Technical Information
- [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Windows Update' = '%APPDATA%\MicrosoftWindowsUpdate.exe'
- [HKLM\System\CurrentControlSet\Services\IKEEXT] 'Start' = '00000002'
- [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'EnableFirewall' = '00000000'
- [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- '%WINDIR%\syswow64\netsh.exe' advfirewall set allprofiles state off
- firefox.exe
- %APPDATA%\microsoftwindowsupdate.exe
- %CommonProgramFiles%\microsoft shared\themes14\expeditn\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\ice\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\indust\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\iris\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\journal\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\layers\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\level\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\papyrus\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\network\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\profile\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\sonora\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\quad\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\radial\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\refined\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\ripple\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\ricepapr\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\rmnsque\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\satin\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\sky\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\slate\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\evrgreen\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\pixel\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\eclipse\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\blends\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\smart tag\lists\1033\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\source engine\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\stationery\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\textconv\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\textconv\en-us\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\aftrnoon\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\axis\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\arctic\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\bluecalm\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\echo\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\blueprnt\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\boldstri\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\breeze\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\canyon\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\capsules\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\cascade\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\compass\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\concrete\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\deepblue\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\edge\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\triedit\readme_for_unlock.txt
- %ProgramFiles%\dvd maker\shared\dvdstyles\babyboy\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\strtedge\readme_for_unlock.txt
- %CommonProgramFiles%\speechengines\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\web server extensions\14\readme_for_unlock.txt
- %CommonProgramFiles%\speechengines\microsoft\readme_for_unlock.txt
- %CommonProgramFiles%\system\readme_for_unlock.txt
- %CommonProgramFiles%\system\ado\readme_for_unlock.txt
- %TEMP%\wrp27f.tmp
- %CommonProgramFiles%\microsoft shared\web server extensions\14\bin\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\web server extensions\readme_for_unlock.txt
- %CommonProgramFiles%\system\ado\en-us\readme_for_unlock.txt
- %CommonProgramFiles%\system\msadc\en-us\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\studio\readme_for_unlock.txt
- %CommonProgramFiles%\system\msmapi\readme_for_unlock.txt
- %CommonProgramFiles%\system\msmapi\1033\readme_for_unlock.txt
- %CommonProgramFiles%\system\msadc\readme_for_unlock.txt
- %CommonProgramFiles%\system\ole db\readme_for_unlock.txt
- %CommonProgramFiles%\system\ole db\en-us\readme_for_unlock.txt
- %ProgramFiles%\dvd maker\readme_for_unlock.txt
- %ProgramFiles%\dvd maker\en-us\readme_for_unlock.txt
- %ProgramFiles%\dvd maker\shared\readme_for_unlock.txt
- %ProgramFiles%\dvd maker\shared\dvdstyles\readme_for_unlock.txt
- %CommonProgramFiles%\services\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\smart tag\lists\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\web server extensions\14\bin\1033\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\translat\fren\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\sumipntg\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\water\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\translat\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\watermar\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\translat\arfr\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\translat\enes\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\translat\enfr\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\translat\esen\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\translat\frar\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\themes14\spring\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\web folders\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\vba\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\vba\vba7\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\triedit\en-us\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\vc\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\vba\vba7\1033\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\vgx\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\vsto\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\vsto\10.0\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\vsto\10.0\1033\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\web folders\1033\readme_for_unlock.txt
- %CommonProgramFiles%\system\en-us\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\smart tag\1033\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\onenote.en-us\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\cs-cz\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\bg-bg\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\el-gr\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\es-es\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\en-us\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\et-ee\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\fi-fi\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\fr-fr\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\main\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\hu-hu\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\keypad\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\numbers\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\oskmenu\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\osknumpad\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\oskpred\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\symbols\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\web\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\he-il\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\hr-hr\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\de-de\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\auxpad\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\da-dk\readme_for_unlock.txt
- %CommonProgramFiles%\readme_for_unlock.txt
- unc\127.0.0.1\pipe\srvsvc
- nul
- C:\readme_for_unlock.txt
- C:\documents and settings\readme_for_unlock.txt
- <Current directory>\readme_for_unlock.txt
- C:\kms\readme_for_unlock.txt
- C:\msocache\readme_for_unlock.txt
- C:\perflogs\readme_for_unlock.txt
- %ProgramFiles%\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\help\readme_for_unlock.txt
- %CommonProgramFiles%\designer\readme_for_unlock.txt
- C:\perflogs\admin\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\dw\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\euro\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\equation\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\equation\1033\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\filters\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\grphflt\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\ar-sa\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\sk-sk\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\proof\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\ko-kr\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\office14\1033\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\access.en-us\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\groove.en-us\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\excel.en-us\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\infopath.en-us\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\office.en-us\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\office32.en-us\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\office32.ww\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\outlook.en-us\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\it-it\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\powerpoint.en-us\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\proof.en\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\proof.es\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\proof.fr\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\proofing.en-us\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\proplus\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\word.en-us\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\officesoftwareprotectionplatform\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\publisher.en-us\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\office14\cultures\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\smart tag\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\office14\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\ru-ru\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\lt-lt\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\ja-jp\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\lv-lv\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\nb-no\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\nl-nl\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\pl-pl\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\pt-br\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\pt-pt\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\ro-ro\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\hwrcustomization\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\msinfo\en-us\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\sl-si\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\sr-latn-cs\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\sv-se\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\zh-cn\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\th-th\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\tr-tr\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\uk-ua\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\ink\zh-tw\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\msinfo\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\msclientdatamgr\readme_for_unlock.txt
- %ProgramFiles%\dvd maker\shared\dvdstyles\babygirl\readme_for_unlock.txt
- %CommonProgramFiles%\microsoft shared\equation\eqnedt32.exe.manifest.crypt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\office.en-us\officemui.xml.crypt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\office.en-us\pss10r.chm.crypt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\office.en-us\branding.xml.crypt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\infopath.en-us\infopathmui.xml.crypt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\access.en-us\accessmui.xml.crypt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\infopath.en-us\setup.xml.crypt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\access.en-us\setup.xml.crypt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\excel.en-us\setup.xml.crypt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\access.en-us\accessmuiset.xml.crypt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\groove.en-us\setup.xml.crypt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\groove.en-us\groovemui.xml.crypt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\pkeyconfig-office.xrm-ms.crypt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\excel.en-us\excelmui.xml.crypt
- %CommonProgramFiles%\microsoft shared\office14\1033\readme.htm.crypt
- %CommonProgramFiles%\microsoft shared\office14\1033\ado210.chm.crypt
- %CommonProgramFiles%\microsoft shared\office14\muauth.cab.crypt
- %CommonProgramFiles%\microsoft shared\grphflt\ms.wpg.crypt
- %CommonProgramFiles%\microsoft shared\grphflt\cgmimp32.fnt.crypt
- %CommonProgramFiles%\microsoft shared\grphflt\ms.cgm.crypt
- %CommonProgramFiles%\microsoft shared\grphflt\cgmimp32.cfg.crypt
- %CommonProgramFiles%\microsoft shared\grphflt\ms.gif.crypt
- %CommonProgramFiles%\microsoft shared\grphflt\ms.jpg.crypt
- %CommonProgramFiles%\microsoft shared\grphflt\ms.png.crypt
- %CommonProgramFiles%\microsoft shared\grphflt\ms.eps.crypt
- %CommonProgramFiles%\microsoft shared\equation\eqnedt32.hlp.crypt
- %CommonProgramFiles%\microsoft shared\equation\eqnedt32.cnt.crypt
- %CommonProgramFiles%\microsoft shared\equation\mtextra.ttf.crypt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\office.en-us\officemuiset.xml.crypt
- %CommonProgramFiles%\microsoft shared\office14\office setup controller\office32.en-us\setup.xml.crypt
- 'localhost':445
- 'localhost':445
- 'localhost':49179
- 'localhost':63954
- 'localhost':60177
- '%APPDATA%\microsoftwindowsupdate.exe'
- '%WINDIR%\syswow64\cmd.exe' /c TIMEOUT /T 2>NUL&START /b "" cmd /c DEL "<Full path to file>" &EXIT
- '<SYSTEM32>\cmd.exe' /c vssadmin.exe delete shadows /all /quiet
- '%WINDIR%\syswow64\timeout.exe' /T
- '%WINDIR%\syswow64\cmd.exe' /c DEL "<Full path to file>"
- '%WINDIR%\syswow64\cmd.exe' /c TIMEOUT /T 2>NUL&START /b "" cmd /c DEL "<Full path to file>" &EXIT' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c vssadmin.exe delete shadows /all /quiet' (with hidden window)
- '%WINDIR%\syswow64\netsh.exe' advfirewall set allprofiles state off' (with hidden window)