Technical Information
- Command Prompt (CMD)
- Windows Task Manager (Taskmgr)
- Registry Editor (RegEdit)
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoRun' = '00000001'
- %HOMEPATH%\desktop\000814251_video_01.avi
- %HOMEPATH%\desktop\adhd_and_obesity.docx
- %HOMEPATH%\desktop\coffee.bmp
- %HOMEPATH%\desktop\applicantform_en.doc
- %HOMEPATH%\desktop\cveuropeo.doc
- %HOMEPATH%\desktop\glidescope_review_rev_010.docx
- %HOMEPATH%\desktop\join.avi
- %HOMEPATH%\desktop\pmd.cer
- %HOMEPATH%\desktop\sdszfo.docx
- %HOMEPATH%\desktop\thlps_keeper_mayer_1965.docx
- %HOMEPATH%\desktop\uep_form_786_bulletin_1726i602.doc
- %HOMEPATH%\desktop\weeklysheet1215.doc
- %LOCALAPPDATA%\google\chrome\user data\default\cookies
- %LOCALAPPDATA%\google\chrome\user data\default\login data
- %HOMEPATH%\desktop\pay2decrypt1.txt
- %HOMEPATH%\desktop\pay2decrypt74.txt
- %HOMEPATH%\desktop\pay2decrypt73.txt
- %HOMEPATH%\desktop\pay2decrypt72.txt
- %HOMEPATH%\desktop\pay2decrypt71.txt
- %HOMEPATH%\desktop\pay2decrypt70.txt
- %HOMEPATH%\desktop\pay2decrypt69.txt
- %HOMEPATH%\desktop\pay2decrypt68.txt
- %HOMEPATH%\desktop\pay2decrypt67.txt
- %HOMEPATH%\desktop\pay2decrypt66.txt
- %HOMEPATH%\desktop\pay2decrypt65.txt
- %HOMEPATH%\desktop\pay2decrypt64.txt
- %HOMEPATH%\desktop\pay2decrypt63.txt
- %HOMEPATH%\desktop\pay2decrypt62.txt
- %HOMEPATH%\desktop\pay2decrypt61.txt
- %HOMEPATH%\desktop\pay2decrypt60.txt
- %HOMEPATH%\desktop\pay2decrypt59.txt
- %HOMEPATH%\desktop\pay2decrypt58.txt
- %HOMEPATH%\desktop\pay2decrypt57.txt
- %HOMEPATH%\desktop\pay2decrypt56.txt
- %HOMEPATH%\desktop\pay2decrypt55.txt
- %HOMEPATH%\desktop\pay2decrypt54.txt
- %HOMEPATH%\desktop\pay2decrypt52.txt
- %HOMEPATH%\desktop\pay2decrypt53.txt
- %HOMEPATH%\desktop\pay2decrypt75.txt
- %HOMEPATH%\desktop\pay2decrypt76.txt
- %HOMEPATH%\desktop\pay2decrypt98.txt
- %HOMEPATH%\desktop\pay2decrypt97.txt
- %HOMEPATH%\desktop\pay2decrypt96.txt
- %HOMEPATH%\desktop\pay2decrypt95.txt
- %HOMEPATH%\desktop\pay2decrypt94.txt
- %HOMEPATH%\desktop\pay2decrypt93.txt
- %HOMEPATH%\desktop\pay2decrypt92.txt
- %HOMEPATH%\desktop\pay2decrypt91.txt
- %HOMEPATH%\desktop\pay2decrypt90.txt
- %HOMEPATH%\desktop\pay2decrypt89.txt
- %HOMEPATH%\desktop\pay2decrypt87.txt
- %HOMEPATH%\desktop\pay2decrypt37.txt
- %HOMEPATH%\desktop\pay2decrypt86.txt
- %HOMEPATH%\desktop\pay2decrypt85.txt
- %HOMEPATH%\desktop\pay2decrypt84.txt
- %HOMEPATH%\desktop\pay2decrypt83.txt
- %HOMEPATH%\desktop\pay2decrypt82.txt
- %HOMEPATH%\desktop\pay2decrypt81.txt
- %HOMEPATH%\desktop\pay2decrypt80.txt
- %HOMEPATH%\desktop\pay2decrypt79.txt
- %HOMEPATH%\desktop\pay2decrypt78.txt
- %HOMEPATH%\desktop\pay2decrypt77.txt
- %HOMEPATH%\desktop\pay2decrypt51.txt
- %HOMEPATH%\desktop\pay2decrypt50.txt
- %HOMEPATH%\desktop\pay2decrypt49.txt
- %HOMEPATH%\desktop\pay2decrypt21.txt
- %HOMEPATH%\desktop\pay2decrypt20.txt
- %HOMEPATH%\desktop\pay2decrypt19.txt
- %HOMEPATH%\desktop\pay2decrypt18.txt
- %HOMEPATH%\desktop\pay2decrypt17.txt
- %HOMEPATH%\desktop\pay2decrypt16.txt
- %HOMEPATH%\desktop\pay2decrypt15.txt
- %HOMEPATH%\desktop\pay2decrypt14.txt
- %HOMEPATH%\desktop\pay2decrypt13.txt
- %HOMEPATH%\desktop\pay2decrypt12.txt
- %HOMEPATH%\desktop\pay2decrypt11.txt
- %HOMEPATH%\desktop\pay2decrypt10.txt
- %HOMEPATH%\desktop\pay2decrypt9.txt
- %HOMEPATH%\desktop\pay2decrypt8.txt
- %HOMEPATH%\desktop\pay2decrypt7.txt
- %HOMEPATH%\desktop\pay2decrypt6.txt
- %HOMEPATH%\desktop\pay2decrypt5.txt
- %HOMEPATH%\desktop\pay2decrypt4.txt
- %HOMEPATH%\desktop\pay2decrypt3.txt
- %HOMEPATH%\desktop\pay2decrypt2.txt
- %HOMEPATH%\desktop\pay2decrypt23.txt
- %HOMEPATH%\desktop\pay2decrypt24.txt
- %HOMEPATH%\desktop\pay2decrypt22.txt
- %HOMEPATH%\desktop\pay2decrypt25.txt
- %HOMEPATH%\desktop\pay2decrypt48.txt
- %HOMEPATH%\desktop\pay2decrypt26.txt
- %HOMEPATH%\desktop\pay2decrypt47.txt
- %HOMEPATH%\desktop\pay2decrypt46.txt
- %HOMEPATH%\desktop\pay2decrypt45.txt
- %HOMEPATH%\desktop\pay2decrypt44.txt
- %HOMEPATH%\desktop\pay2decrypt43.txt
- %HOMEPATH%\desktop\pay2decrypt42.txt
- %HOMEPATH%\desktop\pay2decrypt41.txt
- %HOMEPATH%\desktop\pay2decrypt40.txt
- %HOMEPATH%\desktop\pay2decrypt39.txt
- %HOMEPATH%\desktop\pay2decrypt88.txt
- %HOMEPATH%\desktop\pay2decrypt99.txt
- %HOMEPATH%\desktop\pay2decrypt36.txt
- %HOMEPATH%\desktop\pay2decrypt35.txt
- %HOMEPATH%\desktop\pay2decrypt34.txt
- %HOMEPATH%\desktop\pay2decrypt33.txt
- %HOMEPATH%\desktop\pay2decrypt32.txt
- %HOMEPATH%\desktop\pay2decrypt31.txt
- %HOMEPATH%\desktop\pay2decrypt30.txt
- %HOMEPATH%\desktop\pay2decrypt29.txt
- %HOMEPATH%\desktop\pay2decrypt28.txt
- %HOMEPATH%\desktop\pay2decrypt27.txt
- %HOMEPATH%\desktop\pay2decrypt38.txt
- %HOMEPATH%\desktop\pay2decrypt100.txt
- %HOMEPATH%\desktop\000814251_video_01.avi
- %LOCALAPPDATA%\google\chrome\user data\default\extension state\000003.ldb
- %LOCALAPPDATA%\google\chrome\user data\default\extension state\000006.ldb
- %LOCALAPPDATA%\google\chrome\user data\default\extension state\000007.log
- %LOCALAPPDATA%\google\chrome\user data\default\extension state\current
- %LOCALAPPDATA%\google\chrome\user data\default\extension state\lock
- %LOCALAPPDATA%\google\chrome\user data\default\extension state\log
- %LOCALAPPDATA%\google\chrome\user data\default\cache\index
- C:\users\public\recorded tv\sample media\win7_scenic-demoshort_raw.wtv
- C:\users\public\desktop\mirc.lnk
- C:\users\public\desktop\mozilla firefox.lnk
- C:\users\public\desktop\opera.lnk
- C:\users\public\desktop\steam.lnk
- C:\users\public\desktop\winamp.lnk
- C:\users\public\desktop\mozilla thunderbird.lnk
- C:\users\public\desktop\google chrome.lnk
- C:\users\public\desktop\acrobat reader dc.lnk
- %HOMEPATH%\desktop\total commander 64 bit.lnk
- %HOMEPATH%\desktop\telegram.lnk
- %HOMEPATH%\desktop\qip 2012.lnk
- %HOMEPATH%\desktop\mail.ru agent.lnk
- %HOMEPATH%\desktop\join.avi
- %HOMEPATH%\desktop\glidescope_review_rev_010.docx
- %HOMEPATH%\desktop\icq.lnk
- %HOMEPATH%\desktop\cveuropeo.doc
- %HOMEPATH%\desktop\coffee.bmp
- %HOMEPATH%\desktop\applicantform_en.doc
- %HOMEPATH%\desktop\adhd_and_obesity.docx
- %LOCALAPPDATA%\google\chrome\user data\default\extension state\log.old
- %LOCALAPPDATA%\google\chrome\user data\default\extension state\manifest-000001
- 'di##ord.com':443
- 'di##ord.com':443
- DNS ASK di##ord.com