Technical Information
- Command Prompt (CMD)
- Windows Task Manager (Taskmgr)
- Registry Editor (RegEdit)
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoRun' = '00000001'
- %HOMEPATH%\desktop\alert.html
- %LOCALAPPDATA%\google\chrome\user data\default\login data
- %LOCALAPPDATA%\google\chrome\user data\default\cookies
- %HOMEPATH%\desktop\pay2decrypt1.txt
- %HOMEPATH%\desktop\pay2decrypt74.txt
- %HOMEPATH%\desktop\pay2decrypt73.txt
- %HOMEPATH%\desktop\pay2decrypt72.txt
- %HOMEPATH%\desktop\pay2decrypt71.txt
- %HOMEPATH%\desktop\pay2decrypt70.txt
- %HOMEPATH%\desktop\pay2decrypt69.txt
- %HOMEPATH%\desktop\pay2decrypt68.txt
- %HOMEPATH%\desktop\pay2decrypt67.txt
- %HOMEPATH%\desktop\pay2decrypt66.txt
- %HOMEPATH%\desktop\pay2decrypt65.txt
- %HOMEPATH%\desktop\pay2decrypt64.txt
- %HOMEPATH%\desktop\pay2decrypt63.txt
- %HOMEPATH%\desktop\pay2decrypt62.txt
- %HOMEPATH%\desktop\pay2decrypt61.txt
- %HOMEPATH%\desktop\pay2decrypt60.txt
- %HOMEPATH%\desktop\pay2decrypt59.txt
- %HOMEPATH%\desktop\pay2decrypt58.txt
- %HOMEPATH%\desktop\pay2decrypt57.txt
- %HOMEPATH%\desktop\pay2decrypt56.txt
- %HOMEPATH%\desktop\pay2decrypt55.txt
- %HOMEPATH%\desktop\pay2decrypt54.txt
- %HOMEPATH%\desktop\pay2decrypt52.txt
- %HOMEPATH%\desktop\pay2decrypt53.txt
- %HOMEPATH%\desktop\pay2decrypt75.txt
- %HOMEPATH%\desktop\pay2decrypt76.txt
- %HOMEPATH%\desktop\pay2decrypt98.txt
- %HOMEPATH%\desktop\pay2decrypt97.txt
- %HOMEPATH%\desktop\pay2decrypt96.txt
- %HOMEPATH%\desktop\pay2decrypt95.txt
- %HOMEPATH%\desktop\pay2decrypt94.txt
- %HOMEPATH%\desktop\pay2decrypt93.txt
- %HOMEPATH%\desktop\pay2decrypt92.txt
- %HOMEPATH%\desktop\pay2decrypt91.txt
- %HOMEPATH%\desktop\pay2decrypt90.txt
- %HOMEPATH%\desktop\pay2decrypt89.txt
- %HOMEPATH%\desktop\pay2decrypt87.txt
- %HOMEPATH%\desktop\pay2decrypt37.txt
- %HOMEPATH%\desktop\pay2decrypt86.txt
- %HOMEPATH%\desktop\pay2decrypt85.txt
- %HOMEPATH%\desktop\pay2decrypt84.txt
- %HOMEPATH%\desktop\pay2decrypt83.txt
- %HOMEPATH%\desktop\pay2decrypt82.txt
- %HOMEPATH%\desktop\pay2decrypt81.txt
- %HOMEPATH%\desktop\pay2decrypt80.txt
- %HOMEPATH%\desktop\pay2decrypt79.txt
- %HOMEPATH%\desktop\pay2decrypt78.txt
- %HOMEPATH%\desktop\pay2decrypt77.txt
- %HOMEPATH%\desktop\pay2decrypt51.txt
- %HOMEPATH%\desktop\pay2decrypt50.txt
- %HOMEPATH%\desktop\pay2decrypt49.txt
- %HOMEPATH%\desktop\pay2decrypt21.txt
- %HOMEPATH%\desktop\pay2decrypt20.txt
- %HOMEPATH%\desktop\pay2decrypt19.txt
- %HOMEPATH%\desktop\pay2decrypt18.txt
- %HOMEPATH%\desktop\pay2decrypt17.txt
- %HOMEPATH%\desktop\pay2decrypt16.txt
- %HOMEPATH%\desktop\pay2decrypt15.txt
- %HOMEPATH%\desktop\pay2decrypt14.txt
- %HOMEPATH%\desktop\pay2decrypt13.txt
- %HOMEPATH%\desktop\pay2decrypt12.txt
- %HOMEPATH%\desktop\pay2decrypt11.txt
- %HOMEPATH%\desktop\pay2decrypt10.txt
- %HOMEPATH%\desktop\pay2decrypt9.txt
- %HOMEPATH%\desktop\pay2decrypt8.txt
- %HOMEPATH%\desktop\pay2decrypt7.txt
- %HOMEPATH%\desktop\pay2decrypt6.txt
- %HOMEPATH%\desktop\pay2decrypt5.txt
- %HOMEPATH%\desktop\pay2decrypt4.txt
- %HOMEPATH%\desktop\pay2decrypt3.txt
- %HOMEPATH%\desktop\pay2decrypt2.txt
- %HOMEPATH%\desktop\pay2decrypt23.txt
- %HOMEPATH%\desktop\pay2decrypt24.txt
- %HOMEPATH%\desktop\pay2decrypt22.txt
- %HOMEPATH%\desktop\pay2decrypt25.txt
- %HOMEPATH%\desktop\pay2decrypt48.txt
- %HOMEPATH%\desktop\pay2decrypt26.txt
- %HOMEPATH%\desktop\pay2decrypt47.txt
- %HOMEPATH%\desktop\pay2decrypt46.txt
- %HOMEPATH%\desktop\pay2decrypt45.txt
- %HOMEPATH%\desktop\pay2decrypt44.txt
- %HOMEPATH%\desktop\pay2decrypt43.txt
- %HOMEPATH%\desktop\pay2decrypt42.txt
- %HOMEPATH%\desktop\pay2decrypt41.txt
- %HOMEPATH%\desktop\pay2decrypt40.txt
- %HOMEPATH%\desktop\pay2decrypt39.txt
- %HOMEPATH%\desktop\pay2decrypt88.txt
- %HOMEPATH%\desktop\pay2decrypt99.txt
- %HOMEPATH%\desktop\pay2decrypt36.txt
- %HOMEPATH%\desktop\pay2decrypt35.txt
- %HOMEPATH%\desktop\pay2decrypt34.txt
- %HOMEPATH%\desktop\pay2decrypt33.txt
- %HOMEPATH%\desktop\pay2decrypt32.txt
- %HOMEPATH%\desktop\pay2decrypt31.txt
- %HOMEPATH%\desktop\pay2decrypt30.txt
- %HOMEPATH%\desktop\pay2decrypt29.txt
- %HOMEPATH%\desktop\pay2decrypt28.txt
- %HOMEPATH%\desktop\pay2decrypt27.txt
- %HOMEPATH%\desktop\pay2decrypt38.txt
- %HOMEPATH%\desktop\pay2decrypt100.txt
- %HOMEPATH%\desktop\alert.html
- %LOCALAPPDATA%\google\chrome\user data\default\storage\ext\chrome-signin\def\gpucache\data_3
- %LOCALAPPDATA%\google\chrome\user data\default\top sites-journal
- %LOCALAPPDATA%\google\chrome\user data\default\storage\ext\chrome-signin\def\gpucache\index
- %LOCALAPPDATA%\google\chrome\user data\default\top sites
- %LOCALAPPDATA%\google\chrome\user data\default\visited links
- %LOCALAPPDATA%\google\chrome\user data\default\transportsecurity
- C:\users\public\music\sample music\kalimba.mp3
- C:\users\public\desktop\acrobat reader dc.lnk
- C:\users\public\desktop\google chrome.lnk
- C:\users\public\desktop\mirc.lnk
- C:\users\public\desktop\mozilla firefox.lnk
- C:\users\public\desktop\mozilla thunderbird.lnk
- C:\users\public\desktop\opera.lnk
- C:\users\public\music\sample music\maid with the flaxen hair.mp3
- C:\users\public\pictures\sample pictures\chrysanthemum.jpg
- C:\users\public\pictures\sample pictures\desert.jpg
- C:\users\public\pictures\sample pictures\hydrangeas.jpg
- C:\users\public\recorded tv\sample media\win7_scenic-demoshort_raw.wtv
- C:\users\public\pictures\sample pictures\jellyfish.jpg
- C:\users\public\pictures\sample pictures\koala.jpg
- C:\users\public\pictures\sample pictures\lighthouse.jpg
- C:\users\public\pictures\sample pictures\penguins.jpg
- C:\users\public\pictures\sample pictures\tulips.jpg
- C:\users\public\music\sample music\sleep away.mp3
- C:\users\public\libraries\recordedtv.library-ms
- C:\users\public\desktop\steam.lnk
- C:\users\public\desktop\winamp.lnk
- %LOCALAPPDATA%\google\chrome\user data\default\storage\ext\chrome-signin\def\gpucache\data_2
- %LOCALAPPDATA%\google\chrome\user data\default\storage\ext\chrome-signin\def\gpucache\data_0
- 'di##ord.com':443
- 'di##ord.com':443
- DNS ASK di##ord.com