.chm.NEMTY_PSHIMX9
%System Root%\Python27\include\bytesobject.h.NEMTY_PSHIMX9
%System Root%\Python27\include\methodobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\colorsys.py
%System Root%\Python27\Lib\ctypes\test\test_byteswap.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_memfunctions.py
%System Root%\Python27\include\structseq.h

マルウェアのコンポーネントファイルの削除：

Windows 2000、XP および Server 2003 の場合：

[スタート]-[検索]-[ファイルとフォルダすべて]を選択します。
[ファイル名のすべてまたは一部]に以下のファイル名を入力してください。
\{computername}\Users\{username}\Documents\excel2k\XLS2KE04.xls.NEMTY_PSHIMX9
\{computername}\Users\{username}\ntuser.dat.LOG2.NEMTY_PSHIMX9
%System Root%\Email and Password List.js.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_checkretval.py
%System Root%\Python27\include\errcode.h
%System Root%\Python27\Lib\csv.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\commands.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\excel2k\XLS2KE05.xls.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\dbtables.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\transformer.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\Doc\python2715.chm
\{computername}\Users\{username}\Documents\word2k\DOC2KE03.doc.NEMTY_PSHIMX9
%System Root%\Python27\include\dtoa.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\atexit.pyc
%System Root%\powerpoint2k\PPT2KExx.PPT
%System Root%\powerpoint2k\PPT2KE04.ppt
%System Root%\Python27\Lib\abc.pyc
%System Root%\Python27\Lib\csv.py
%System Root%\Python27\Lib\bsddb\test\test_get_none.py
%System Root%\Python27\Lib\ctypes\test\test_functions.py.NEMTY_PSHIMX9
\{computername}\Users\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRead.msi.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ConfigParser.py
\{computername}\Users\All Users\Microsoft\IlsCache\ilrcache.xml.NEMTY_PSHIMX9
%System Root%\Python27\Lib\cgi.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_find.py
%System Root%\Python27\include\compile.h
%System Root%\Python27\Lib\ctypes\test\test_byteswap.py
%System Root%\Python27\Lib\compiler\consts.py
%System Root%\Python27\Lib\bisect.pyc.NEMTY_PSHIMX9
%System Root%\powerpoint2k\PPT2KE00.pot.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\excel2k\XLS2KE04.xls.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_objects.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_parameters.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_returnfuncptrs.py
%System Root%\Python27\Lib\codecs.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_callbacks.py
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_200_macpep.dmg.NEMTY_PSHIMX9
%System Root%\Python27\Doc\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\include\longintrepr.h.NEMTY_PSHIMX9
%System Root%\Python27\include\modsupport.h
%System Root%\Python27\Lib\bsddb\test\test_dbshelve.py.NEMTY_PSHIMX9
%System Root%\Python27\include\codecs.h
%System Root%\Python27\include\unicodeobject.h
%System Root%\Python27\include\sysmodule.h.NEMTY_PSHIMX9
%System Root%\PerfLogs\Admin\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\Lib\chunk.py.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\wmp.ico.NEMTY_PSHIMX9
\{computername}\Users\All Users\McAfee\WinCore\persist.mtk.NEMTY_PSHIMX9
%System Root%\Python27\include\pythread.h.NEMTY_PSHIMX9
%System Root%\excel2k\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\DLLs\unicodedata.pyd.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_init.py.NEMTY_PSHIMX9
%System Root%\excel2k\XLS2KE00.xlt
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE01.ppt.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_repr.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\dbtables.py
%System Root%\Python27\DLLs\select.pyd.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\folder.ico.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_pickle.py
%System Root%\Python27\Lib\bsddb\test\test_recno.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ConfigParser.pyc.NEMTY_PSHIMX9
\{computername}\Users\{username}\NTUSER.DAT{{GUID}}.TMContainer00000000000000000002.regtrans-ms.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_replication.py.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\MF\Pending.GRL.NEMTY_PSHIMX9
%System Root%\Python27\Lib\cmd.py
%System Root%\Python27\DLLs\_sqlite3.pyd
\{computername}\Users\All Users\Microsoft\OFFICE\Groove\Installed_schemas.xss.NEMTY_PSHIMX9
%System Root%\Python27\include\asdl.h
%System Root%\Python27\Lib\Cookie.pyc.NEMTY_PSHIMX9
%System Root%\Python27\include\pystrtod.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\macholib\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\include\complexobject.h
%System Root%\Python27\Lib\ctypes\test\test_errno.py.NEMTY_PSHIMX9
%System Root%\Python27\include\stringobject.h.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\en-US\resource.xml.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_simplesubclasses.py
%System Root%\Python27\include\abstract.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\base64.py
\{computername}\Users\All Users\Microsoft\OFFICE\MySite.ico.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\RAC\StateData\RacMetaData.dat.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\word2k\DOC2KE05.doc.NEMTY_PSHIMX9
%System Root%\Python27\include\cobject.h
\{computername}\Users\{username}\NTUSER.DAT{{GUID}}.TMContainer00000000000000000001.regtrans-ms.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\__init__.py.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\select.pyd
%System Root%\Python27\Lib\ctypes\test\test_macholib.py
%System Root%\Python27\Lib\ctypes\test\test_buffers.py
%System Root%\Python27\Lib\ctypes\test\test_as_parameter.py
%System Root%\Python27\Lib\colorsys.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\dbshelve.py
%System Root%\Python27\Lib\ctypes\test\test_pep3118.py
A:\NEMTY_PSHIMX9-DECRYPT.txt
\{computername}\Users\{username}\usb_drive.img.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_arrays.py
%System Root%\Python27\Lib\compiler\pyassem.py
%System Root%\Python27\include\compile.h.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_testcapi.pyd
%System Root%\Python27\include\pyconfig.h
%System Root%\Python27\Lib\ctypes\macholib\framework.py
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_multiprocessing.pyd.NEMTY_PSHIMX9
%System Root%\Python27\include\pyexpat.h
%System Root%\Python27\Lib\binhex.py
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\scan_.ico.NEMTY_PSHIMX9
%System Root%\Python27\Lib\anydbm.py.NEMTY_PSHIMX9
%System Root%\Python27\include\asdl.h.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_ctypes_test.pyd
%System Root%\Python27\Lib\compiler\symbols.py
%System Root%\Python27\Lib\ctypes\test\test_numbers.py.NEMTY_PSHIMX9
%System Root%\Python27\include\token.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\collections.py
%System Root%\Python27\include\memoryobject.h
%System Root%\Python27\Lib\bsddb\test\test_queue.py
%System Root%\Python27\Lib\bsddb\test\test_basics.py
%System Root%\Python27\Lib\Cookie.pyc
\{computername}\Users\All Users\Microsoft\Network\Downloader\qmgr0.dat.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_array_in_pointer.py.NEMTY_PSHIMX9
%System Root%\Python27\include\classobject.h
%System Root%\Python27\include\intrcheck.h
%System Root%\Python27\Lib\copy_reg.pyc
%System Root%\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\Lib\bisect.py
%System Root%\Python27\Lib\ctypes\test\test_loading.py
F:\data\photos\stunning.jpg
%System Root%\Python27\include\bufferobject.h
%System Root%\Python27\include\floatobject.h
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\tasks.xml.NEMTY_PSHIMX9
%System Root%\Python27\include\funcobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_objects.py
%System Root%\Python27\Lib\ctypes\test\test_buffers.py.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\OFFICE\DATA\opa12.dat.NEMTY_PSHIMX9
%System Root%\Python27\Lib\base64.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\abc.pyc.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\pyc.ico.NEMTY_PSHIMX9
%System Root%\excel2k\XLS2KE00.xlt.NEMTY_PSHIMX9
%System Root%\Python27\include\bitset.h
%System Root%\Python27\DLLs\_tkinter.pyd.NEMTY_PSHIMX9
%System Root%\Python27\include\boolobject.h
%System Root%\Python27\Lib\bsddb\test\test_thread.py
%System Root%\Python27\DLLs\pyexpat.pyd.NEMTY_PSHIMX9
%System Root%\Python27\include\pyerrors.h
%System Root%\Python27\include\node.h.NEMTY_PSHIMX9
%System Root%\Python27\include\pgen.h.NEMTY_PSHIMX9
%System Root%\Python27\include\marshal.h
%System Root%\Python27\include\object.h
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_mac_pkg.dmg.NEMTY_PSHIMX9
%System Root%\Python27\include\pydebug.h
\{computername}\Users\All Users\Microsoft\OFFICE\SharePointPortalSite.ico.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\RAC\StateData\RacWmiEventData.dat.NEMTY_PSHIMX9
%System Root%\Python27\include\bufferobject.h.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\OFFICE\DocumentRepository.ico.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE01.ppt.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\excel2k\XLS2KE00.xlt.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_socket.pyd.NEMTY_PSHIMX9
%System Root%\Python27\include\pymacconfig.h
%System Root%\powerpoint2k\PPT2KE01.ppt.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\MF\Active.GRL.NEMTY_PSHIMX9
%System Root%\Python27\include\import.h
%System Root%\Python27\Lib\ctypes\macholib\dylib.py
%System Root%\Python27\include\pygetopt.h
%System Root%\Python27\Lib\bsddb\test\test_early_close.py
%System Root%\Python27\include\metagrammar.h
%System Root%\Python27\include\grammar.h
%System Root%\Python27\include\frameobject.h
%System Root%\Python27\Lib\ctypes\test\test_python_api.py
%System Root%\Python27\Lib\bsddb\test\test_distributed_transactions.py.NEMTY_PSHIMX9
%System Root%\Python27\include\bytearrayobject.h
\{computername}\Users\All Users\Microsoft\OFFICE\SharePointTeamSite.ico.NEMTY_PSHIMX9
F:\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\Lib\compiler\syntax.py
%System Root%\Python27\include\node.h
F:\data\dolist.txt
%System Root%\Python27\Lib\atexit.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compileall.py.NEMTY_PSHIMX9
%System Root%\Python27\include\bytesobject.h
%System Root%\Python27\Lib\bsddb\test\test_join.py
%System Root%\Python27\Lib\CGIHTTPServer.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\db.py.NEMTY_PSHIMX9
%System Root%\Python27\include\pgenheaders.h.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\netfol.ico.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_bitfields.py
%System Root%\Python27\DLLs\py.ico.NEMTY_PSHIMX9
%System Root%\Python27\include\pystrcmp.h
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE04.ppt.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\excel2k\XLS2KE00.xlt.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\AAljoOV.jpg.NEMTY_PSHIMX9
%System Root%\Python27\include\dictobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_internals.py.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\winsound.pyd.NEMTY_PSHIMX9
%System Root%\Python27\include\parsetok.h
\{computername}\Users\{username}\Documents\word2k\DOC2KE04.doc.NEMTY_PSHIMX9
%System Root%\Python27\include\Python.h
%System Root%\Python27\include\iterobject.h
%System Root%\Python27\Lib\ctypes\test\runtests.py.NEMTY_PSHIMX9
F:\data\tmp.doc
%System Root%\Python27\Lib\contextlib.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\codeop.py.NEMTY_PSHIMX9
%System Root%\excel2k\XLS2KExx.xls
\{computername}\Users\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRdrDCUpd1901020099.msp.NEMTY_PSHIMX9
%System Root%\Python27\Lib\atexit.pyc.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_hashlib.pyd.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_associate.py
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\print_queue.ico.NEMTY_PSHIMX9
%System Root%\powerpoint2k\PPT2KE04.ppt.NEMTY_PSHIMX9
%System Root%\Python27\Lib\argparse.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\future.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\copy.pyc.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203_debug\flashplayer18_0r0_203_mac_sa_debug.dmg.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_sequence.py
%System Root%\Python27\include\eval.h
%System Root%\Python27\Lib\ctypes\test\test_find.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\Email and Password List.js.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\Email and Password List.htm.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_thread.py.NEMTY_PSHIMX9
%System Root%\Python27\include\pythonrun.h
%System Root%\Python27\include\traceback.h
%System Root%\Python27\include\pymactoolbox.h
%System Root%\Python27\Lib\chunk.py
%System Root%\Documents and Settings\NEMTY_PSHIMX9-DECRYPT.txt
\{computername}\Users\All Users\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf.NEMTY_PSHIMX9
%System Root%\Python27\include\warnings.h.NEMTY_PSHIMX9
%System Root%\Python27\include\enumobject.h.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\excel2k\XLS2KExx.xls.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\pyassem.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_functions.py
%System Root%\Email and Password List.vbs.NEMTY_PSHIMX9
%System Root%/pagefile.sys.NEMTY_PSHIMX9
%System Root%\Python27\include\bitset.h.NEMTY_PSHIMX9
%System Root%\Python27\include\pymem.h
%System Root%\Python27\Lib\bsddb\test\test_cursor_pget_bug.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_pickle.py.NEMTY_PSHIMX9
%System Root%\Email and Password List.htm
%System Root%\Python27\DLLs\_msi.pyd.NEMTY_PSHIMX9
%System Root%\Python27\include\pygetopt.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_recno.py
%System Root%\Python27\Lib\ctypes\test\test_prototypes.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203_debug\flashplayer18_0r0_200_macpep_debug.dmg.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\pycodegen.py
%System Root%\Python27\Lib\ctypes\test\test_python_api.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_pointers.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\word2k\DOC2KExx.doc.NEMTY_PSHIMX9
\{computername}\Users\{username}\Searches\Everywhere.search-ms.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_random_things.py
F:\data\photos\long_exposure.jpg.NEMTY_PSHIMX9
%System Root%\Python27\include\pyfpe.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\Lib\cgi.pyc.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_bsddb.pyd.NEMTY_PSHIMX9
%System Root%\Python27\include\code.h
%System Root%\Python27\Lib\ctypes\test\test_pointers.py
%System Root%\excel2k\XLS2KE01.xls
%System Root%\Python27\include\import.h.NEMTY_PSHIMX9
%System Root%\Python27\include\structmember.h
%System Root%\excel2k\XLS2KE03.xls.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_dbshelve.py
%System Root%\Python27\Lib\ctypes\test\test_pickling.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Searches\Indexed Locations.search-ms.NEMTY_PSHIMX9
%System Root%\Python27\Lib\calendar.pyc.NEMTY_PSHIMX9
%System Root%\Python27\Lib\aifc.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\NTUSER.DAT{{GUID}}.TM.blf.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\User Account Pictures\{username}.dat.NEMTY_PSHIMX9
%System Root%\Python27\include\tupleobject.h
%System Root%\Python27\Lib\ConfigParser.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bdb.py
%System Root%\Python27\Lib\bisect.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_incomplete.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_db.py
\{computername}\Users\{username}\Desktop\word2k\DOC2KE05.doc.NEMTY_PSHIMX9
%System Root%\Python27\include\structseq.h.NEMTY_PSHIMX9
%System Root%\Python27\include\pgenheaders.h
%System Root%\Python27\Lib\argparse.pyc
%System Root%\Python27\Lib\compiler\symbols.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\BaseHTTPServer.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KExx.PPT.NEMTY_PSHIMX9
%System Root%\Python27\include\pyport.h.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\word2k\DOC2KE02.doc.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_dbobj.py.NEMTY_PSHIMX9
%System Root%\Python27\include\Python-ast.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_frombuffer.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\visitor.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\dbrecio.py.NEMTY_PSHIMX9
F:\data\tmp.doc.NEMTY_PSHIMX9
%System Root%\Python27\include\pystrtod.h
%System Root%\Python27\include\metagrammar.h.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\winsound.pyd
\{computername}\Users\{username}\Desktop\Email and Password List.txt.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\RAC\StateData\RacDatabase.sdf.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_dbenv.py.NEMTY_PSHIMX9
%System Root%\PerfLogs\NEMTY_PSHIMX9-DECRYPT.txt
\{computername}\Users\{username}\Desktop\word2k\DOC2KExx.doc.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\py.ico
%System Root%\Python27\Lib\asynchat.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE05.ppt.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE00.pot.NEMTY_PSHIMX9
%System Root%\Python27\Lib\argparse.py
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\scan_property.ico.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_random_things.py.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\print_pref.ico.NEMTY_PSHIMX9
%System Root%\Python27\Lib\Bastion.py
%System Root%\powerpoint2k\PPT2KE05.ppt
%System Root%\Python27\include\intobject.h.NEMTY_PSHIMX9
%System Root%\Python27\include\weakrefobject.h
%System Root%\Python27\Lib\bsddb\test\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\include\codecs.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_compare.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\ast.py
%System Root%\Python27\Lib\abc.py
%System Root%\Python27\Lib\ctypes\test\test_numbers.py
%System Root%\Python27\Lib\Bastion.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\include\bytes_methods.h.NEMTY_PSHIMX9
%System Root%\Python27\include\py_curses.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\misc.py.NEMTY_PSHIMX9
%System Root%\excel2k\XLS2KE01.xls.NEMTY_PSHIMX9
%System Root%\Python27\include\graminit.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\future.py
%System Root%\Python27\Lib\BaseHTTPServer.pyc.NEMTY_PSHIMX9
%System Root%\excel2k\XLS2KE05.xls.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\excel2k\XLS2KE01.xls.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bisect.pyc
%System Root%\Python27\Lib\ctypes\test\test_bitfields.py.NEMTY_PSHIMX9
%System Root%\Python27\include\ceval.h.NEMTY_PSHIMX9
%System Root%\Python27\include\pystrcmp.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_dbenv.py
F:\data\photos\long_exposure.jpg
F:\data\dolist.txt.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W.NEMTY_PSHIMX9
%System Root%\Python27\include\patchlevel.h.NEMTY_PSHIMX9
%System Root%\Python27\include\rangeobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bdb.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\cookielib.pyc.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\macholib\dylib.py.NEMTY_PSHIMX9
%System Root%\Python27\include\pgen.h
%System Root%\excel2k\XLS2KE04.xls
%System Root%\Python27\Lib\compiler\syntax.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\cookielib.pyc
%System Root%\Python27\include\objimpl.h.NEMTY_PSHIMX9
\{computername}\Users\{username}\Contacts\{username}.contact.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE03.ppt.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_refcounts.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\uninstall_flashplayer18_0r0_203_mac.dmg.NEMTY_PSHIMX9
%System Root%\Python27\Lib\contextlib.py
%System Root%\Python27\DLLs\_bsddb.pyd
F:\wlines.zip
%System Root%\Python27\Lib\copy.pyc
%System Root%\powerpoint2k\PPT2KE00.pot
%System Root%\Python27\include\pymath.h
%System Root%\Python27\Lib\csv.pyc.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_funcptr.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\Transmag.doc.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\word2k\DOC2KE00.dot.NEMTY_PSHIMX9
%System Root%\Python27\include\pyexpat.h.NEMTY_PSHIMX9
%System Root%\excel2k\XLS2KExx.xls.NEMTY_PSHIMX9
%System Root%\Python27\include\opcode.h.NEMTY_PSHIMX9
F:\wlines.zip.NEMTY_PSHIMX9
%System Root%\Python27\include\graminit.h
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\settings.ico.NEMTY_PSHIMX9
%System Root%\Python27\include\opcode.h
%System Root%\Python27\include\boolobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_arrays.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\contextlib.pyc.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\bz2.pyd
%System Root%\Python27\Lib\copy.py
%System Root%\Python27\Lib\ConfigParser.pyc
%System Root%\powerpoint2k\PPT2KE03.ppt
%System Root%\Python27\Lib\bsddb\test\test_cursor_pget_bug.py
%System Root%\Python27\Lib\asynchat.py
%System Root%\Python27\Lib\codecs.py
%System Root%\Python27\include\tupleobject.h.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\Email and Password List.txt.NEMTY_PSHIMX9
%System Root%\Python27\Lib\cookielib.py.NEMTY_PSHIMX9
%System Root%\Python27\include\objimpl.h
\{computername}\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\word2k\DOC2KE01.doc.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\Lib\collections.py.NEMTY_PSHIMX9
%System Root%\Python27\include\datetime.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\anydbm.py
%System Root%\Python27\Lib\bsddb\test\__init__.py
%System Root%\Python27\include\pydebug.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_memfunctions.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\visitor.py
%System Root%\Python27\Lib\ctypes\test\test_libc.py
%System Root%\Python27\Lib\ctypes\macholib\__init__.py.NEMTY_PSHIMX9
%System Root%\Python27\include\warnings.h
%System Root%\Python27\Lib\audiodev.py
%System Root%\Python27\Lib\cookielib.py
%System Root%\Python27\include\pyerrors.h.NEMTY_PSHIMX9
%System Root%\Python27\include\ucnhash.h.NEMTY_PSHIMX9
%System Root%\Python27\include\timefuncs.h
%System Root%\Python27\include\datetime.h
%System Root%\Python27\Lib\bsddb\dbobj.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_dbobj.py
%System Root%\Python27\Lib\Cookie.py
%System Root%\Python27\Lib\cProfile.py.NEMTY_PSHIMX9
%System Root%\powerpoint2k\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\include\iterobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_array_in_pointer.py
%System Root%\Python27\include\pyport.h
%System Root%\Python27\Lib\ctypes\macholib\dyld.py.NEMTY_PSHIMX9
%System Root%\Python27\include\object.h.NEMTY_PSHIMX9
%System Root%\Python27\include\pymem.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\asyncore.py
%System Root%\Python27\DLLs\_msi.pyd
%System Root%\powerpoint2k\PPT2KE03.ppt.NEMTY_PSHIMX9
%System Root%\Python27\include\Python.h.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE02.ppt.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_returnfuncptrs.py.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\unicodedata.pyd
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\resource.xml.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\__init__.py.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE04.ppt.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\excel2k\XLS2KE05.xls.NEMTY_PSHIMX9
%System Root%\Python27\include\stringobject.h
%System Root%\Python27\Lib\ctypes\test\test_loading.py.NEMTY_PSHIMX9
%System Root%\Program Files\NEMTY_PSHIMX9-DECRYPT.txt
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W.NEMTY_PSHIMX9
%System Root%\Python27\include\ast.h
%System Root%\Python27\Lib\csv.pyc
%System Root%\Python27\Lib\aifc.py
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203_debug\flashplayer18_0r0_203_mac_debug.dmg.NEMTY_PSHIMX9
\{computername}\Users\{username}\ntuser.dat.LOG1.NEMTY_PSHIMX9
%System Root%\Python27\include\genobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\cgitb.py
%System Root%\Python27\Lib\CGIHTTPServer.py
%System Root%\Python27\Lib\compileall.py
%System Root%\Python27\Lib\ctypes\test\runtests.py
%System Root%\Python27\DLLs\bz2.pyd.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\macholib\framework.py.NEMTY_PSHIMX9
%System Root%\Python27\include\pymath.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_delattr.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\__init__.py
%System Root%\Python27\Lib\cgi.py
%System Root%\excel2k\XLS2KE02.xls
%System Root%\Python27\Lib\ctypes\test\test_macholib.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\BaseHTTPServer.pyc
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE03.ppt.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\word2k\DOC2KE02.doc.NEMTY_PSHIMX9
%System Root%\Python27\Lib\codeop.py
%System Root%\Python27\Lib\bsddb\test\test_misc.py
%System Root%\Python27\Lib\contextlib.pyc
%System Root%\Python27\Lib\ctypes\test\test_init.py
\{computername}\Users\{username}\Documents\agent.pyw.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\__init__.py.NEMTY_PSHIMX9
%System Root%\Python27\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\Lib\bsddb\test\test_queue.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive.zip.NEMTY_PSHIMX9
%System Root%\Python27\Lib\copy.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\Email and Password List.js.NEMTY_PSHIMX9
%System Root%\Python27\Lib\calendar.py
%System Root%\Python27\include\unicodeobject.h.NEMTY_PSHIMX9
%System Root%\Python27\include\pymactoolbox.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compileall.pyc.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\OFFICE\DATA\OPA12.BAK.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\IlsCache\imcrcache.xml.NEMTY_PSHIMX9
%System Root%\Email and Password List.js
%System Root%\Python27\include\symtable.h
%System Root%\Python27\Lib\bsddb\test\test_compare.py
%System Root%\Python27\Lib\code.py
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\scan_settings.ico.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_elementtree.pyd.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_cast.py.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\dbobj.py
%System Root%\Python27\include\listobject.h.NEMTY_PSHIMX9
%System Root%\Python27\include\floatobject.h.NEMTY_PSHIMX9
%System Root%\Python27\include\pythread.h
%System Root%\Python27\Lib\ast.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\excel2k\XLS2KE02.xls.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_hashlib.pyd
%System Root%\Python27\Lib\ctypes\test\test_cfuncs.py
%System Root%\Python27\Lib\ctypes\test\test_sizes.py.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_ssl.pyd.NEMTY_PSHIMX9
%System Root%\Python27\include\classobject.h.NEMTY_PSHIMX9
%System Root%\Email and Password List.txt.NEMTY_PSHIMX9
%System Root%\Python27\include\code.h.NEMTY_PSHIMX9
%System Root%\Python27\include\ucnhash.h
%System Root%\Python27\Lib\ctypes\test\test_sizes.py
%System Root%\Python27\Lib\bsddb\dbutils.py
%System Root%\Python27\include\ceval.h
\{computername}\Users\{username}\Desktop\word2k\DOC2KE04.doc.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_fileid.py
%System Root%\Python27\include\token.h
%System Root%\Python27\Lib\code.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\antigravity.py
%System Root%\Python27\Lib\bsddb\test\test_lock.py.NEMTY_PSHIMX9
%System Root%\Python27\include\rangeobject.h
%System Root%\Python27\Lib\audiodev.py.NEMTY_PSHIMX9
%System Root%\Python27\include\sliceobject.h
%System Root%\excel2k\XLS2KE05.xls
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_winax.msi.NEMTY_PSHIMX9
%System Root%\powerpoint2k\PPT2KE02.ppt
%System Root%\Python27\include\frameobject.h.NEMTY_PSHIMX9
%System Root%\Python27\include\symtable.h.NEMTY_PSHIMX9
%System Root%\Python27\include\patchlevel.h
%System Root%\Python27\Lib\bsddb\dbutils.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_compat.py
%System Root%\Python27\include\setobject.h
%System Root%\Python27\Lib\codecs.pyc
%System Root%\Python27\Lib\ast.py
%System Root%\Python27\include\sliceobject.h.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\pyc.ico
%System Root%\Python27\include\pystate.h
%System Root%\Python27\include\abstract.h
%System Root%\Python27\Lib\copy_reg.py
%System Root%\Python27\include\cellobject.h
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\ringtones.ico.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\excel2k\XLS2KE03.xls.NEMTY_PSHIMX9
%System Root%\Python27\include\traceback.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_lock.py
%System Root%\Python27\include\pystate.h.NEMTY_PSHIMX9
%System Root%\Python27\include\pyarena.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\transformer.py
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KExx.PPT.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\excel2k\XLS2KExx.xls.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\db.py
F:\data\photos\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\include\longobject.h.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Network\Downloader\qmgr1.dat.NEMTY_PSHIMX9
%System Root%\Python27\include\cobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\abc.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_misc.py.NEMTY_PSHIMX9
%System Root%\Python27\include\genobject.h
%System Root%\Python27\Lib\base64.pyc
%System Root%\Python27\include\funcobject.h
%System Root%\Python27\Lib\cmd.py.NEMTY_PSHIMX9
%System Root%\Python27\include\pythonrun.h.NEMTY_PSHIMX9
%System Root%\Python27\include\timefuncs.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\commands.py
%System Root%\Python27\Lib\compiler\pycodegen.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_frombuffer.py
%System Root%\Python27\Lib\ctypes\test\test_prototypes.py
%System Root%\Python27\Lib\ctypes\macholib\dyld.py
F:\data\photos\stunning.jpg.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\Email and Password List.htm.NEMTY_PSHIMX9
%System Root%\Python27\include\enumobject.h
%System Root%\Python27\Lib\bsddb\test\test_early_close.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\note.txt.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\Email and Password List.vbs.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_pickling.py
%System Root%\Python27\Lib\ctypes\test\test_repr.py
%System Root%\Python27\Lib\cProfile.py
\{computername}\Users\{username}\Documents\excel2k\XLS2KE01.xls.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\word2k\DOC2KE01.doc.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_distributed_transactions.py
%System Root%\Python27\Lib\compiler\misc.py
%System Root%\Python27\include\cStringIO.h
%System Root%\Python27\include\marshal.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_anon.py
%System Root%\Python27\Lib\cgitb.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_callbacks.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_get_none.py.NEMTY_PSHIMX9
%System Root%\Python27\include\bytes_methods.h
F:\data\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Email and Password List.htm.NEMTY_PSHIMX9
%System Root%\Python27\Lib\argparse.pyc.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_socket.pyd
%System Root%\excel2k\XLS2KE04.xls.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\excel2k\XLS2KE02.xls.NEMTY_PSHIMX9
%System Root%\Python27\Lib\copy_reg.py.NEMTY_PSHIMX9
%System Root%\Python27\include\weakrefobject.h.NEMTY_PSHIMX9
%System Root%\Python27\include\ast.h.NEMTY_PSHIMX9
%System Root%\Python27\include\fileobject.h.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_keeprefs.py.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp.NEMTY_PSHIMX9
%System Root%\Python27\include\longobject.h
%System Root%\Python27\include\methodobject.h
%System Root%\Python27\Lib\compileall.pyc
%System Root%\Python27\include\pyarena.h
%System Root%\Python27\Lib\bsddb\test\test_join.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\collections.pyc.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\sync.ico.NEMTY_PSHIMX9
%System Root%\Python27\include\cStringIO.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\dbshelve.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_cast.py
%System Root%\Python27\DLLs\_ctypes.pyd
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\pictures.ico.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE00.pot.NEMTY_PSHIMX9
%System Root%\Python27\Lib\calendar.pyc
%System Root%\excel2k\XLS2KE03.xls
%System Root%\Python27\include\parsetok.h.NEMTY_PSHIMX9
%System Root%\Python27\include\dtoa.h
%System Root%\Python27\Lib\bsddb\test\test_compat.py.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_elementtree.pyd
%System Root%\Python27\Lib\ctypes\test\test_simplesubclasses.py.NEMTY_PSHIMX9
%System Root%\Python27\include\pyconfig.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_associate.py.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_multiprocessing.pyd
%System Root%\Python27\Lib\bsddb\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\Lib\bsddb\test\test_all.py
%System Root%\Python27\Lib\ctypes\test\test_keeprefs.py
%System Root%\Python27\include\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\powerpoint2k\PPT2KE02.ppt.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_win.msi.NEMTY_PSHIMX9
%System Root%\Python27\include\descrobject.h
%System Root%\Python27\include\longintrepr.h
%System Root%\Python27\Lib\ctypes\test\test_refcounts.py
%System Root%\Python27\Lib\bsddb\test\test_all.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_delattr.py
%System Root%\Python27\Lib\ctypes\test\test_libc.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_basics.py.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\print_property.ico.NEMTY_PSHIMX9
%System Root%\Python27\Lib\calendar.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\word2k\DOC2KE00.dot.NEMTY_PSHIMX9
%System Root%\Python27\include\pyctype.h
%System Root%\Python27\Lib\ctypes\test\test_errno.py
%System Root%\excel2k\XLS2KE02.xls.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_checkretval.py.NEMTY_PSHIMX9
%System Root%\Python27\include\cellobject.h.NEMTY_PSHIMX9
%System Root%\Python27\include\dictobject.h
%System Root%\Python27\include\moduleobject.h
%System Root%\Python27\Lib\atexit.py
%System Root%\Python27\Lib\bsddb\dbrecio.py
\{computername}\Users\{username}\Desktop\Email and Password List.vbs.NEMTY_PSHIMX9
%System Root%\Python27\Lib\antigravity.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\copy_reg.pyc.NEMTY_PSHIMX9
%System Root%\powerpoint2k\PPT2KE05.ppt.NEMTY_PSHIMX9
%System Root%\Python27\include\osdefs.h
%System Root%\Python27\Lib\ctypes\test\test_parameters.py
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\__init__.py
%System Root%\Python27\include\intrcheck.h.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\OFFICE\Groove\Installed_resources.xss.NEMTY_PSHIMX9
%System Root%\Python27\include\eval.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\macholib\__init__.py
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE02.ppt.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_funcptr.py
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_db.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_pep3118.py.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_ssl.pyd
%System Root%\Python27\Lib\bsddb\test\test_dbtables.py.NEMTY_PSHIMX9
%System Root%\Python27\include\pyfpe.h
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE05.ppt.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_anon.py.NEMTY_PSHIMX9
%System Root%\Python27\include\pycapsule.h.NEMTY_PSHIMX9
%System Root%\Python27\include\setobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_sequence.py.NEMTY_PSHIMX9
%System Root%\powerpoint2k\PPT2KE01.ppt
%System Root%\Python27\include\listobject.h
%System Root%\Python27\include\modsupport.h.NEMTY_PSHIMX9
%System Root%\Python27\include\intobject.h
%System Root%\Python27\Lib\bsddb\test\test_fileid.py.NEMTY_PSHIMX9
%System Root%\Python27\include\pyctype.h.NEMTY_PSHIMX9
%System Root%\Email and Password List.vbs
%System Root%\Python27\include\descrobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\asyncore.py.NEMTY_PSHIMX9
%System Root%\Python27\include\sysmodule.h
%System Root%\Python27\Lib\Cookie.py.NEMTY_PSHIMX9
%System Root%\Python27\include\memoryobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_as_parameter.py.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_ctypes_test.pyd.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_ctypes.pyd.NEMTY_PSHIMX9
%System Root%\Email and Password List.txt
%System Root%\Python27\Lib\ctypes\test\test_incomplete.py
%System Root%\Python27\include\bytearrayobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_dbtables.py
\{computername}\Users\All Users\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat.NEMTY_PSHIMX9
%System Root%\Python27\include\Python-ast.h
%System Root%\Python27\DLLs\pyexpat.pyd
%System Root%\Python27\include\grammar.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\BaseHTTPServer.py
%System Root%\Python27\include\fileobject.h
%System Root%\Python27\Lib\compiler\consts.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\ast.py.NEMTY_PSHIMX9
%System Root%\Python27\include\errcode.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_cfuncs.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\codecs.pyc.NEMTY_PSHIMX9
%System Root%\Python27\include\moduleobject.h.NEMTY_PSHIMX9
%System Root%\powerpoint2k\PPT2KExx.PPT.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_replication.py
%System Root%\Python27\include\osdefs.h.NEMTY_PSHIMX9
%System Root%\Python27\include\py_curses.h
%Program Files%\NEMTY_PSHIMX9-DECRYPT.txt
\{computername}\Users\All Users\Microsoft\OFFICE\MySharePoints.ico.NEMTY_PSHIMX9
%System Root%\Python27\include\structmember.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\DLLs\_sqlite3.pyd.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\OFFICE\Groove\SketchPadTestSchema.xml.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_testcapi.pyd.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\word2k\DOC2KE03.doc.NEMTY_PSHIMX9
%System Root%\Python27\include\complexobject.h.NEMTY_PSHIMX9
%System Root%\Python27\include\pycapsule.h
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_mac.dmg.NEMTY_PSHIMX9
%System Root%\Python27\Lib\cgi.pyc
\{computername}\Users\{username}\Desktop\excel2k\XLS2KE03.xls.NEMTY_PSHIMX9
%System Root%\Python27\Lib\base64.pyc.NEMTY_PSHIMX9
%System Root%\Python27\include\pymacconfig.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\binhex.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\collections.pyc
%System Root%\Python27\DLLs\_tkinter.pyd
%System Root%\Python27\Lib\ctypes\test\test_internals.py
%System Root%\Python27\Doc\python2715.chm.NEMTY_PSHIMX9
%System Root%\Python27\include\bytesobject.h.NEMTY_PSHIMX9
%System Root%\Python27\include\methodobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\colorsys.py
%System Root%\Python27\Lib\ctypes\test\test_byteswap.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_memfunctions.py
%System Root%\Python27\include\structseq.h
[探す場所]の一覧から[マイコンピュータ]を選択し、[検索]を押します。
検索が終了したら、ファイルを選択し、SHIFT+DELETE を押します。これにより、ファイルが完全に削除されます。
註：ファイル名の入力欄のタイトルは、Windowsのバージョンによって異なります。（例：ファイルやフォルダ名の検索の場合やファイル名のすべてまたは一部での検索）

Windows Vista、7、Server 2008、8、8.1 および Server 2012 の場合：

Windowsエクスプローラ画面を開きます。
- Windows Vista、7 および Server 2008 の場合：
  - [スタート]-[コンピューター]を選択します。
- Windows 8、8.1 および Server 2012 の場合：
  - 画面の左隅を右クリックし、[エクスプローラー]を選択します。
[コンピューターの検索]に、以下を入力します。
\{computername}\Users\{username}\Documents\excel2k\XLS2KE04.xls.NEMTY_PSHIMX9
\{computername}\Users\{username}\ntuser.dat.LOG2.NEMTY_PSHIMX9
%System Root%\Email and Password List.js.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_checkretval.py
%System Root%\Python27\include\errcode.h
%System Root%\Python27\Lib\csv.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\commands.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\excel2k\XLS2KE05.xls.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\dbtables.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\transformer.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\Doc\python2715.chm
\{computername}\Users\{username}\Documents\word2k\DOC2KE03.doc.NEMTY_PSHIMX9
%System Root%\Python27\include\dtoa.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\atexit.pyc
%System Root%\powerpoint2k\PPT2KExx.PPT
%System Root%\powerpoint2k\PPT2KE04.ppt
%System Root%\Python27\Lib\abc.pyc
%System Root%\Python27\Lib\csv.py
%System Root%\Python27\Lib\bsddb\test\test_get_none.py
%System Root%\Python27\Lib\ctypes\test\test_functions.py.NEMTY_PSHIMX9
\{computername}\Users\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRead.msi.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ConfigParser.py
\{computername}\Users\All Users\Microsoft\IlsCache\ilrcache.xml.NEMTY_PSHIMX9
%System Root%\Python27\Lib\cgi.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_find.py
%System Root%\Python27\include\compile.h
%System Root%\Python27\Lib\ctypes\test\test_byteswap.py
%System Root%\Python27\Lib\compiler\consts.py
%System Root%\Python27\Lib\bisect.pyc.NEMTY_PSHIMX9
%System Root%\powerpoint2k\PPT2KE00.pot.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\excel2k\XLS2KE04.xls.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_objects.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_parameters.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_returnfuncptrs.py
%System Root%\Python27\Lib\codecs.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_callbacks.py
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_200_macpep.dmg.NEMTY_PSHIMX9
%System Root%\Python27\Doc\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\include\longintrepr.h.NEMTY_PSHIMX9
%System Root%\Python27\include\modsupport.h
%System Root%\Python27\Lib\bsddb\test\test_dbshelve.py.NEMTY_PSHIMX9
%System Root%\Python27\include\codecs.h
%System Root%\Python27\include\unicodeobject.h
%System Root%\Python27\include\sysmodule.h.NEMTY_PSHIMX9
%System Root%\PerfLogs\Admin\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\Lib\chunk.py.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\wmp.ico.NEMTY_PSHIMX9
\{computername}\Users\All Users\McAfee\WinCore\persist.mtk.NEMTY_PSHIMX9
%System Root%\Python27\include\pythread.h.NEMTY_PSHIMX9
%System Root%\excel2k\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\DLLs\unicodedata.pyd.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_init.py.NEMTY_PSHIMX9
%System Root%\excel2k\XLS2KE00.xlt
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE01.ppt.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_repr.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\dbtables.py
%System Root%\Python27\DLLs\select.pyd.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\folder.ico.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_pickle.py
%System Root%\Python27\Lib\bsddb\test\test_recno.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ConfigParser.pyc.NEMTY_PSHIMX9
\{computername}\Users\{username}\NTUSER.DAT{{GUID}}.TMContainer00000000000000000002.regtrans-ms.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_replication.py.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\MF\Pending.GRL.NEMTY_PSHIMX9
%System Root%\Python27\Lib\cmd.py
%System Root%\Python27\DLLs\_sqlite3.pyd
\{computername}\Users\All Users\Microsoft\OFFICE\Groove\Installed_schemas.xss.NEMTY_PSHIMX9
%System Root%\Python27\include\asdl.h
%System Root%\Python27\Lib\Cookie.pyc.NEMTY_PSHIMX9
%System Root%\Python27\include\pystrtod.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\macholib\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\include\complexobject.h
%System Root%\Python27\Lib\ctypes\test\test_errno.py.NEMTY_PSHIMX9
%System Root%\Python27\include\stringobject.h.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\en-US\resource.xml.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_simplesubclasses.py
%System Root%\Python27\include\abstract.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\base64.py
\{computername}\Users\All Users\Microsoft\OFFICE\MySite.ico.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\RAC\StateData\RacMetaData.dat.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\word2k\DOC2KE05.doc.NEMTY_PSHIMX9
%System Root%\Python27\include\cobject.h
\{computername}\Users\{username}\NTUSER.DAT{{GUID}}.TMContainer00000000000000000001.regtrans-ms.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\__init__.py.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\select.pyd
%System Root%\Python27\Lib\ctypes\test\test_macholib.py
%System Root%\Python27\Lib\ctypes\test\test_buffers.py
%System Root%\Python27\Lib\ctypes\test\test_as_parameter.py
%System Root%\Python27\Lib\colorsys.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\dbshelve.py
%System Root%\Python27\Lib\ctypes\test\test_pep3118.py
A:\NEMTY_PSHIMX9-DECRYPT.txt
\{computername}\Users\{username}\usb_drive.img.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_arrays.py
%System Root%\Python27\Lib\compiler\pyassem.py
%System Root%\Python27\include\compile.h.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_testcapi.pyd
%System Root%\Python27\include\pyconfig.h
%System Root%\Python27\Lib\ctypes\macholib\framework.py
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_multiprocessing.pyd.NEMTY_PSHIMX9
%System Root%\Python27\include\pyexpat.h
%System Root%\Python27\Lib\binhex.py
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\scan_.ico.NEMTY_PSHIMX9
%System Root%\Python27\Lib\anydbm.py.NEMTY_PSHIMX9
%System Root%\Python27\include\asdl.h.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_ctypes_test.pyd
%System Root%\Python27\Lib\compiler\symbols.py
%System Root%\Python27\Lib\ctypes\test\test_numbers.py.NEMTY_PSHIMX9
%System Root%\Python27\include\token.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\collections.py
%System Root%\Python27\include\memoryobject.h
%System Root%\Python27\Lib\bsddb\test\test_queue.py
%System Root%\Python27\Lib\bsddb\test\test_basics.py
%System Root%\Python27\Lib\Cookie.pyc
\{computername}\Users\All Users\Microsoft\Network\Downloader\qmgr0.dat.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_array_in_pointer.py.NEMTY_PSHIMX9
%System Root%\Python27\include\classobject.h
%System Root%\Python27\include\intrcheck.h
%System Root%\Python27\Lib\copy_reg.pyc
%System Root%\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\Lib\bisect.py
%System Root%\Python27\Lib\ctypes\test\test_loading.py
F:\data\photos\stunning.jpg
%System Root%\Python27\include\bufferobject.h
%System Root%\Python27\include\floatobject.h
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\tasks.xml.NEMTY_PSHIMX9
%System Root%\Python27\include\funcobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_objects.py
%System Root%\Python27\Lib\ctypes\test\test_buffers.py.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\OFFICE\DATA\opa12.dat.NEMTY_PSHIMX9
%System Root%\Python27\Lib\base64.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\abc.pyc.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\pyc.ico.NEMTY_PSHIMX9
%System Root%\excel2k\XLS2KE00.xlt.NEMTY_PSHIMX9
%System Root%\Python27\include\bitset.h
%System Root%\Python27\DLLs\_tkinter.pyd.NEMTY_PSHIMX9
%System Root%\Python27\include\boolobject.h
%System Root%\Python27\Lib\bsddb\test\test_thread.py
%System Root%\Python27\DLLs\pyexpat.pyd.NEMTY_PSHIMX9
%System Root%\Python27\include\pyerrors.h
%System Root%\Python27\include\node.h.NEMTY_PSHIMX9
%System Root%\Python27\include\pgen.h.NEMTY_PSHIMX9
%System Root%\Python27\include\marshal.h
%System Root%\Python27\include\object.h
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_mac_pkg.dmg.NEMTY_PSHIMX9
%System Root%\Python27\include\pydebug.h
\{computername}\Users\All Users\Microsoft\OFFICE\SharePointPortalSite.ico.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\RAC\StateData\RacWmiEventData.dat.NEMTY_PSHIMX9
%System Root%\Python27\include\bufferobject.h.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\OFFICE\DocumentRepository.ico.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE01.ppt.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\excel2k\XLS2KE00.xlt.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_socket.pyd.NEMTY_PSHIMX9
%System Root%\Python27\include\pymacconfig.h
%System Root%\powerpoint2k\PPT2KE01.ppt.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\MF\Active.GRL.NEMTY_PSHIMX9
%System Root%\Python27\include\import.h
%System Root%\Python27\Lib\ctypes\macholib\dylib.py
%System Root%\Python27\include\pygetopt.h
%System Root%\Python27\Lib\bsddb\test\test_early_close.py
%System Root%\Python27\include\metagrammar.h
%System Root%\Python27\include\grammar.h
%System Root%\Python27\include\frameobject.h
%System Root%\Python27\Lib\ctypes\test\test_python_api.py
%System Root%\Python27\Lib\bsddb\test\test_distributed_transactions.py.NEMTY_PSHIMX9
%System Root%\Python27\include\bytearrayobject.h
\{computername}\Users\All Users\Microsoft\OFFICE\SharePointTeamSite.ico.NEMTY_PSHIMX9
F:\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\Lib\compiler\syntax.py
%System Root%\Python27\include\node.h
F:\data\dolist.txt
%System Root%\Python27\Lib\atexit.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compileall.py.NEMTY_PSHIMX9
%System Root%\Python27\include\bytesobject.h
%System Root%\Python27\Lib\bsddb\test\test_join.py
%System Root%\Python27\Lib\CGIHTTPServer.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\db.py.NEMTY_PSHIMX9
%System Root%\Python27\include\pgenheaders.h.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\netfol.ico.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_bitfields.py
%System Root%\Python27\DLLs\py.ico.NEMTY_PSHIMX9
%System Root%\Python27\include\pystrcmp.h
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE04.ppt.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\excel2k\XLS2KE00.xlt.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\AAljoOV.jpg.NEMTY_PSHIMX9
%System Root%\Python27\include\dictobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_internals.py.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\winsound.pyd.NEMTY_PSHIMX9
%System Root%\Python27\include\parsetok.h
\{computername}\Users\{username}\Documents\word2k\DOC2KE04.doc.NEMTY_PSHIMX9
%System Root%\Python27\include\Python.h
%System Root%\Python27\include\iterobject.h
%System Root%\Python27\Lib\ctypes\test\runtests.py.NEMTY_PSHIMX9
F:\data\tmp.doc
%System Root%\Python27\Lib\contextlib.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\codeop.py.NEMTY_PSHIMX9
%System Root%\excel2k\XLS2KExx.xls
\{computername}\Users\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRdrDCUpd1901020099.msp.NEMTY_PSHIMX9
%System Root%\Python27\Lib\atexit.pyc.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_hashlib.pyd.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_associate.py
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\print_queue.ico.NEMTY_PSHIMX9
%System Root%\powerpoint2k\PPT2KE04.ppt.NEMTY_PSHIMX9
%System Root%\Python27\Lib\argparse.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\future.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\copy.pyc.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203_debug\flashplayer18_0r0_203_mac_sa_debug.dmg.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_sequence.py
%System Root%\Python27\include\eval.h
%System Root%\Python27\Lib\ctypes\test\test_find.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\Email and Password List.js.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\Email and Password List.htm.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_thread.py.NEMTY_PSHIMX9
%System Root%\Python27\include\pythonrun.h
%System Root%\Python27\include\traceback.h
%System Root%\Python27\include\pymactoolbox.h
%System Root%\Python27\Lib\chunk.py
%System Root%\Documents and Settings\NEMTY_PSHIMX9-DECRYPT.txt
\{computername}\Users\All Users\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf.NEMTY_PSHIMX9
%System Root%\Python27\include\warnings.h.NEMTY_PSHIMX9
%System Root%\Python27\include\enumobject.h.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\excel2k\XLS2KExx.xls.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\pyassem.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_functions.py
%System Root%\Email and Password List.vbs.NEMTY_PSHIMX9
%System Root%/pagefile.sys.NEMTY_PSHIMX9
%System Root%\Python27\include\bitset.h.NEMTY_PSHIMX9
%System Root%\Python27\include\pymem.h
%System Root%\Python27\Lib\bsddb\test\test_cursor_pget_bug.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_pickle.py.NEMTY_PSHIMX9
%System Root%\Email and Password List.htm
%System Root%\Python27\DLLs\_msi.pyd.NEMTY_PSHIMX9
%System Root%\Python27\include\pygetopt.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_recno.py
%System Root%\Python27\Lib\ctypes\test\test_prototypes.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203_debug\flashplayer18_0r0_200_macpep_debug.dmg.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\pycodegen.py
%System Root%\Python27\Lib\ctypes\test\test_python_api.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_pointers.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\word2k\DOC2KExx.doc.NEMTY_PSHIMX9
\{computername}\Users\{username}\Searches\Everywhere.search-ms.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_random_things.py
F:\data\photos\long_exposure.jpg.NEMTY_PSHIMX9
%System Root%\Python27\include\pyfpe.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\Lib\cgi.pyc.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_bsddb.pyd.NEMTY_PSHIMX9
%System Root%\Python27\include\code.h
%System Root%\Python27\Lib\ctypes\test\test_pointers.py
%System Root%\excel2k\XLS2KE01.xls
%System Root%\Python27\include\import.h.NEMTY_PSHIMX9
%System Root%\Python27\include\structmember.h
%System Root%\excel2k\XLS2KE03.xls.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_dbshelve.py
%System Root%\Python27\Lib\ctypes\test\test_pickling.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Searches\Indexed Locations.search-ms.NEMTY_PSHIMX9
%System Root%\Python27\Lib\calendar.pyc.NEMTY_PSHIMX9
%System Root%\Python27\Lib\aifc.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\NTUSER.DAT{{GUID}}.TM.blf.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\User Account Pictures\{username}.dat.NEMTY_PSHIMX9
%System Root%\Python27\include\tupleobject.h
%System Root%\Python27\Lib\ConfigParser.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bdb.py
%System Root%\Python27\Lib\bisect.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_incomplete.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_db.py
\{computername}\Users\{username}\Desktop\word2k\DOC2KE05.doc.NEMTY_PSHIMX9
%System Root%\Python27\include\structseq.h.NEMTY_PSHIMX9
%System Root%\Python27\include\pgenheaders.h
%System Root%\Python27\Lib\argparse.pyc
%System Root%\Python27\Lib\compiler\symbols.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\BaseHTTPServer.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KExx.PPT.NEMTY_PSHIMX9
%System Root%\Python27\include\pyport.h.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\word2k\DOC2KE02.doc.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_dbobj.py.NEMTY_PSHIMX9
%System Root%\Python27\include\Python-ast.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_frombuffer.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\visitor.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\dbrecio.py.NEMTY_PSHIMX9
F:\data\tmp.doc.NEMTY_PSHIMX9
%System Root%\Python27\include\pystrtod.h
%System Root%\Python27\include\metagrammar.h.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\winsound.pyd
\{computername}\Users\{username}\Desktop\Email and Password List.txt.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\RAC\StateData\RacDatabase.sdf.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_dbenv.py.NEMTY_PSHIMX9
%System Root%\PerfLogs\NEMTY_PSHIMX9-DECRYPT.txt
\{computername}\Users\{username}\Desktop\word2k\DOC2KExx.doc.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\py.ico
%System Root%\Python27\Lib\asynchat.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE05.ppt.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE00.pot.NEMTY_PSHIMX9
%System Root%\Python27\Lib\argparse.py
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\scan_property.ico.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_random_things.py.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\print_pref.ico.NEMTY_PSHIMX9
%System Root%\Python27\Lib\Bastion.py
%System Root%\powerpoint2k\PPT2KE05.ppt
%System Root%\Python27\include\intobject.h.NEMTY_PSHIMX9
%System Root%\Python27\include\weakrefobject.h
%System Root%\Python27\Lib\bsddb\test\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\include\codecs.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_compare.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\ast.py
%System Root%\Python27\Lib\abc.py
%System Root%\Python27\Lib\ctypes\test\test_numbers.py
%System Root%\Python27\Lib\Bastion.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\include\bytes_methods.h.NEMTY_PSHIMX9
%System Root%\Python27\include\py_curses.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\misc.py.NEMTY_PSHIMX9
%System Root%\excel2k\XLS2KE01.xls.NEMTY_PSHIMX9
%System Root%\Python27\include\graminit.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\future.py
%System Root%\Python27\Lib\BaseHTTPServer.pyc.NEMTY_PSHIMX9
%System Root%\excel2k\XLS2KE05.xls.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\excel2k\XLS2KE01.xls.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bisect.pyc
%System Root%\Python27\Lib\ctypes\test\test_bitfields.py.NEMTY_PSHIMX9
%System Root%\Python27\include\ceval.h.NEMTY_PSHIMX9
%System Root%\Python27\include\pystrcmp.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_dbenv.py
F:\data\photos\long_exposure.jpg
F:\data\dolist.txt.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W.NEMTY_PSHIMX9
%System Root%\Python27\include\patchlevel.h.NEMTY_PSHIMX9
%System Root%\Python27\include\rangeobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bdb.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\cookielib.pyc.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\macholib\dylib.py.NEMTY_PSHIMX9
%System Root%\Python27\include\pgen.h
%System Root%\excel2k\XLS2KE04.xls
%System Root%\Python27\Lib\compiler\syntax.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\cookielib.pyc
%System Root%\Python27\include\objimpl.h.NEMTY_PSHIMX9
\{computername}\Users\{username}\Contacts\{username}.contact.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE03.ppt.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_refcounts.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\uninstall_flashplayer18_0r0_203_mac.dmg.NEMTY_PSHIMX9
%System Root%\Python27\Lib\contextlib.py
%System Root%\Python27\DLLs\_bsddb.pyd
F:\wlines.zip
%System Root%\Python27\Lib\copy.pyc
%System Root%\powerpoint2k\PPT2KE00.pot
%System Root%\Python27\include\pymath.h
%System Root%\Python27\Lib\csv.pyc.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_funcptr.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\Transmag.doc.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\word2k\DOC2KE00.dot.NEMTY_PSHIMX9
%System Root%\Python27\include\pyexpat.h.NEMTY_PSHIMX9
%System Root%\excel2k\XLS2KExx.xls.NEMTY_PSHIMX9
%System Root%\Python27\include\opcode.h.NEMTY_PSHIMX9
F:\wlines.zip.NEMTY_PSHIMX9
%System Root%\Python27\include\graminit.h
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\settings.ico.NEMTY_PSHIMX9
%System Root%\Python27\include\opcode.h
%System Root%\Python27\include\boolobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_arrays.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\contextlib.pyc.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\bz2.pyd
%System Root%\Python27\Lib\copy.py
%System Root%\Python27\Lib\ConfigParser.pyc
%System Root%\powerpoint2k\PPT2KE03.ppt
%System Root%\Python27\Lib\bsddb\test\test_cursor_pget_bug.py
%System Root%\Python27\Lib\asynchat.py
%System Root%\Python27\Lib\codecs.py
%System Root%\Python27\include\tupleobject.h.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\Email and Password List.txt.NEMTY_PSHIMX9
%System Root%\Python27\Lib\cookielib.py.NEMTY_PSHIMX9
%System Root%\Python27\include\objimpl.h
\{computername}\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\word2k\DOC2KE01.doc.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\Lib\collections.py.NEMTY_PSHIMX9
%System Root%\Python27\include\datetime.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\anydbm.py
%System Root%\Python27\Lib\bsddb\test\__init__.py
%System Root%\Python27\include\pydebug.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_memfunctions.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\visitor.py
%System Root%\Python27\Lib\ctypes\test\test_libc.py
%System Root%\Python27\Lib\ctypes\macholib\__init__.py.NEMTY_PSHIMX9
%System Root%\Python27\include\warnings.h
%System Root%\Python27\Lib\audiodev.py
%System Root%\Python27\Lib\cookielib.py
%System Root%\Python27\include\pyerrors.h.NEMTY_PSHIMX9
%System Root%\Python27\include\ucnhash.h.NEMTY_PSHIMX9
%System Root%\Python27\include\timefuncs.h
%System Root%\Python27\include\datetime.h
%System Root%\Python27\Lib\bsddb\dbobj.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_dbobj.py
%System Root%\Python27\Lib\Cookie.py
%System Root%\Python27\Lib\cProfile.py.NEMTY_PSHIMX9
%System Root%\powerpoint2k\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\include\iterobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_array_in_pointer.py
%System Root%\Python27\include\pyport.h
%System Root%\Python27\Lib\ctypes\macholib\dyld.py.NEMTY_PSHIMX9
%System Root%\Python27\include\object.h.NEMTY_PSHIMX9
%System Root%\Python27\include\pymem.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\asyncore.py
%System Root%\Python27\DLLs\_msi.pyd
%System Root%\powerpoint2k\PPT2KE03.ppt.NEMTY_PSHIMX9
%System Root%\Python27\include\Python.h.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE02.ppt.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_returnfuncptrs.py.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\unicodedata.pyd
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\resource.xml.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\__init__.py.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE04.ppt.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\excel2k\XLS2KE05.xls.NEMTY_PSHIMX9
%System Root%\Python27\include\stringobject.h
%System Root%\Python27\Lib\ctypes\test\test_loading.py.NEMTY_PSHIMX9
%System Root%\Program Files\NEMTY_PSHIMX9-DECRYPT.txt
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W.NEMTY_PSHIMX9
%System Root%\Python27\include\ast.h
%System Root%\Python27\Lib\csv.pyc
%System Root%\Python27\Lib\aifc.py
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203_debug\flashplayer18_0r0_203_mac_debug.dmg.NEMTY_PSHIMX9
\{computername}\Users\{username}\ntuser.dat.LOG1.NEMTY_PSHIMX9
%System Root%\Python27\include\genobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\cgitb.py
%System Root%\Python27\Lib\CGIHTTPServer.py
%System Root%\Python27\Lib\compileall.py
%System Root%\Python27\Lib\ctypes\test\runtests.py
%System Root%\Python27\DLLs\bz2.pyd.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\macholib\framework.py.NEMTY_PSHIMX9
%System Root%\Python27\include\pymath.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_delattr.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\__init__.py
%System Root%\Python27\Lib\cgi.py
%System Root%\excel2k\XLS2KE02.xls
%System Root%\Python27\Lib\ctypes\test\test_macholib.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\BaseHTTPServer.pyc
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE03.ppt.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\word2k\DOC2KE02.doc.NEMTY_PSHIMX9
%System Root%\Python27\Lib\codeop.py
%System Root%\Python27\Lib\bsddb\test\test_misc.py
%System Root%\Python27\Lib\contextlib.pyc
%System Root%\Python27\Lib\ctypes\test\test_init.py
\{computername}\Users\{username}\Documents\agent.pyw.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\__init__.py.NEMTY_PSHIMX9
%System Root%\Python27\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\Lib\bsddb\test\test_queue.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive.zip.NEMTY_PSHIMX9
%System Root%\Python27\Lib\copy.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\Email and Password List.js.NEMTY_PSHIMX9
%System Root%\Python27\Lib\calendar.py
%System Root%\Python27\include\unicodeobject.h.NEMTY_PSHIMX9
%System Root%\Python27\include\pymactoolbox.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compileall.pyc.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\OFFICE\DATA\OPA12.BAK.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\IlsCache\imcrcache.xml.NEMTY_PSHIMX9
%System Root%\Email and Password List.js
%System Root%\Python27\include\symtable.h
%System Root%\Python27\Lib\bsddb\test\test_compare.py
%System Root%\Python27\Lib\code.py
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\scan_settings.ico.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_elementtree.pyd.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_cast.py.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\dbobj.py
%System Root%\Python27\include\listobject.h.NEMTY_PSHIMX9
%System Root%\Python27\include\floatobject.h.NEMTY_PSHIMX9
%System Root%\Python27\include\pythread.h
%System Root%\Python27\Lib\ast.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\excel2k\XLS2KE02.xls.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_hashlib.pyd
%System Root%\Python27\Lib\ctypes\test\test_cfuncs.py
%System Root%\Python27\Lib\ctypes\test\test_sizes.py.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_ssl.pyd.NEMTY_PSHIMX9
%System Root%\Python27\include\classobject.h.NEMTY_PSHIMX9
%System Root%\Email and Password List.txt.NEMTY_PSHIMX9
%System Root%\Python27\include\code.h.NEMTY_PSHIMX9
%System Root%\Python27\include\ucnhash.h
%System Root%\Python27\Lib\ctypes\test\test_sizes.py
%System Root%\Python27\Lib\bsddb\dbutils.py
%System Root%\Python27\include\ceval.h
\{computername}\Users\{username}\Desktop\word2k\DOC2KE04.doc.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_fileid.py
%System Root%\Python27\include\token.h
%System Root%\Python27\Lib\code.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\antigravity.py
%System Root%\Python27\Lib\bsddb\test\test_lock.py.NEMTY_PSHIMX9
%System Root%\Python27\include\rangeobject.h
%System Root%\Python27\Lib\audiodev.py.NEMTY_PSHIMX9
%System Root%\Python27\include\sliceobject.h
%System Root%\excel2k\XLS2KE05.xls
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_winax.msi.NEMTY_PSHIMX9
%System Root%\powerpoint2k\PPT2KE02.ppt
%System Root%\Python27\include\frameobject.h.NEMTY_PSHIMX9
%System Root%\Python27\include\symtable.h.NEMTY_PSHIMX9
%System Root%\Python27\include\patchlevel.h
%System Root%\Python27\Lib\bsddb\dbutils.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_compat.py
%System Root%\Python27\include\setobject.h
%System Root%\Python27\Lib\codecs.pyc
%System Root%\Python27\Lib\ast.py
%System Root%\Python27\include\sliceobject.h.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\pyc.ico
%System Root%\Python27\include\pystate.h
%System Root%\Python27\include\abstract.h
%System Root%\Python27\Lib\copy_reg.py
%System Root%\Python27\include\cellobject.h
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\ringtones.ico.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\excel2k\XLS2KE03.xls.NEMTY_PSHIMX9
%System Root%\Python27\include\traceback.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_lock.py
%System Root%\Python27\include\pystate.h.NEMTY_PSHIMX9
%System Root%\Python27\include\pyarena.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\transformer.py
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KExx.PPT.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\excel2k\XLS2KExx.xls.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\db.py
F:\data\photos\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\include\longobject.h.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Network\Downloader\qmgr1.dat.NEMTY_PSHIMX9
%System Root%\Python27\include\cobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\abc.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_misc.py.NEMTY_PSHIMX9
%System Root%\Python27\include\genobject.h
%System Root%\Python27\Lib\base64.pyc
%System Root%\Python27\include\funcobject.h
%System Root%\Python27\Lib\cmd.py.NEMTY_PSHIMX9
%System Root%\Python27\include\pythonrun.h.NEMTY_PSHIMX9
%System Root%\Python27\include\timefuncs.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\commands.py
%System Root%\Python27\Lib\compiler\pycodegen.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_frombuffer.py
%System Root%\Python27\Lib\ctypes\test\test_prototypes.py
%System Root%\Python27\Lib\ctypes\macholib\dyld.py
F:\data\photos\stunning.jpg.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\Email and Password List.htm.NEMTY_PSHIMX9
%System Root%\Python27\include\enumobject.h
%System Root%\Python27\Lib\bsddb\test\test_early_close.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\note.txt.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\Email and Password List.vbs.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_pickling.py
%System Root%\Python27\Lib\ctypes\test\test_repr.py
%System Root%\Python27\Lib\cProfile.py
\{computername}\Users\{username}\Documents\excel2k\XLS2KE01.xls.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\word2k\DOC2KE01.doc.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_distributed_transactions.py
%System Root%\Python27\Lib\compiler\misc.py
%System Root%\Python27\include\cStringIO.h
%System Root%\Python27\include\marshal.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_anon.py
%System Root%\Python27\Lib\cgitb.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_callbacks.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_get_none.py.NEMTY_PSHIMX9
%System Root%\Python27\include\bytes_methods.h
F:\data\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Email and Password List.htm.NEMTY_PSHIMX9
%System Root%\Python27\Lib\argparse.pyc.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_socket.pyd
%System Root%\excel2k\XLS2KE04.xls.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\excel2k\XLS2KE02.xls.NEMTY_PSHIMX9
%System Root%\Python27\Lib\copy_reg.py.NEMTY_PSHIMX9
%System Root%\Python27\include\weakrefobject.h.NEMTY_PSHIMX9
%System Root%\Python27\include\ast.h.NEMTY_PSHIMX9
%System Root%\Python27\include\fileobject.h.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_keeprefs.py.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp.NEMTY_PSHIMX9
%System Root%\Python27\include\longobject.h
%System Root%\Python27\include\methodobject.h
%System Root%\Python27\Lib\compileall.pyc
%System Root%\Python27\include\pyarena.h
%System Root%\Python27\Lib\bsddb\test\test_join.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\collections.pyc.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\sync.ico.NEMTY_PSHIMX9
%System Root%\Python27\include\cStringIO.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\dbshelve.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_cast.py
%System Root%\Python27\DLLs\_ctypes.pyd
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\pictures.ico.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE00.pot.NEMTY_PSHIMX9
%System Root%\Python27\Lib\calendar.pyc
%System Root%\excel2k\XLS2KE03.xls
%System Root%\Python27\include\parsetok.h.NEMTY_PSHIMX9
%System Root%\Python27\include\dtoa.h
%System Root%\Python27\Lib\bsddb\test\test_compat.py.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_elementtree.pyd
%System Root%\Python27\Lib\ctypes\test\test_simplesubclasses.py.NEMTY_PSHIMX9
%System Root%\Python27\include\pyconfig.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_associate.py.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_multiprocessing.pyd
%System Root%\Python27\Lib\bsddb\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\Lib\bsddb\test\test_all.py
%System Root%\Python27\Lib\ctypes\test\test_keeprefs.py
%System Root%\Python27\include\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\powerpoint2k\PPT2KE02.ppt.NEMTY_PSHIMX9
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_win.msi.NEMTY_PSHIMX9
%System Root%\Python27\include\descrobject.h
%System Root%\Python27\include\longintrepr.h
%System Root%\Python27\Lib\ctypes\test\test_refcounts.py
%System Root%\Python27\Lib\bsddb\test\test_all.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_delattr.py
%System Root%\Python27\Lib\ctypes\test\test_libc.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_basics.py.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\print_property.ico.NEMTY_PSHIMX9
%System Root%\Python27\Lib\calendar.py.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\word2k\DOC2KE00.dot.NEMTY_PSHIMX9
%System Root%\Python27\include\pyctype.h
%System Root%\Python27\Lib\ctypes\test\test_errno.py
%System Root%\excel2k\XLS2KE02.xls.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_checkretval.py.NEMTY_PSHIMX9
%System Root%\Python27\include\cellobject.h.NEMTY_PSHIMX9
%System Root%\Python27\include\dictobject.h
%System Root%\Python27\include\moduleobject.h
%System Root%\Python27\Lib\atexit.py
%System Root%\Python27\Lib\bsddb\dbrecio.py
\{computername}\Users\{username}\Desktop\Email and Password List.vbs.NEMTY_PSHIMX9
%System Root%\Python27\Lib\antigravity.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\copy_reg.pyc.NEMTY_PSHIMX9
%System Root%\powerpoint2k\PPT2KE05.ppt.NEMTY_PSHIMX9
%System Root%\Python27\include\osdefs.h
%System Root%\Python27\Lib\ctypes\test\test_parameters.py
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\__init__.py
%System Root%\Python27\include\intrcheck.h.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\OFFICE\Groove\Installed_resources.xss.NEMTY_PSHIMX9
%System Root%\Python27\include\eval.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\macholib\__init__.py
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE02.ppt.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_funcptr.py
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_db.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_pep3118.py.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_ssl.pyd
%System Root%\Python27\Lib\bsddb\test\test_dbtables.py.NEMTY_PSHIMX9
%System Root%\Python27\include\pyfpe.h
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE05.ppt.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_anon.py.NEMTY_PSHIMX9
%System Root%\Python27\include\pycapsule.h.NEMTY_PSHIMX9
%System Root%\Python27\include\setobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_sequence.py.NEMTY_PSHIMX9
%System Root%\powerpoint2k\PPT2KE01.ppt
%System Root%\Python27\include\listobject.h
%System Root%\Python27\include\modsupport.h.NEMTY_PSHIMX9
%System Root%\Python27\include\intobject.h
%System Root%\Python27\Lib\bsddb\test\test_fileid.py.NEMTY_PSHIMX9
%System Root%\Python27\include\pyctype.h.NEMTY_PSHIMX9
%System Root%\Email and Password List.vbs
%System Root%\Python27\include\descrobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\asyncore.py.NEMTY_PSHIMX9
%System Root%\Python27\include\sysmodule.h
%System Root%\Python27\Lib\Cookie.py.NEMTY_PSHIMX9
%System Root%\Python27\include\memoryobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_as_parameter.py.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_ctypes_test.pyd.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_ctypes.pyd.NEMTY_PSHIMX9
%System Root%\Email and Password List.txt
%System Root%\Python27\Lib\ctypes\test\test_incomplete.py
%System Root%\Python27\include\bytearrayobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_dbtables.py
\{computername}\Users\All Users\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat.NEMTY_PSHIMX9
%System Root%\Python27\include\Python-ast.h
%System Root%\Python27\DLLs\pyexpat.pyd
%System Root%\Python27\include\grammar.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\BaseHTTPServer.py
%System Root%\Python27\include\fileobject.h
%System Root%\Python27\Lib\compiler\consts.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\ast.py.NEMTY_PSHIMX9
%System Root%\Python27\include\errcode.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_cfuncs.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\codecs.pyc.NEMTY_PSHIMX9
%System Root%\Python27\include\moduleobject.h.NEMTY_PSHIMX9
%System Root%\powerpoint2k\PPT2KExx.PPT.NEMTY_PSHIMX9
%System Root%\Python27\Lib\bsddb\test\test_replication.py
%System Root%\Python27\include\osdefs.h.NEMTY_PSHIMX9
%System Root%\Python27\include\py_curses.h
%Program Files%\NEMTY_PSHIMX9-DECRYPT.txt
\{computername}\Users\All Users\Microsoft\OFFICE\MySharePoints.ico.NEMTY_PSHIMX9
%System Root%\Python27\include\structmember.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\compiler\NEMTY_PSHIMX9-DECRYPT.txt
%System Root%\Python27\DLLs\_sqlite3.pyd.NEMTY_PSHIMX9
\{computername}\Users\All Users\Microsoft\OFFICE\Groove\SketchPadTestSchema.xml.NEMTY_PSHIMX9
%System Root%\Python27\DLLs\_testcapi.pyd.NEMTY_PSHIMX9
\{computername}\Users\{username}\Desktop\word2k\DOC2KE03.doc.NEMTY_PSHIMX9
%System Root%\Python27\include\complexobject.h.NEMTY_PSHIMX9
%System Root%\Python27\include\pycapsule.h
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_mac.dmg.NEMTY_PSHIMX9
%System Root%\Python27\Lib\cgi.pyc
\{computername}\Users\{username}\Desktop\excel2k\XLS2KE03.xls.NEMTY_PSHIMX9
%System Root%\Python27\Lib\base64.pyc.NEMTY_PSHIMX9
%System Root%\Python27\include\pymacconfig.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\binhex.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\collections.pyc
%System Root%\Python27\DLLs\_tkinter.pyd
%System Root%\Python27\Lib\ctypes\test\test_internals.py
%System Root%\Python27\Doc\python2715.chm.NEMTY_PSHIMX9
%System Root%\Python27\include\bytesobject.h.NEMTY_PSHIMX9
%System Root%\Python27\include\methodobject.h.NEMTY_PSHIMX9
%System Root%\Python27\Lib\colorsys.py
%System Root%\Python27\Lib\ctypes\test\test_byteswap.py.NEMTY_PSHIMX9
%System Root%\Python27\Lib\ctypes\test\test_memfunctions.py
%System Root%\Python27\include\structseq.h
ファイルが表示されたら、そのファイルを選択し、SHIFT+DELETE を押します。これにより、ファイルが完全に削除されます。
註：Windows 7 において上記の手順が正しく行われない場合、マイクロソフトのWebサイトをご確認ください。

手順 6

コンピュータを通常モードで再起動し、最新のバージョン（エンジン、パターンファイル）を導入したウイルス対策製品を用い、「Trojan.AutoIt.SONBOKLI.USXVPAE20」と検出したファイルの検索を実行してください。検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。

手順 7

以下のファイルをバックアップを用いて修復します。マイクロソフト製品に関連したファイルのみに修復されます。このマルウェアが同社製品以外のプログラムをも削除した場合には、該当プログラムを再度インストールする必要があります。

%System Root%\pagefile.sys
%System Root%\Python27\include\pymath.h
%System Root%\Python27\Lib\ctypes\test\test_python_api.py
%System Root%\Python27\include\funcobject.h
%System Root%\Python27\Lib\ctypes\test\test_prototypes.py
%System Root%\Python27\Lib\commands.py
%System Root%\Python27\include\bytearrayobject.h
%System Root%\Python27\Lib\ctypes\test\test_checkretval.py
%System Root%\Python27\include\errcode.h
%System Root%\Python27\Lib\ctypes\test\test_frombuffer.py
%System Root%\Python27\Lib\ctypes\macholib\dyld.py
%System Root%\Python27\include\graminit.h
%System Root%\Python27\Lib\compiler\syntax.py
%System Root%\Python27\include\node.h
%System Root%\Python27\include\opcode.h
F:\data\dolist.txt
%System Root%\Python27\include\enumobject.h
%System Root%\Python27\include\bytesobject.h
%System Root%\Python27\Lib\bsddb\test\test_join.py
%System Root%\Python27\Lib\ctypes\test\test_bitfields.py
%System Root%\Python27\Lib\ctypes\test\test_pickling.py
%System Root%\Python27\Lib\cProfile.py
%System Root%\Python27\Lib\ctypes\test\test_repr.py
%System Root%\Python27\Lib\copy.py
%System Root%\Python27\Lib\ConfigParser.pyc
%System Root%\powerpoint2k\PPT2KE03.ppt
%System Root%\Python27\include\pystrcmp.h
%System Root%\Python27\Lib\bsddb\test\test_cursor_pget_bug.py
%System Root%\Python27\Lib\bsddb\test\test_distributed_transactions.py
%System Root%\Python27\Lib\compiler\misc.py
%System Root%\Python27\Doc\python2715.chm
%System Root%\Python27\include\cStringIO.h
%System Root%\Python27\Lib\asynchat.py
%System Root%\Python27\Lib\atexit.pyc
%System Root%\Python27\Lib\ctypes\test\test_anon.py
%System Root%\powerpoint2k\PPT2KExx.PPT
%System Root%\powerpoint2k\PPT2KE04.ppt
%System Root%\Python27\Lib\abc.pyc
%System Root%\Python27\Lib\codecs.py
%System Root%\Python27\include\bytes_methods.h
%System Root%\Python27\Lib\csv.py
%System Root%\Python27\include\objimpl.h
%System Root%\Python27\include\parsetok.h
%System Root%\Python27\include\Python.h
%System Root%\Python27\Lib\bsddb\test\test_get_none.py
%System Root%\Python27\Lib\anydbm.py
%System Root%\Python27\include\iterobject.h
%System Root%\Python27\Lib\ConfigParser.py
%System Root%\Python27\Lib\ctypes\test\test_find.py
%System Root%\Python27\include\compile.h
%System Root%\Python27\Lib\bsddb\test\__init__.py
%System Root%\Python27\Lib\ctypes\test\test_byteswap.py
F:\data\tmp.doc
%System Root%\Python27\Lib\compiler\consts.py
%System Root%\excel2k\XLS2KExx.xls
%System Root%\Python27\Lib\compiler\visitor.py
%System Root%\Python27\Lib\bsddb\test\test_associate.py
%System Root%\Python27\Lib\ctypes\test\test_libc.py
%System Root%\Python27\include\warnings.h
%System Root%\Python27\Lib\audiodev.py
%System Root%\Python27\Lib\cookielib.py
%System Root%\Python27\include\longobject.h
%System Root%\Python27\include\methodobject.h
%System Root%\Python27\include\timefuncs.h
%System Root%\Python27\include\datetime.h
%System Root%\Python27\Lib\compileall.pyc
%System Root%\Python27\include\pyarena.h
%System Root%\Python27\Lib\bsddb\test\test_dbobj.py
%System Root%\Python27\Lib\Cookie.py
%System Root%\Python27\Lib\ctypes\test\test_callbacks.py
%System Root%\Python27\Lib\ctypes\test\test_returnfuncptrs.py
%System Root%\Python27\include\modsupport.h
%System Root%\Python27\include\eval.h
%System Root%\Python27\Lib\bsddb\test\test_sequence.py
%System Root%\Python27\Lib\ctypes\test\test_array_in_pointer.py
%System Root%\Python27\include\pyport.h
%System Root%\Python27\Lib\ctypes\test\test_cast.py
%System Root%\Python27\include\codecs.h
%System Root%\Python27\include\unicodeobject.h
%System Root%\Python27\Lib\calendar.pyc
%System Root%\Python27\include\pythonrun.h
%System Root%\excel2k\XLS2KE03.xls
%System Root%\Python27\Lib\asyncore.py
%System Root%\Python27\include\traceback.h
%System Root%\Python27\DLLs\_msi.pyd
%System Root%\Python27\include\dtoa.h
%System Root%\Python27\include\pymactoolbox.h
%System Root%\Python27\Lib\chunk.py
%System Root%\Python27\DLLs\_elementtree.pyd
%System Root%\Python27\Lib\ctypes\test\test_functions.py
%System Root%\excel2k\XLS2KE00.xlt
%System Root%\Python27\DLLs\unicodedata.pyd
%System Root%\Python27\Lib\bsddb\dbtables.py
%System Root%\Python27\Lib\bsddb\test\test_pickle.py
%System Root%\Python27\DLLs\_multiprocessing.pyd
%System Root%\Python27\include\stringobject.h
%System Root%\Python27\include\pymem.h
%System Root%\Email and Password List.htm
%System Root%\Python27\Lib\bsddb\test\test_all.py
%System Root%\Python27\Lib\ctypes\test\test_keeprefs.py
%System Root%\Python27\include\ast.h
%System Root%\Python27\Lib\csv.pyc
%System Root%\Python27\Lib\aifc.py
%System Root%\Python27\Lib\cmd.py
%System Root%\Python27\DLLs\_sqlite3.pyd
%System Root%\Python27\include\descrobject.h
%System Root%\Python27\include\longintrepr.h
%System Root%\Python27\Lib\ctypes\test\test_refcounts.py
%System Root%\Python27\Lib\cgitb.py
%System Root%\Python27\Lib\bsddb\test\test_recno.py
%System Root%\Python27\Lib\CGIHTTPServer.py
%System Root%\Python27\Lib\compileall.py
%System Root%\Python27\Lib\ctypes\test\runtests.py
%System Root%\Python27\include\asdl.h
%System Root%\Python27\Lib\compiler\pycodegen.py
%System Root%\Python27\include\complexobject.h
%System Root%\Python27\Lib\ctypes\test\test_delattr.py
%System Root%\Python27\Lib\bsddb\__init__.py
%System Root%\Python27\Lib\cgi.py
%System Root%\excel2k\XLS2KE02.xls
%System Root%\Python27\Lib\base64.pyc
%System Root%\Python27\Lib\BaseHTTPServer.pyc
%System Root%\Python27\Lib\ctypes\test\test_random_things.py
%System Root%\Python27\Lib\ctypes\test\test_simplesubclasses.py
%System Root%\Python27\Lib\base64.py
%System Root%\Python27\Lib\codeop.py
%System Root%\Python27\Lib\bsddb\test\test_misc.py
%System Root%\Python27\Lib\contextlib.pyc
%System Root%\Python27\Lib\ctypes\test\test_init.py
%System Root%\Python27\include\pyctype.h
%System Root%\Python27\include\cobject.h
%System Root%\Python27\Lib\ctypes\test\test_pointers.py
%System Root%\Python27\include\code.h
%System Root%\excel2k\XLS2KE01.xls
%System Root%\Python27\Lib\ctypes\test\test_errno.py
%System Root%\Python27\Lib\ctypes\test\test_macholib.py
%System Root%\Python27\Lib\ctypes\test\test_buffers.py
%System Root%\Python27\include\dictobject.h
%System Root%\Python27\include\moduleobject.h
%System Root%\Python27\include\structmember.h
%System Root%\Python27\Lib\ctypes\test\test_as_parameter.py
%System Root%\Python27\Lib\atexit.py
%System Root%\Python27\Lib\calendar.py
%System Root%\Python27\Lib\bsddb\dbrecio.py
%System Root%\Python27\Lib\bsddb\test\test_dbshelve.py
%System Root%\Python27\Lib\bsddb\dbshelve.py
%System Root%\Python27\Lib\ctypes\test\test_pep3118.py
%System Root%\Python27\include\osdefs.h
%System Root%\Python27\Lib\ctypes\test\test_parameters.py
%System Root%\Python27\Lib\compiler\__init__.py
%System Root%\Python27\Lib\ctypes\test\test_arrays.py
%System Root%\Python27\Lib\compiler\pyassem.py
%System Root%\Python27\DLLs\_testcapi.pyd
%System Root%\Python27\include\pyconfig.h
%System Root%\Email and Password List.js
%System Root%\Python27\Lib\ctypes\macholib\framework.py
%System Root%\Python27\include\symtable.h
%System Root%\Python27\Lib\ctypes\macholib\__init__.py
%System Root%\Python27\include\pyexpat.h
%System Root%\Python27\include\tupleobject.h
%System Root%\Python27\Lib\ctypes\test\test_funcptr.py
%System Root%\Python27\Lib\bsddb\test\test_compare.py
%System Root%\Python27\include\pyfpe.h
%System Root%\Python27\Lib\bdb.py
%System Root%\Python27\Lib\binhex.py
%System Root%\Python27\Lib\code.py
%System Root%\Python27\Lib\bsddb\test\test_db.py
%System Root%\powerpoint2k\PPT2KE01.ppt
%System Root%\Python27\include\listobject.h
%System Root%\Python27\include\pythread.h
%System Root%\Python27\Lib\bsddb\dbobj.py
%System Root%\Python27\include\pgenheaders.h
%System Root%\Python27\Lib\argparse.pyc
%System Root%\Python27\DLLs\_ctypes_test.pyd
%System Root%\Python27\Lib\compiler\symbols.py
%System Root%\Python27\Lib\ctypes\test\test_cfuncs.py
%System Root%\Python27\include\intobject.h
%System Root%\Email and Password List.vbs
%System Root%\Python27\Lib\collections.py
%System Root%\Python27\include\memoryobject.h
%System Root%\Python27\Lib\bsddb\test\test_queue.py
%System Root%\Python27\Lib\bsddb\test\test_basics.py
%System Root%\Python27\Lib\Cookie.pyc
%System Root%\Python27\include\ucnhash.h
%System Root%\Python27\include\pystrtod.h
%System Root%\Python27\Lib\ctypes\test\test_sizes.py
%System Root%\Python27\Lib\bsddb\dbutils.py
%System Root%\Python27\DLLs\winsound.pyd
%System Root%\Python27\include\classobject.h
%System Root%\Python27\include\intrcheck.h
%System Root%\Python27\include\sysmodule.h
%System Root%\Python27\Lib\copy_reg.pyc
%System Root%\Python27\Lib\bisect.py
%System Root%\Python27\Lib\ctypes\test\test_loading.py
F:\data\photos\stunning.jpg
%System Root%\Python27\include\bufferobject.h
%System Root%\Python27\include\ceval.h
%System Root%\Python27\Lib\bsddb\test\test_fileid.py
%System Root%\Python27\DLLs\py.ico
%System Root%\Python27\include\floatobject.h
%System Root%\Python27\include\token.h
%System Root%\Python27\Lib\argparse.py
%System Root%\Email and Password List.txt
%System Root%\Python27\Lib\ctypes\test\test_incomplete.py
%System Root%\Python27\Lib\antigravity.py
%System Root%\Python27\Lib\bsddb\test\test_dbtables.py
%System Root%\Python27\include\rangeobject.h
%System Root%\Python27\Lib\Bastion.py
%System Root%\Python27\Lib\ctypes\test\test_objects.py
%System Root%\powerpoint2k\PPT2KE05.ppt
%System Root%\Python27\include\sliceobject.h
%System Root%\Python27\include\weakrefobject.h
%System Root%\Python27\Lib\compiler\ast.py
%System Root%\Python27\include\Python-ast.h
%System Root%\excel2k\XLS2KE05.xls
%System Root%\Python27\Lib\ctypes\test\test_numbers.py
%System Root%\Python27\Lib\abc.py
%System Root%\Python27\Lib\BaseHTTPServer.py
%System Root%\powerpoint2k\PPT2KE02.ppt
%System Root%\Python27\include\fileobject.h
%System Root%\Python27\include\patchlevel.h
%System Root%\Python27\include\bitset.h
%System Root%\Python27\include\boolobject.h
%System Root%\Python27\include\setobject.h
%System Root%\Python27\Lib\bsddb\test\test_compat.py
%System Root%\Python27\Lib\bsddb\test\test_thread.py
%System Root%\Python27\Lib\codecs.pyc
%System Root%\Python27\Lib\compiler\future.py
%System Root%\Python27\Lib\ast.py
%System Root%\Python27\Lib\bisect.pyc
%System Root%\Python27\DLLs\pyc.ico
%System Root%\Python27\include\pyerrors.h
%System Root%\Python27\include\pystate.h
%System Root%\Python27\include\py_curses.h
%System Root%\Python27\Lib\bsddb\test\test_dbenv.py
%System Root%\Python27\Lib\bsddb\test\test_replication.py
F:\data\photos\long_exposure.jpg
%System Root%\Python27\include\abstract.h
%System Root%\Python27\include\marshal.h
%System Root%\Python27\Lib\copy_reg.py
%System Root%\Python27\include\object.h
%System Root%\Python27\include\cellobject.h
%System Root%\Python27\include\pydebug.h
%System Root%\Python27\include\pgen.h
%System Root%\Python27\Lib\bsddb\test\test_lock.py
%System Root%\excel2k\XLS2KE04.xls
%System Root%\Python27\include\pycapsule.h
%System Root%\Python27\Lib\cookielib.pyc
%System Root%\Python27\Lib\cgi.pyc
%System Root%\Python27\Lib\compiler\transformer.py
%System Root%\Python27\include\pymacconfig.h
%System Root%\Python27\Lib\collections.pyc
%System Root%\Python27\Lib\contextlib.py
%System Root%\Python27\DLLs\_tkinter.pyd
%System Root%\Python27\Lib\ctypes\test\test_internals.py
%System Root%\Python27\DLLs\_bsddb.pyd
F:\wlines.zip
%System Root%\Python27\include\import.h
%System Root%\Python27\Lib\bsddb\db.py
%System Root%\powerpoint2k\PPT2KE00.pot
%System Root%\Python27\include\pygetopt.h
%System Root%\Python27\Lib\copy.pyc
%System Root%\Python27\Lib\colorsys.py
%System Root%\Python27\Lib\bsddb\test\test_early_close.py
%System Root%\Python27\Lib\ctypes\macholib\dylib.py
%System Root%\Python27\Lib\ctypes\test\test_memfunctions.py
%System Root%\Python27\include\metagrammar.h
%System Root%\Python27\include\structseq.h
%System Root%\Python27\include\genobject.h
%System Root%\Python27\include\grammar.h
%System Root%\Python27\include\frameobject.h

手順 8

以下のファイルをバックアップを用いて修復します。なお、マイクロソフト製品に関連したファイルのみ修復されます。このマルウェア／グレイウェア／スパイウェアが同社製品以外のプログラムをも削除した場合には、該当プログラムを再度インストールする必要があります。

\{computername}\Users\{username}\Desktop\excel2k\XLS2KE03.xls
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\tasks.xml
\{computername}\Users\{username}\Searches\Indexed Locations.search-ms
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\folder.ico
\{computername}\Users\All Users\Microsoft\Network\Downloader\qmgr1.dat
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\scan_settings.ico
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\en-US\resource.xml
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE03.ppt
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\uninstall_flashplayer18_0r0_203_mac.dmg
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE01.ppt
\{computername}\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE04.ppt
\{computername}\Users\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRead.msi
\{computername}\Users\{username}\usb_drive.img
\{computername}\Users\All Users\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_win.msi
\{computername}\Users\{username}\Documents\word2k\DOC2KE02.doc
\{computername}\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp
\{computername}\Users\All Users\Microsoft\RAC\StateData\RacDatabase.sdf
\{computername}\Users\All Users\Microsoft\OFFICE\SharePointPortalSite.ico
\{computername}\Users\{username}\NTUSER.DAT{{GUID}}.TM.blf
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H
\{computername}\Users\{username}\Desktop\Transmag.doc
\{computername}\Users\{username}\Desktop\note.txt
\{computername}\Users\All Users\Microsoft\OFFICE\SharePointTeamSite.ico
\{computername}\Users\{username}\Documents\agent.pyw
\{computername}\Users\{username}\Documents\word2k\DOC2KExx.doc
\{computername}\Users\{username}\Desktop\Email and Password List.txt
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE01.ppt
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE04.ppt
\{computername}\Users\{username}\Desktop\excel2k\XLS2KExx.xls
\{computername}\Users\{username}\Desktop\excel2k\XLS2KE05.xls
\{computername}\Users\{username}\Searches\Everywhere.search-ms
\{computername}\Users\{username}\Desktop\AAljoOV.jpg
\{computername}\Users\All Users\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf
\{computername}\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp
\{computername}\Users\All Users\Microsoft\RAC\StateData\RacMetaData.dat
\{computername}\Users\All Users\McAfee\WinCore\persist.mtk
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\pictures.ico
\{computername}\Users\All Users\Microsoft\OFFICE\Groove\Installed_resources.xss
\{computername}\Users\{username}\Desktop\excel2k\XLS2KE02.xls
\{computername}\Users\All Users\Microsoft\IlsCache\ilrcache.xml
\{computername}\Users\{username}\Documents\Email and Password List.htm
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\resource.xml
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\settings.ico
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\print_pref.ico
\{computername}\Users\{username}\Documents\excel2k\XLS2KE02.xls
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE02.ppt
\{computername}\Users\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRdrDCUpd1901020099.msp
\{computername}\Users\{username}\Documents\word2k\DOC2KE04.doc
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive.zip
\{computername}\Users\All Users\Microsoft\OFFICE\DATA\OPA12.BAK
\{computername}\Users\{username}\NTUSER.DAT{{GUID}}.TMContainer00000000000000000002.regtrans-ms
\{computername}\Users\All Users\Microsoft\RAC\StateData\RacWmiEventData.dat
\{computername}\Users\{username}\Documents\excel2k\XLS2KE04.xls
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE03.ppt
\{computername}\Users\{username}\Documents\excel2k\XLS2KE00.xlt
\{computername}\Users\{username}\Documents\word2k\DOC2KE00.dot
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W
\{computername}\Users\{username}\Desktop\word2k\DOC2KE01.doc
\{computername}\Users\{username}\Documents\word2k\DOC2KE03.doc
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\print_queue.ico
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE05.ppt
\{computername}\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE00.pot
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\print_property.ico
\{computername}\Users\{username}\Documents\word2k\DOC2KE01.doc
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KExx.PPT
\{computername}\Users\{username}\Desktop\word2k\DOC2KE03.doc
\{computername}\Users\{username}\Desktop\word2k\DOC2KE04.doc
\{computername}\Users\{username}\Desktop\word2k\DOC2KExx.doc
\{computername}\Users\All Users\Microsoft\OFFICE\DATA\opa12.dat
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\sync.ico
%System Root%/pagefile.sys
\{computername}\Users\{username}\Documents\Email and Password List.vbs
\{computername}\Users\{username}\Desktop\Email and Password List.js
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203_debug\flashplayer18_0r0_200_macpep_debug.dmg
\{computername}\Users\{username}\Desktop\word2k\DOC2KE00.dot
\{computername}\Users\{username}\ntuser.dat.LOG1
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KExx.PPT
\{computername}\Users\{username}\Desktop\word2k\DOC2KE02.doc
\{computername}\Users\{username}\Documents\excel2k\XLS2KE05.xls
\{computername}\Users\{username}\Documents\Email and Password List.txt
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\ringtones.ico
\{computername}\Users\{username}\Documents\Email and Password List.js
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE00.pot
\{computername}\Users\All Users\Microsoft\User Account Pictures\{username}.dat
\{computername}\Users\{username}\Contacts\{username}.contact
\{computername}\Users\All Users\Microsoft\IlsCache\imcrcache.xml
\{computername}\Users\{username}\Desktop\excel2k\XLS2KE01.xls
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck
\{computername}\Users\{username}\Desktop\excel2k\XLS2KE04.xls
\{computername}\Users\{username}\Desktop\Email and Password List.vbs
\{computername}\Users\{username}\Documents\word2k\DOC2KE05.doc
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\scan_.ico
\{computername}\Users\{username}\Documents\excel2k\XLS2KE03.xls
\{computername}\Users\{username}\ntuser.dat.LOG2
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\scan_property.ico
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_winax.msi
\{computername}\Users\All Users\Microsoft\MF\Active.GRL
\{computername}\Users\All Users\Microsoft\Network\Downloader\qmgr0.dat
\{computername}\Users\All Users\Microsoft\OFFICE\MySite.ico
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203_debug\flashplayer18_0r0_203_mac_debug.dmg
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_200_macpep.dmg
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_mac.dmg
\{computername}\Users\All Users\Microsoft\OFFICE\Groove\SketchPadTestSchema.xml
\{computername}\Users\All Users\Microsoft\MF\Pending.GRL
\{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE02.ppt
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\wmp.ico
\{computername}\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W
\{computername}\Users\{username}\Documents\excel2k\XLS2KExx.xls
\{computername}\Users\All Users\Microsoft\OFFICE\Groove\Installed_schemas.xss
\{computername}\Users\{username}\Desktop\excel2k\XLS2KE00.xlt
\{computername}\Users\{username}\Desktop\Email and Password List.htm
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203_debug\flashplayer18_0r0_203_mac_sa_debug.dmg
\{computername}\Users\All Users\Microsoft\OFFICE\MySharePoints.ico
\{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE05.ppt
\{computername}\Users\{username}\NTUSER.DAT{{GUID}}.TMContainer00000000000000000001.regtrans-ms
\{computername}\Users\{username}\Desktop\word2k\DOC2KE05.doc
\{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_mac_pkg.dmg
\{computername}\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp
\{computername}\Users\All Users\Microsoft\OFFICE\DocumentRepository.ico
\{computername}\Users\{username}\Documents\excel2k\XLS2KE01.xls
\{computername}\Users\All Users\Microsoft\Device Stage\Task\{{GUID}}\netfol.ico

ご利用はいかがでしたか？　アンケートにご協力ください