Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\#How_Decrypt_Files.txt
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\#How_Decrypt_Files.txt
- <STUBS_DIR>\msnmsgr\#How_Decrypt_Files.txt
- <STUBS_DIR>\NAVAPW32\#How_Decrypt_Files.txt
- <STUBS_DIR>\msn6\#How_Decrypt_Files.txt
- <STUBS_DIR>\miranda32\#How_Decrypt_Files.txt
- <STUBS_DIR>\mpftray\#How_Decrypt_Files.txt
- <STUBS_DIR>\ntvdm\#How_Decrypt_Files.txt
- <STUBS_DIR>\oncbcli\#How_Decrypt_Files.txt
- <STUBS_DIR>\nod32\#How_Decrypt_Files.txt
- <STUBS_DIR>\netxray\#How_Decrypt_Files.txt
- <STUBS_DIR>\nod\#How_Decrypt_Files.txt
- <STUBS_DIR>\Mir3Game\#How_Decrypt_Files.txt
- <STUBS_DIR>\l2\#How_Decrypt_Files.txt
- <STUBS_DIR>\lin\#How_Decrypt_Files.txt
- <STUBS_DIR>\kb_cli\#How_Decrypt_Files.txt
- <STUBS_DIR>\java\#How_Decrypt_Files.txt
- <STUBS_DIR>\javaw\#How_Decrypt_Files.txt
- <STUBS_DIR>\maplestory\#How_Decrypt_Files.txt
- <STUBS_DIR>\MCAGENT\#How_Decrypt_Files.txt
- <STUBS_DIR>\magent\#How_Decrypt_Files.txt
- <STUBS_DIR>\loadmain\#How_Decrypt_Files.txt
- <STUBS_DIR>\lotroclient\#How_Decrypt_Files.txt
- <STUBS_DIR>\sro_client\#How_Decrypt_Files.txt
- <STUBS_DIR>\startclient7\#How_Decrypt_Files.txt
- <STUBS_DIR>\spidernt\#How_Decrypt_Files.txt
- <STUBS_DIR>\smc\#How_Decrypt_Files.txt
- <STUBS_DIR>\so3d\#How_Decrypt_Files.txt
- <STUBS_DIR>\TwelveSky2\#How_Decrypt_Files.txt
- <STUBS_DIR>\UniStream\#How_Decrypt_Files.txt
- <STUBS_DIR>\trillian\#How_Decrypt_Files.txt
- <STUBS_DIR>\tiny\#How_Decrypt_Files.txt
- <STUBS_DIR>\translink\#How_Decrypt_Files.txt
- <STUBS_DIR>\skype\#How_Decrypt_Files.txt
- <STUBS_DIR>\putty\#How_Decrypt_Files.txt
- <STUBS_DIR>\qip\#How_Decrypt_Files.txt
- <STUBS_DIR>\pidgin\#How_Decrypt_Files.txt
- <STUBS_DIR>\opera\#How_Decrypt_Files.txt
- <STUBS_DIR>\outpost\#How_Decrypt_Files.txt
- <STUBS_DIR>\safari\#How_Decrypt_Files.txt
- <STUBS_DIR>\sgbclient\#How_Decrypt_Files.txt
- <STUBS_DIR>\rclient\#How_Decrypt_Files.txt
- <STUBS_DIR>\Ragexe\#How_Decrypt_Files.txt
- <STUBS_DIR>\RagFree\#How_Decrypt_Files.txt
- <STUBS_DIR>\ISClient\#How_Decrypt_Files.txt
- <STUBS_DIR>\Drweb32w\#How_Decrypt_Files.txt
- <STUBS_DIR>\drweb386\#How_Decrypt_Files.txt
- <STUBS_DIR>\drweb\#How_Decrypt_Files.txt
- <STUBS_DIR>\dekaron\#How_Decrypt_Files.txt
- <STUBS_DIR>\dnf\#How_Decrypt_Files.txt
- <STUBS_DIR>\egni\#How_Decrypt_Files.txt
- <STUBS_DIR>\ekrn\#How_Decrypt_Files.txt
- <STUBS_DIR>\ecmd\#How_Decrypt_Files.txt
- <STUBS_DIR>\Drwebupw\#How_Decrypt_Files.txt
- <STUBS_DIR>\Drwebwcl\#How_Decrypt_Files.txt
- <STUBS_DIR>\contactNG\#How_Decrypt_Files.txt
- <STUBS_DIR>\ccapp\#How_Decrypt_Files.txt
- <STUBS_DIR>\chrome\#How_Decrypt_Files.txt
- <STUBS_DIR>\cbsmain\#How_Decrypt_Files.txt
- <STUBS_DIR>\cbank\#How_Decrypt_Files.txt
- <STUBS_DIR>\cbmain\#How_Decrypt_Files.txt
- <STUBS_DIR>\clmain\#How_Decrypt_Files.txt
- <STUBS_DIR>\clntw32\#How_Decrypt_Files.txt
- <STUBS_DIR>\client7\#How_Decrypt_Files.txt
- <STUBS_DIR>\ClamWin\#How_Decrypt_Files.txt
- <STUBS_DIR>\clbank\#How_Decrypt_Files.txt
- <STUBS_DIR>\httplook\#How_Decrypt_Files.txt
- <STUBS_DIR>\ICQ\#How_Decrypt_Files.txt
- <STUBS_DIR>\gw\#How_Decrypt_Files.txt
- <STUBS_DIR>\GUARD\#How_Decrypt_Files.txt
- <STUBS_DIR>\GVOnline\#How_Decrypt_Files.txt
- <STUBS_DIR>\intpro\#How_Decrypt_Files.txt
- <STUBS_DIR>\iscc\#How_Decrypt_Files.txt
- <STUBS_DIR>\InphaseNXD\#How_Decrypt_Files.txt
- <STUBS_DIR>\iexplore\#How_Decrypt_Files.txt
- <STUBS_DIR>\inbank-start-ff\#How_Decrypt_Files.txt
- <STUBS_DIR>\googletalk\#How_Decrypt_Files.txt
- <STUBS_DIR>\firefox\#How_Decrypt_Files.txt
- <STUBS_DIR>\fsav\#How_Decrypt_Files.txt
- <STUBS_DIR>\el_cli\#How_Decrypt_Files.txt
- <STUBS_DIR>\elbank\#How_Decrypt_Files.txt
- <STUBS_DIR>\elementclient\#How_Decrypt_Files.txt
- <STUBS_DIR>\gc\#How_Decrypt_Files.txt
- <STUBS_DIR>\ge\#How_Decrypt_Files.txt
- <STUBS_DIR>\fsavgui\#How_Decrypt_Files.txt
- <STUBS_DIR>\fsav32\#How_Decrypt_Files.txt
- <STUBS_DIR>\fsavaui\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\#How_Decrypt_Files.txt
- %WINDIR%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\$NtUninstallKB942288-v3$\#How_Decrypt_Files.txt
- %WINDIR%\$NtUninstallKB942288-v3$\spuninst\#How_Decrypt_Files.txt
- %WINDIR%\#How_Decrypt_Files.txt
- <STUBS_DIR>\ZZ__cd75efb816b2cc__\#How_Decrypt_Files.txt
- <STUBS_DIR>\__cd75efb816b2cc__\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\#How_Decrypt_Files.txt
- %WINDIR%\$NtUninstallWIC$\spuninst\#How_Decrypt_Files.txt
- %WINDIR%\AppPatch\#How_Decrypt_Files.txt
- <STUBS_DIR>\ZONEALARM\#How_Decrypt_Files.txt
- <STUBS_DIR>\woool\#How_Decrypt_Files.txt
- <STUBS_DIR>\wow\#How_Decrypt_Files.txt
- <STUBS_DIR>\winbaram\#How_Decrypt_Files.txt
- <STUBS_DIR>\wclnt\#How_Decrypt_Files.txt
- <STUBS_DIR>\webmoney\#How_Decrypt_Files.txt
- <STUBS_DIR>\zapro\#How_Decrypt_Files.txt
- <STUBS_DIR>\zlclient\#How_Decrypt_Files.txt
- <STUBS_DIR>\ybclient\#How_Decrypt_Files.txt
- <STUBS_DIR>\wsm\#How_Decrypt_Files.txt
- <STUBS_DIR>\YahooMessenger\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %TEMP%\tmp3.tmp
- <SYSTEM32>\wbem\AutoRecover\C8463ECBE33BC240263A0B094E46D510.mof
- %WINDIR%\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- <SYSTEM32>\wbem\AutoRecover\23BDE61F1F4FACE17E9B0C01F2A1FD9B.mof
- %WINDIR%\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- %WINDIR%\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\#How_Decrypt_Files.txt
- C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\#How_Decrypt_Files.txt
- C:\Documents and Settings\NetworkService\Local Settings\<INETFILES>\#How_Decrypt_Files.txt
- C:\Documents and Settings\NetworkService\Local Settings\History\#How_Decrypt_Files.txt
- C:\Documents and Settings\NetworkService\#How_Decrypt_Files.txt
- C:\Documents and Settings\NetworkService\Local Settings\#How_Decrypt_Files.txt
- C:\Documents and Settings\NetworkService\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\#How_Decrypt_Files.txt
- C:\Documents and Settings\NetworkService\Local Settings\<INETFILES>\Content.IE5\YPORKZYZ\#How_Decrypt_Files.txt
- C:\Documents and Settings\NetworkService\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\#How_Decrypt_Files.txt
- C:\Documents and Settings\NetworkService\Local Settings\<INETFILES>\Content.IE5\#How_Decrypt_Files.txt
- C:\Documents and Settings\NetworkService\Local Settings\<INETFILES>\Content.IE5\2VAZY7AN\#How_Decrypt_Files.txt
- C:\Documents and Settings\LocalService\Local Settings\<INETFILES>\Content.IE5\MOE00UY1\#How_Decrypt_Files.txt
- C:\Documents and Settings\LocalService\Local Settings\History\#How_Decrypt_Files.txt
- C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\#How_Decrypt_Files.txt
- C:\Documents and Settings\LocalService\Local Settings\Application Data\#How_Decrypt_Files.txt
- C:\Documents and Settings\LocalService\Cookies\#How_Decrypt_Files.txt
- C:\Documents and Settings\LocalService\Local Settings\#How_Decrypt_Files.txt
- C:\Documents and Settings\LocalService\Local Settings\<INETFILES>\Content.IE5\CJCTQ25G\#How_Decrypt_Files.txt
- C:\Documents and Settings\LocalService\Local Settings\<INETFILES>\Content.IE5\LBMMC3H3\#How_Decrypt_Files.txt
- C:\Documents and Settings\LocalService\Local Settings\<INETFILES>\Content.IE5\BGGTYMH1\#How_Decrypt_Files.txt
- C:\Documents and Settings\LocalService\Local Settings\<INETFILES>\#How_Decrypt_Files.txt
- C:\Documents and Settings\LocalService\Local Settings\<INETFILES>\Content.IE5\#How_Decrypt_Files.txt
- <LS_APPDATA>\VMware\#How_Decrypt_Files.txt
- %HOMEPATH%\Local Settings\History\#How_Decrypt_Files.txt
- <LS_APPDATA>\Mozilla\Firefox\Profiles\cwdgt0y8.default\startupCache\#How_Decrypt_Files.txt
- <LS_APPDATA>\Mozilla\Firefox\Profiles\cwdgt0y8.default\#How_Decrypt_Files.txt
- <LS_APPDATA>\Mozilla\Firefox\Profiles\cwdgt0y8.default\Cache\#How_Decrypt_Files.txt
- %HOMEPATH%\My Documents\#How_Decrypt_Files.txt
- %HOMEPATH%\My Documents\My Music\#How_Decrypt_Files.txt
- %HOMEPATH%\Local Settings\<INETFILES>\#How_Decrypt_Files.txt
- %HOMEPATH%\Local Settings\History\History.IE5\#How_Decrypt_Files.txt
- %HOMEPATH%\Local Settings\History\History.IE5\MSHist012011111020111111\#How_Decrypt_Files.txt
- <LS_APPDATA>\#How_Decrypt_Files.txt
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\#How_Decrypt_Files.txt
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\bookmarkbackups\#How_Decrypt_Files.txt
- %APPDATA%\Mozilla\Firefox\#How_Decrypt_Files.txt
- %HOMEPATH%\#How_Decrypt_Files.txt
- %APPDATA%\#How_Decrypt_Files.txt
- %HOMEPATH%\Favorites\Links\#How_Decrypt_Files.txt
- %HOMEPATH%\Local Settings\#How_Decrypt_Files.txt
- %HOMEPATH%\Favorites\#How_Decrypt_Files.txt
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\chrome\#How_Decrypt_Files.txt
- %HOMEPATH%\Cookies\#How_Decrypt_Files.txt
- C:\Documents and Settings\LocalService\#How_Decrypt_Files.txt
- %ALLUSERSPROFILE%\Start Menu\Programs\#How_Decrypt_Files.txt
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\#How_Decrypt_Files.txt
- %ALLUSERSPROFILE%\Start Menu\#How_Decrypt_Files.txt
- %ALLUSERSPROFILE%\Documents\My Videos\#How_Decrypt_Files.txt
- %ALLUSERSPROFILE%\DRM\#How_Decrypt_Files.txt
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\#How_Decrypt_Files.txt
- %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\#How_Decrypt_Files.txt
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Entertainment\#How_Decrypt_Files.txt
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Accessibility\#How_Decrypt_Files.txt
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Communications\#How_Decrypt_Files.txt
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\#How_Decrypt_Files.txt
- <Current directory>\#How_Decrypt_Files.txt
- %ALLUSERSPROFILE%\Application Data\#How_Decrypt_Files.txt
- C:\#How_Decrypt_Files.txt
- %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\MachineKeys\9206eb7aa9d5b797ad252eb6c6a346ee_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\Microsoft\Microsoft_Sam_Hash.ini
- %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\0338E140\#How_Decrypt_Files.txt
- %ALLUSERSPROFILE%\Documents\My Pictures\#How_Decrypt_Files.txt
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\#How_Decrypt_Files.txt
- %ALLUSERSPROFILE%\Documents\#How_Decrypt_Files.txt
- %ALLUSERSPROFILE%\Documents\My Music\#How_Decrypt_Files.txt
- C:\Documents and Settings\Default User\Start Menu\#How_Decrypt_Files.txt
- C:\Documents and Settings\Default User\Start Menu\Programs\#How_Decrypt_Files.txt
- C:\Documents and Settings\Default User\SendTo\#How_Decrypt_Files.txt
- C:\Documents and Settings\Default User\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\#How_Decrypt_Files.txt
- C:\Documents and Settings\Default User\Local Settings\<INETFILES>\Content.IE5\YPORKZYZ\#How_Decrypt_Files.txt
- C:\Documents and Settings\Default User\Start Menu\Programs\Startup\#How_Decrypt_Files.txt
- C:\Documents and Settings\Default User\Templates\#How_Decrypt_Files.txt
- C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Entertainment\#How_Decrypt_Files.txt
- C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\#How_Decrypt_Files.txt
- C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\#How_Decrypt_Files.txt
- C:\Documents and Settings\Default User\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\#How_Decrypt_Files.txt
- C:\Documents and Settings\Default User\Cookies\#How_Decrypt_Files.txt
- C:\Documents and Settings\Default User\Local Settings\#How_Decrypt_Files.txt
- C:\Documents and Settings\Default User\Application Data\#How_Decrypt_Files.txt
- %ALLUSERSPROFILE%\Start Menu\Programs\Games\#How_Decrypt_Files.txt
- C:\Documents and Settings\Default User\#How_Decrypt_Files.txt
- C:\Documents and Settings\Default User\Local Settings\<INETFILES>\Content.IE5\#How_Decrypt_Files.txt
- C:\Documents and Settings\Default User\Local Settings\<INETFILES>\Content.IE5\2VAZY7AN\#How_Decrypt_Files.txt
- C:\Documents and Settings\Default User\Local Settings\<INETFILES>\#How_Decrypt_Files.txt
- C:\Documents and Settings\Default User\Local Settings\History\#How_Decrypt_Files.txt
- C:\Documents and Settings\Default User\Local Settings\History\History.IE5\#How_Decrypt_Files.txt
- C:\Far2\PluginSDK\Headers.c\#How_Decrypt_Files.txt
- C:\Far2\PluginSDK\Headers.pas\#How_Decrypt_Files.txt
- C:\Far2\Plugins\WinSCP\#How_Decrypt_Files.txt
- C:\Far2\Plugins\ProcList\#How_Decrypt_Files.txt
- C:\Far2\Plugins\TmpPanel\#How_Decrypt_Files.txt
- <STUBS_DIR>\360tray\#How_Decrypt_Files.txt
- <STUBS_DIR>\ageofconan\#How_Decrypt_Files.txt
- <STUBS_DIR>\#How_Decrypt_Files.txt
- C:\Muldrop\#How_Decrypt_Files.txt
- C:\RECYCLER\S-1-5-21-2052111302-484763869-725345543-1003\#How_Decrypt_Files.txt
- C:\Far2\Plugins\Network\#How_Decrypt_Files.txt
- %TEMP%\tmp1.tmp
- C:\Far2\Plugins\FileCase\#How_Decrypt_Files.txt
- C:\Far2\Plugins\FarCmds\#How_Decrypt_Files.txt
- C:\Far2\Plugins\ExtSearch\sources\#How_Decrypt_Files.txt
- C:\Far2\Plugins\ExtSearch\sources\RegExp\#How_Decrypt_Files.txt
- %TEMP%\tmp2.tmp
- C:\Far2\Plugins\MacroView\#How_Decrypt_Files.txt
- C:\Far2\Plugins\HlfViewer\#How_Decrypt_Files.txt
- C:\Far2\Plugins\FTP\#How_Decrypt_Files.txt
- C:\Far2\Plugins\FTP\lib\#How_Decrypt_Files.txt
- <STUBS_DIR>\bclient\#How_Decrypt_Files.txt
- <STUBS_DIR>\bc_loader\#How_Decrypt_Files.txt
- <STUBS_DIR>\BBClient\#How_Decrypt_Files.txt
- <STUBS_DIR>\AVSYNMGR\#How_Decrypt_Files.txt
- <STUBS_DIR>\bankcl\#How_Decrypt_Files.txt
- <STUBS_DIR>\bk\#How_Decrypt_Files.txt
- <STUBS_DIR>\cabalmain\#How_Decrypt_Files.txt
- <STUBS_DIR>\bdsubmit\#How_Decrypt_Files.txt
- <STUBS_DIR>\bdagent\#How_Decrypt_Files.txt
- <STUBS_DIR>\bdss\#How_Decrypt_Files.txt
- <STUBS_DIR>\AVPM\#How_Decrypt_Files.txt
- <STUBS_DIR>\ashAvSrv\#How_Decrypt_Files.txt
- <STUBS_DIR>\avgcc\#How_Decrypt_Files.txt
- <STUBS_DIR>\ashAvast\#How_Decrypt_Files.txt
- <STUBS_DIR>\aion\#How_Decrypt_Files.txt
- <STUBS_DIR>\ash\#How_Decrypt_Files.txt
- <STUBS_DIR>\AVP32\#How_Decrypt_Files.txt
- <STUBS_DIR>\AVPCC\#How_Decrypt_Files.txt
- <STUBS_DIR>\AVP\#How_Decrypt_Files.txt
- <STUBS_DIR>\AVGCC32\#How_Decrypt_Files.txt
- <STUBS_DIR>\AVGCTRL\#How_Decrypt_Files.txt
- C:\Far2\Plugins\ExtSearch\keys\#How_Decrypt_Files.txt
- C:\Far2\Addons\Macros\#How_Decrypt_Files.txt
- C:\Far2\Addons\SetUp\#How_Decrypt_Files.txt
- C:\Far2\Addons\Colors\Default Highlighting\#How_Decrypt_Files.txt
- C:\Far2\Addons\Colors\#How_Decrypt_Files.txt
- C:\Far2\Addons\Colors\Custom Highlighting\#How_Decrypt_Files.txt
- C:\Far2\Documentation\eng\#How_Decrypt_Files.txt
- C:\Far2\Documentation\rus\#How_Decrypt_Files.txt
- C:\Far2\Addons\XLat\Russian\#How_Decrypt_Files.txt
- C:\Far2\Addons\Shell\#How_Decrypt_Files.txt
- C:\Far2\Addons\XLat\#How_Decrypt_Files.txt
- C:\Far2\Addons\#How_Decrypt_Files.txt
- %HOMEPATH%\Start Menu\#How_Decrypt_Files.txt
- %HOMEPATH%\Start Menu\Programs\#How_Decrypt_Files.txt
- %HOMEPATH%\SendTo\#How_Decrypt_Files.txt
- %HOMEPATH%\My Documents\My Pictures\#How_Decrypt_Files.txt
- %HOMEPATH%\Recent\#How_Decrypt_Files.txt
- %HOMEPATH%\Templates\#How_Decrypt_Files.txt
- C:\Far2\#How_Decrypt_Files.txt
- %HOMEPATH%\Start Menu\Programs\Accessories\Entertainment\#How_Decrypt_Files.txt
- %HOMEPATH%\Start Menu\Programs\Accessories\#How_Decrypt_Files.txt
- %HOMEPATH%\Start Menu\Programs\Accessories\Accessibility\#How_Decrypt_Files.txt
- C:\Far2\Plugins\Colorer\hrd\console\contrib\#How_Decrypt_Files.txt
- C:\Far2\Plugins\Compare\#How_Decrypt_Files.txt
- C:\Far2\Plugins\Colorer\hrd\console\#How_Decrypt_Files.txt
- C:\Far2\Plugins\Colorer\hrc\auto\types\#How_Decrypt_Files.txt
- C:\Far2\Plugins\Colorer\hrd\#How_Decrypt_Files.txt
- C:\Far2\Plugins\ExtSearch\#How_Decrypt_Files.txt
- C:\Far2\Plugins\ExtSearch\doc\#How_Decrypt_Files.txt
- C:\Far2\Plugins\EMenu\#How_Decrypt_Files.txt
- C:\Far2\Plugins\DrawLine\#How_Decrypt_Files.txt
- C:\Far2\Plugins\EditCase\#How_Decrypt_Files.txt
- C:\Far2\Plugins\Colorer\hrc\auto\#How_Decrypt_Files.txt
- C:\Far2\Plugins\Align\#How_Decrypt_Files.txt
- C:\Far2\Plugins\arclite\#How_Decrypt_Files.txt
- C:\Far2\Plugins\7-Zip\#How_Decrypt_Files.txt
- C:\Far2\Encyclopedia\#How_Decrypt_Files.txt
- C:\Far2\FExcept\#How_Decrypt_Files.txt
- C:\Far2\Plugins\Colorer\bin\#How_Decrypt_Files.txt
- C:\Far2\Plugins\Colorer\hrc\#How_Decrypt_Files.txt
- C:\Far2\Plugins\Colorer\#How_Decrypt_Files.txt
- C:\Far2\Plugins\AutoWrap\#How_Decrypt_Files.txt
- C:\Far2\Plugins\Brackets\#How_Decrypt_Files.txt
- %TEMP%\tmp2.tmp
- %TEMP%\tmp3.tmp
- %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\MachineKeys\9206eb7aa9d5b797ad252eb6c6a346ee_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %TEMP%\tmp1.tmp
- from %WINDIR%\setupapi.log to %WINDIR%\C2-JhUN8tpEOAFhIzM.Infinite
- from %WINDIR%\setupact.log to %WINDIR%\C3-LVDAr49kCr9lahIQ.Infinite
- from %WINDIR%\setuplog.txt to %WINDIR%\C2-ItkaNjVjaTLc1IR.Infinite
- from %WINDIR%\spupdsvc.log to %WINDIR%\C2-LpWgpuxdfR1UOTY.Infinite
- from %WINDIR%\Soap Bubbles.bmp to %WINDIR%\C2-MdGTa5H0T9uYgBU.Infinite
- from %WINDIR%\sessmgr.setup.log to %WINDIR%\C8-4cjVjlx0dpG9MhbBJrJ.Infinite
- from %WINDIR%\regopt.log to %WINDIR%\C1-d2UQv2ItpVm3Si.Infinite
- from %WINDIR%\Prairie Wind.bmp to %WINDIR%\C6-L92lnj8HGSuPEiK1JK.Infinite
- from %WINDIR%\Rhododendron.bmp to %WINDIR%\C0-bDldArzN2osyA1.Infinite
- from %WINDIR%\Santa Fe Stucco.bmp to %WINDIR%\C7-Tvf4aenWyZsWSttf3J.Infinite
- from %WINDIR%\River Sumida.bmp to %WINDIR%\C1-Cup5Jy91g4Ga5no.Infinite
- from %WINDIR%\Zapotec.bmp to %WINDIR%\C0-yxwweu5X6Y2cCY.Infinite
- from %WINDIR%\wmsetup.log to %WINDIR%\C3-6RHjUxvtK691cx2g.Infinite
- from %WINDIR%\_default.pif to %WINDIR%\C7-rTaAprCBr1vFm0RGoqW.Infinite
- from %WINDIR%\$NtUninstallWIC$\spuninst\spuninst.txt to %WINDIR%\$NtUninstallWIC$\spuninst\C6-0NsHxA32JclfxhdpNX.Infinite
- from %WINDIR%\$NtUninstallKB942288-v3$\spuninst\spuninst.txt to %WINDIR%\$NtUninstallKB942288-v3$\spuninst\C7-8FpxF0uc2L1srDRCsO.Infinite
- from %WINDIR%\WindowsUpdate.log to %WINDIR%\C8-pMXr7p4nZj0SgfFdJhJ.Infinite
- from %WINDIR%\tsoc.log to %WINDIR%\C2-uiqKErnkW1U31ZL.Infinite
- from %WINDIR%\tabletoc.log to %WINDIR%\C1-K1nt6kd8rk7Q7md.Infinite
- from %WINDIR%\updspapi.log to %WINDIR%\C2-tu8XUhUEiIayisP.Infinite
- from %WINDIR%\wiaservc.log to %WINDIR%\C1-wqtdwtv9oHGp75X.Infinite
- from %WINDIR%\wiadebug.log to %WINDIR%\C6-AnbDczfqHLTaws7GEM.Infinite
- from %WINDIR%\OEWABLog.txt to %WINDIR%\C3-flKKYjPpANJUCDGS.Infinite
- from %WINDIR%\FaxSetup.log to %WINDIR%\C7-7AVk7biMtpjrQLGFfp.Infinite
- from %WINDIR%\DtcInstall.log to %WINDIR%\C0-DeqWweai9MpEqk.Infinite
- from %WINDIR%\FeatherTexture.bmp to %WINDIR%\C5-zg0xGYq1eIcT1wy33.Infinite
- from %WINDIR%\Greenstone.bmp to %WINDIR%\C3-Surcac9I61uiULOL.Infinite
- from %WINDIR%\Gone Fishing.bmp to %WINDIR%\C5-ZODOPf1dJY17ukgYJ.Infinite
- from %WINDIR%\comsetup.log to %WINDIR%\C8-dwn6nXQ6T8Rcwxqw3BV.Infinite
- from %WINDIR%\clock.avi to %WINDIR%\C0-bpkm6VIgBqgpqT.Infinite
- from %WINDIR%\Blue Lace 16.bmp to %WINDIR%\C6-RIFZetVX9rBGslrQWO.Infinite
- from %WINDIR%\cmsetacl.log to %WINDIR%\C4-tiERDnUIksYR5SLYj.Infinite
- from %WINDIR%\COM+.log to %WINDIR%\C3-Mww7WrmZAbqgYrlr.Infinite
- from %WINDIR%\Coffee Bean.bmp to %WINDIR%\C5-TPIsMudvP9w5yG451.Infinite
- from %WINDIR%\netfxocm.log to %WINDIR%\C6-jJu1vbpGJwk1EQRqXd.Infinite
- from %WINDIR%\msmqinst.log to %WINDIR%\C8-qmGnlehcYTrNepi5AWu.Infinite
- from %WINDIR%\ntdtcsetup.log to %WINDIR%\C7-J1yS5iztyB9c9D9MoA.Infinite
- from %WINDIR%\ocmsn.log to %WINDIR%\C4-hZ57ItiLy5DYUvCd.Infinite
- from %WINDIR%\ocgen.log to %WINDIR%\C6-o4Qt9wagDbKvuJUqss.Infinite
- from %WINDIR%\msgsocm.log to %WINDIR%\C1-xGcabhYxn1xl5E1.Infinite
- from %WINDIR%\imsins.BAK to %WINDIR%\C2-v9ZGtgQZVjCxyjo.Infinite
- from %WINDIR%\iis6.log to %WINDIR%\C1-LRVpkYGwqToL5w.Infinite
- from %WINDIR%\imsins.log to %WINDIR%\C0-ofDU4cYDGC6aYL.Infinite
- from %WINDIR%\MedCtrOC.log to %WINDIR%\C0-NYY9SaPK8kZ9AQ.Infinite
- from %WINDIR%\KB942288-v3.log to %WINDIR%\C4-7Yh0BukppEyCmKEf.Infinite
- from %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\secmod.db to %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\C8-0bXYUG9HjWXxlrCrz61.Infinite
- from %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\sessionstore.bak to %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\C6-39CleCGvVzQaLSueMC.Infinite
- from %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\search.sqlite to %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\C5-xGJYJT2bsq9LVTTnY.Infinite
- from %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\pluginreg.dat to %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\C3-nrBg1FiLYLM7hs5l.Infinite
- from %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\prefs.js to %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\C4-NZF80MryDakibfmH.Infinite
- from %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\chrome\userChrome-example.css to %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\chrome\C1-qIXVg8ecJBzcb0.Infinite
- from %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\chrome\userContent-example.css to %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\chrome\C2-QzbwqFoFyRNFVwE.Infinite
- from %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\webappsstore.sqlite to %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\C6-64yr7Oipax7Rje3SHO.Infinite
- from %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\sessionstore.js to %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\C5-WAdDhQrijOct8YF9P.Infinite
- from %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\signons.sqlite to %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\C1-oAUCy7WD2uEpVeK.Infinite
- from %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\places.sqlite to %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\C4-AjmPBFbR9ELxtntA.Infinite
- from %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\content-prefs.sqlite to %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\C2-tKi2qGvTtJUg0ir.Infinite
- from %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\cookies.sqlite to %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\C1-sWzE67bx6cacr2w.Infinite
- from %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\chromeappsstore.sqlite to %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\C4-1o5ofJmo9qb4Z80r.Infinite
- from %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\bookmarks.html to %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\C3-Rvk0HMwhHI8Vx2NX.Infinite
- from %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\cert8.db to %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\C0-jvb9X2bDZoiRL8.Infinite
- from %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\key3.db to %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\C2-1JeXt1HBojZi6CU.Infinite
- from %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\permissions.sqlite to %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\C6-HC8C2ITnNlRLJCBNmP.Infinite
- from %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\formhistory.sqlite to %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\C4-8n1Kj40X3Gf7VbmMD.Infinite
- from %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\downloads.sqlite to %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\C7-F66tJHLO6UfXDizkHFn.Infinite
- from %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions.sqlite to %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\C5-9bj7TET4qxZAnJhXd.Infinite
- 'ap#.##legram.org':443
- 'ic###azip.com':80
- 'wp#d':80
- http://ic###azip.com/
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK ap#.##legram.org
- DNS ASK ic###azip.com
- DNS ASK wp#d
- '<SYSTEM32>\cmd.exe' /C WMIC.exe shadowcopy delete
- '<SYSTEM32>\cmd.exe' /C vssadmin.exe delete shadows /all /Quiet