Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WindowsDefenderUpdater.exe' = '%ALLUSERSPROFILE%\WindowsDefenderUpdater.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'WindowsUpdateCheck' = '<Full path to file>'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'WindowsUpdateCheck' = '%ALLUSERSPROFILE%\WindowsDefenderUpdater.exe'
- %HOMEPATH%\start menu\programs\startup\.c4d1664ef40ce18f8d41
- <Drive name for removable media>:\.c4d1664ef40ce18f8d41
- <Drive name for removable media>:\join.avi
- <Drive name for removable media>:\split.avi
- <Drive name for removable media>:\dial.bmp
- <Drive name for removable media>:\toolbar.bmp
- windowsdefenderupdater.exe
- %ALLUSERSPROFILE%\windowsdefenderupdater.exe
- C:\documents and settings\default user\start menu\how to back your files.txt
- C:\documents and settings\default user\start menu\programs\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\start menu\programs\how to back your files.txt
- C:\documents and settings\default user\start menu\programs\maintenance\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\start menu\programs\maintenance\how to back your files.txt
- C:\documents and settings\default user\start menu\programs\accessories\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\start menu\programs\accessories\how to back your files.txt
- C:\documents and settings\default user\start menu\programs\accessories\system tools\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\templates\how to back your files.txt
- C:\documents and settings\default user\start menu\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\start menu\programs\accessories\system tools\how to back your files.txt
- C:\documents and settings\default user\sendto\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\sendto\compressed (zipped) folder.zfsendtotarget
- C:\documents and settings\default user\sendto\desktop (create shortcut).desklink
- C:\documents and settings\default user\sendto\mail recipient.mapimail
- C:\documents and settings\default user\sendto\how to back your files.txt
- C:\documents and settings\default user\saved games\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\saved games\how to back your files.txt
- C:\documents and settings\default user\recent\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\start menu\programs\accessories\accessibility\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\start menu\programs\accessories\accessibility\how to back your files.txt
- C:\documents and settings\default user\templates\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\videos\how to back your files.txt
- C:\documents and settings\default user\videos\.c4d1664ef40ce18f8d41
- %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\how to back your files.txt
- %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\startupcache\.c4d1664ef40ce18f8d41
- %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\startupcache\startupcache.4.little
- %TEMP%\tmp56f5.tmp.exe
- %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\startupcache\how to back your files.txt
- %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache2\.c4d1664ef40ce18f8d41
- D:\$recycle.bin\s-1-5-21-1960123792-2022915161-3775307078-1001\.c4d1664ef40ce18f8d41
- %ALLUSERSPROFILE%\ids.txt
- C:\$recycle.bin\s-1-5-21-1960123792-2022915161-3775307078-1001\.c4d1664ef40ce18f8d41
- %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\_cache_clean_
- %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache2\doomed\.c4d1664ef40ce18f8d41
- C:\far2\.c4d1664ef40ce18f8d41
- C:\documents and settings\all users\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\ntuser.dat.log
- C:\documents and settings\default user\ntuser.dat.log1
- C:\documents and settings\default user\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf
- C:\documents and settings\default user\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms
- C:\documents and settings\default user\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms
- C:\documents and settings\default user\how to back your files.txt
- C:\$recycle.bin\how to back your files.txt
- C:\documents and settings\default user\recent\how to back your files.txt
- C:\documents and settings\default user\printhood\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\printhood\how to back your files.txt
- C:\documents and settings\default user\pictures\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\cookies\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\cookies\how to back your files.txt
- C:\documents and settings\default user\application data\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\application data\how to back your files.txt
- C:\documents and settings\default user\application data\microsoft\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\application data\microsoft\how to back your files.txt
- C:\documents and settings\default user\application data\microsoft\internet explorer\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\application data\microsoft\internet explorer\how to back your files.txt
- C:\documents and settings\default user\application data\microsoft\internet explorer\quick launch\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\application data\microsoft\internet explorer\quick launch\how to back your files.txt
- C:\documents and settings\default user\application data\media center programs\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\application data\media center programs\how to back your files.txt
- C:\documents and settings\default user\appdata\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\appdata\how to back your files.txt
- C:\documents and settings\user\ntuser.pol
- C:\documents and settings\user\local settings\thunderbird\profiles\wjj9aet2.default\cache2\how to back your files.txt
- C:\documents and settings\user\local settings\thunderbird\profiles\wjj9aet2.default\cache2\entries\.c4d1664ef40ce18f8d41
- C:\documents and settings\user\local settings\thunderbird\profiles\wjj9aet2.default\cache2\entries\how to back your files.txt
- C:\$recycle.bin\s-1-5-21-1960123792-2022915161-3775307078-1001\how to back your files.txt
- C:\far2\addons\.c4d1664ef40ce18f8d41
- %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\desktop\how to back your files.txt
- C:\documents and settings\default user\downloads\how to back your files.txt
- C:\documents and settings\default user\desktop\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\downloads\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\pictures\how to back your files.txt
- C:\documents and settings\default user\nethood\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\nethood\how to back your files.txt
- C:\documents and settings\default user\my documents\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\my documents\how to back your files.txt
- C:\documents and settings\default user\my documents\my music\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\my documents\my music\how to back your files.txt
- C:\documents and settings\default user\local settings\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\local settings\how to back your files.txt
- C:\documents and settings\default user\local settings\<INETFILES>\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\local settings\<INETFILES>\how to back your files.txt
- C:\documents and settings\default user\local settings\temp\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\local settings\temp\how to back your files.txt
- C:\documents and settings\default user\local settings\microsoft\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\local settings\microsoft\how to back your files.txt
- C:\documents and settings\default user\local settings\history\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\local settings\history\how to back your files.txt
- C:\documents and settings\default user\links\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\links\how to back your files.txt
- C:\documents and settings\default user\favorites\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\favorites\how to back your files.txt
- %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\0\.c4d1664ef40ce18f8d41
- %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\.c4d1664ef40ce18f8d41
- %HOMEPATH%\local settings\thunderbird\profiles\how to back your files.txt
- %HOMEPATH%\local settings\thunderbird\profiles\.c4d1664ef40ce18f8d41
- %HOMEPATH%\start menu\programs\telegram desktop\.c4d1664ef40ce18f8d41
- %HOMEPATH%\start menu\programs\telegram desktop\how to back your files.txt
- %HOMEPATH%\start menu\programs\maintenance\.c4d1664ef40ce18f8d41
- %HOMEPATH%\start menu\programs\maintenance\how to back your files.txt
- %HOMEPATH%\start menu\programs\mail.ru\.c4d1664ef40ce18f8d41
- %HOMEPATH%\start menu\programs\mail.ru\how to back your files.txt
- %HOMEPATH%\start menu\programs\icq\.c4d1664ef40ce18f8d41
- %HOMEPATH%\start menu\programs\icq\how to back your files.txt
- %HOMEPATH%\start menu\programs\total commander\.c4d1664ef40ce18f8d41
- %HOMEPATH%\start menu\programs\total commander\how to back your files.txt
- %HOMEPATH%\start menu\programs\administrative tools\.c4d1664ef40ce18f8d41
- D:\$recycle.bin\.c4d1664ef40ce18f8d41
- D:\system volume information\.c4d1664ef40ce18f8d41
- %HOMEPATH%\start menu\programs\accessories\how to back your files.txt
- %HOMEPATH%\start menu\programs\accessories\system tools\.c4d1664ef40ce18f8d41
- %HOMEPATH%\start menu\programs\accessories\system tools\how to back your files.txt
- %HOMEPATH%\start menu\programs\accessories\accessibility\.c4d1664ef40ce18f8d41
- %HOMEPATH%\start menu\programs\accessories\accessibility\how to back your files.txt
- %HOMEPATH%\sendto\.c4d1664ef40ce18f8d41
- %HOMEPATH%\start menu\programs\administrative tools\how to back your files.txt
- %HOMEPATH%\start menu\programs\accessories\.c4d1664ef40ce18f8d41
- %HOMEPATH%\start menu\programs\winrar\how to back your files.txt
- %HOMEPATH%\start menu\programs\winrar\.c4d1664ef40ce18f8d41
- %HOMEPATH%\start menu\programs\how to back your files.txt
- <Current directory>\ids.txt
- z:\.c4d1664ef40ce18f8d41
- D:\.c4d1664ef40ce18f8d41
- C:\.c4d1664ef40ce18f8d41
- C:\$recycle.bin\.c4d1664ef40ce18f8d41
- C:\how to back your files.txt
- C:\users\.c4d1664ef40ce18f8d41
- C:\users\how to back your files.txt
- %HOMEPATH%\.c4d1664ef40ce18f8d41
- %ALLUSERSPROFILE%\local\.c4d1664ef40ce18f8d41
- z:\system volume information\.c4d1664ef40ce18f8d41
- %HOMEPATH%\voip\.c4d1664ef40ce18f8d41
- %HOMEPATH%\voip\how to back your files.txt
- %HOMEPATH%\videos\.c4d1664ef40ce18f8d41
- %HOMEPATH%\videos\how to back your files.txt
- %HOMEPATH%\templates\.c4d1664ef40ce18f8d41
- %HOMEPATH%\templates\how to back your files.txt
- %HOMEPATH%\start menu\.c4d1664ef40ce18f8d41
- %HOMEPATH%\start menu\how to back your files.txt
- %HOMEPATH%\start menu\programs\.c4d1664ef40ce18f8d41
- %HOMEPATH%\how to back your files.txt
- %HOMEPATH%\sendto\compressed (zipped) folder.zfsendtotarget
- %HOMEPATH%\sendto\desktop (create shortcut).desklink
- %HOMEPATH%\sendto\mail recipient.mapimail
- %HOMEPATH%\sendto\how to back your files.txt
- %HOMEPATH%\printhood\.c4d1664ef40ce18f8d41
- %HOMEPATH%\printhood\how to back your files.txt
- %HOMEPATH%\pictures\.c4d1664ef40ce18f8d41
- %HOMEPATH%\pictures\how to back your files.txt
- %HOMEPATH%\nethood\.c4d1664ef40ce18f8d41
- %HOMEPATH%\nethood\how to back your files.txt
- %HOMEPATH%\my documents\.c4d1664ef40ce18f8d41
- %HOMEPATH%\my documents\how to back your files.txt
- %HOMEPATH%\my documents\my music\.c4d1664ef40ce18f8d41
- %HOMEPATH%\my documents\my music\how to back your files.txt
- %HOMEPATH%\local settings\.c4d1664ef40ce18f8d41
- %HOMEPATH%\local settings\gdipfontcachev1.dat
- %HOMEPATH%\local settings\iconcache.db
- %HOMEPATH%\local settings\how to back your files.txt
- %HOMEPATH%\local settings\virtualstore\.c4d1664ef40ce18f8d41
- %HOMEPATH%\local settings\virtualstore\how to back your files.txt
- %HOMEPATH%\local settings\thunderbird\.c4d1664ef40ce18f8d41
- %HOMEPATH%\local settings\thunderbird\how to back your files.txt
- %HOMEPATH%\local settings\thunderbird\updates\.c4d1664ef40ce18f8d41
- %HOMEPATH%\local settings\thunderbird\updates\how to back your files.txt
- %HOMEPATH%\local settings\thunderbird\updates\8216c80c92c4e828\.c4d1664ef40ce18f8d41
- %HOMEPATH%\recent\automaticdestinations\how to back your files.txt
- %HOMEPATH%\recent\automaticdestinations\74d7f43c1561fc1e.automaticdestinations-ms
- %HOMEPATH%\recent\automaticdestinations\7e4dca80246863e3.automaticdestinations-ms
- %HOMEPATH%\recent\automaticdestinations\1b4dd67f29cb1962.automaticdestinations-ms
- %HOMEPATH%\searches\.c4d1664ef40ce18f8d41
- %HOMEPATH%\searches\how to back your files.txt
- %HOMEPATH%\saved games\.c4d1664ef40ce18f8d41
- %HOMEPATH%\saved games\how to back your files.txt
- %HOMEPATH%\recent\.c4d1664ef40ce18f8d41
- %HOMEPATH%\recent\how to back your files.txt
- %HOMEPATH%\recent\customdestinations\.c4d1664ef40ce18f8d41
- %HOMEPATH%\recent\customdestinations\10a2479c877ca098.customdestinations-ms
- %HOMEPATH%\recent\customdestinations\1b4dd67f29cb1962.customdestinations-ms
- %HOMEPATH%\recent\customdestinations\28c8b86deab549a1.customdestinations-ms
- %HOMEPATH%\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms
- %HOMEPATH%\recent\customdestinations\5afe4de1b92fc382.customdestinations-ms
- %HOMEPATH%\recent\customdestinations\5d696d521de238c3.customdestinations-ms
- %HOMEPATH%\recent\customdestinations\74d7f43c1561fc1e.customdestinations-ms
- %HOMEPATH%\recent\customdestinations\7e4dca80246863e3.customdestinations-ms
- %HOMEPATH%\recent\customdestinations\9027fe24326910d2.customdestinations-ms
- %HOMEPATH%\recent\customdestinations\969252ce11249fdd.customdestinations-ms
- %HOMEPATH%\recent\customdestinations\bf8efb871eda5262.customdestinations-ms
- %HOMEPATH%\recent\customdestinations\c312e260e424ae76.customdestinations-ms
- %HOMEPATH%\recent\customdestinations\how to back your files.txt
- %HOMEPATH%\recent\automaticdestinations\.c4d1664ef40ce18f8d41
- %HOMEPATH%\local settings\thunderbird\updates\8216c80c92c4e828\how to back your files.txt
- %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\_cache_001_
- %ALLUSERSPROFILE%\local\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\recent\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\saved games\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\sendto\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\start menu\programs\accessories\accessibility\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\start menu\programs\accessories\system tools\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\start menu\programs\accessories\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\start menu\programs\maintenance\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\start menu\programs\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\printhood\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\start menu\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\videos\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\.c4d1664ef40ce18f8d41
- C:\documents and settings\all users\.c4d1664ef40ce18f8d41
- C:\far2\.c4d1664ef40ce18f8d41
- %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache2\doomed\.c4d1664ef40ce18f8d41
- C:\$recycle.bin\s-1-5-21-1960123792-2022915161-3775307078-1001\.c4d1664ef40ce18f8d41
- D:\$recycle.bin\s-1-5-21-1960123792-2022915161-3775307078-1001\.c4d1664ef40ce18f8d41
- %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache2\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\templates\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\pictures\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\nethood\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\my documents\.c4d1664ef40ce18f8d41
- C:\far2\addons\.c4d1664ef40ce18f8d41
- C:\documents and settings\user\local settings\thunderbird\profiles\wjj9aet2.default\cache2\entries\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\appdata\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\application data\media center programs\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\application data\microsoft\internet explorer\quick launch\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\application data\microsoft\internet explorer\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\application data\microsoft\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\application data\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\cookies\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\desktop\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\downloads\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\favorites\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\links\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\local settings\history\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\local settings\microsoft\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\local settings\temp\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\local settings\<INETFILES>\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\local settings\.c4d1664ef40ce18f8d41
- C:\documents and settings\default user\my documents\my music\.c4d1664ef40ce18f8d41
- <Drive name for removable media>:\.c4d1664ef40ce18f8d41
- %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\.c4d1664ef40ce18f8d41
- %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\startupcache\.c4d1664ef40ce18f8d41
- %HOMEPATH%\local settings\thunderbird\profiles\.c4d1664ef40ce18f8d41
- %HOMEPATH%\start menu\programs\mail.ru\.c4d1664ef40ce18f8d41
- %HOMEPATH%\start menu\programs\maintenance\.c4d1664ef40ce18f8d41
- %HOMEPATH%\start menu\programs\startup\.c4d1664ef40ce18f8d41
- %HOMEPATH%\start menu\programs\telegram desktop\.c4d1664ef40ce18f8d41
- %HOMEPATH%\start menu\programs\total commander\.c4d1664ef40ce18f8d41
- %HOMEPATH%\start menu\programs\winrar\.c4d1664ef40ce18f8d41
- %HOMEPATH%\start menu\programs\.c4d1664ef40ce18f8d41
- %HOMEPATH%\start menu\.c4d1664ef40ce18f8d41
- %HOMEPATH%\start menu\programs\icq\.c4d1664ef40ce18f8d41
- %HOMEPATH%\templates\.c4d1664ef40ce18f8d41
- %HOMEPATH%\voip\.c4d1664ef40ce18f8d41
- z:\system volume information\.c4d1664ef40ce18f8d41
- %HOMEPATH%\.c4d1664ef40ce18f8d41
- C:\users\.c4d1664ef40ce18f8d41
- C:\$recycle.bin\.c4d1664ef40ce18f8d41
- C:\.c4d1664ef40ce18f8d41
- D:\.c4d1664ef40ce18f8d41
- z:\.c4d1664ef40ce18f8d41
- %HOMEPATH%\videos\.c4d1664ef40ce18f8d41
- %HOMEPATH%\start menu\programs\administrative tools\.c4d1664ef40ce18f8d41
- %HOMEPATH%\start menu\programs\accessories\.c4d1664ef40ce18f8d41
- D:\$recycle.bin\.c4d1664ef40ce18f8d41
- %HOMEPATH%\local settings\thunderbird\updates\8216c80c92c4e828\.c4d1664ef40ce18f8d41
- %HOMEPATH%\local settings\thunderbird\updates\.c4d1664ef40ce18f8d41
- %HOMEPATH%\local settings\thunderbird\.c4d1664ef40ce18f8d41
- %HOMEPATH%\local settings\virtualstore\.c4d1664ef40ce18f8d41
- %HOMEPATH%\local settings\.c4d1664ef40ce18f8d41
- %HOMEPATH%\my documents\my music\.c4d1664ef40ce18f8d41
- %HOMEPATH%\my documents\.c4d1664ef40ce18f8d41
- %HOMEPATH%\nethood\.c4d1664ef40ce18f8d41
- %HOMEPATH%\pictures\.c4d1664ef40ce18f8d41
- %HOMEPATH%\printhood\.c4d1664ef40ce18f8d41
- %HOMEPATH%\recent\automaticdestinations\.c4d1664ef40ce18f8d41
- %HOMEPATH%\recent\customdestinations\.c4d1664ef40ce18f8d41
- %HOMEPATH%\recent\.c4d1664ef40ce18f8d41
- %HOMEPATH%\saved games\.c4d1664ef40ce18f8d41
- %HOMEPATH%\searches\.c4d1664ef40ce18f8d41
- %HOMEPATH%\sendto\.c4d1664ef40ce18f8d41
- %HOMEPATH%\start menu\programs\accessories\accessibility\.c4d1664ef40ce18f8d41
- %HOMEPATH%\start menu\programs\accessories\system tools\.c4d1664ef40ce18f8d41
- D:\system volume information\.c4d1664ef40ce18f8d41
- %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\.c4d1664ef40ce18f8d41
- %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\cache\0\.c4d1664ef40ce18f8d41
- from %HOMEPATH%\sendto\compressed (zipped) folder.zfsendtotarget to %HOMEPATH%\sendto\compressed (zipped) folder.zfsendtotarget.globeimposter-alpha865qqz
- from C:\documents and settings\default user\sendto\desktop (create shortcut).desklink to C:\documents and settings\default user\sendto\desktop (create shortcut).desklink.globeimposter-alpha865qqz
- from C:\documents and settings\default user\sendto\compressed (zipped) folder.zfsendtotarget to C:\documents and settings\default user\sendto\compressed (zipped) folder.zfsendtotarget.globeimposter-alpha865qqz
- from C:\documents and settings\default user\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms to C:\documents and settings\default user\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms.globeimposter-alpha865qqz
- from C:\documents and settings\default user\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms to C:\documents and settings\default user\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms.globeimposter-alpha865qqz
- from C:\documents and settings\default user\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf to C:\documents and settings\default user\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf.globeimposter-alpha865qqz
- from C:\documents and settings\default user\ntuser.dat.log1 to C:\documents and settings\default user\ntuser.dat.log1.globeimposter-alpha865qqz
- from C:\documents and settings\default user\ntuser.dat.log to C:\documents and settings\default user\ntuser.dat.log.globeimposter-alpha865qqz
- from %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\startupcache\startupcache.4.little to %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\startupcache\startupcache.4.little.globeimposter-alpha865qqz
- from %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\_cache_clean_ to %HOMEPATH%\local settings\thunderbird\profiles\wjj9aet2.default\_cache_clean_.globeimposter-alpha865qqz
- from %HOMEPATH%\local settings\iconcache.db to %HOMEPATH%\local settings\iconcache.db.globeimposter-alpha865qqz
- from %HOMEPATH%\local settings\gdipfontcachev1.dat to %HOMEPATH%\local settings\gdipfontcachev1.dat.globeimposter-alpha865qqz
- from %HOMEPATH%\recent\automaticdestinations\7e4dca80246863e3.automaticdestinations-ms to %HOMEPATH%\recent\automaticdestinations\7e4dca80246863e3.automaticdestinations-ms.globeimposter-alpha865qqz
- from %HOMEPATH%\recent\automaticdestinations\74d7f43c1561fc1e.automaticdestinations-ms to %HOMEPATH%\recent\automaticdestinations\74d7f43c1561fc1e.automaticdestinations-ms.globeimposter-alpha865qqz
- from C:\documents and settings\default user\sendto\mail recipient.mapimail to C:\documents and settings\default user\sendto\mail recipient.mapimail.globeimposter-alpha865qqz
- from %HOMEPATH%\recent\automaticdestinations\1b4dd67f29cb1962.automaticdestinations-ms to %HOMEPATH%\recent\automaticdestinations\1b4dd67f29cb1962.automaticdestinations-ms.globeimposter-alpha865qqz
- from %HOMEPATH%\recent\customdestinations\bf8efb871eda5262.customdestinations-ms to %HOMEPATH%\recent\customdestinations\bf8efb871eda5262.customdestinations-ms.globeimposter-alpha865qqz
- from %HOMEPATH%\recent\customdestinations\969252ce11249fdd.customdestinations-ms to %HOMEPATH%\recent\customdestinations\969252ce11249fdd.customdestinations-ms.globeimposter-alpha865qqz
- from %HOMEPATH%\recent\customdestinations\9027fe24326910d2.customdestinations-ms to %HOMEPATH%\recent\customdestinations\9027fe24326910d2.customdestinations-ms.globeimposter-alpha865qqz
- from %HOMEPATH%\recent\customdestinations\7e4dca80246863e3.customdestinations-ms to %HOMEPATH%\recent\customdestinations\7e4dca80246863e3.customdestinations-ms.globeimposter-alpha865qqz
- from %HOMEPATH%\recent\customdestinations\74d7f43c1561fc1e.customdestinations-ms to %HOMEPATH%\recent\customdestinations\74d7f43c1561fc1e.customdestinations-ms.globeimposter-alpha865qqz
- from %HOMEPATH%\recent\customdestinations\5d696d521de238c3.customdestinations-ms to %HOMEPATH%\recent\customdestinations\5d696d521de238c3.customdestinations-ms.globeimposter-alpha865qqz
- from %HOMEPATH%\recent\customdestinations\5afe4de1b92fc382.customdestinations-ms to %HOMEPATH%\recent\customdestinations\5afe4de1b92fc382.customdestinations-ms.globeimposter-alpha865qqz
- from %HOMEPATH%\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms to %HOMEPATH%\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms.globeimposter-alpha865qqz
- from %HOMEPATH%\recent\customdestinations\28c8b86deab549a1.customdestinations-ms to %HOMEPATH%\recent\customdestinations\28c8b86deab549a1.customdestinations-ms.globeimposter-alpha865qqz
- from %HOMEPATH%\recent\customdestinations\1b4dd67f29cb1962.customdestinations-ms to %HOMEPATH%\recent\customdestinations\1b4dd67f29cb1962.customdestinations-ms.globeimposter-alpha865qqz
- from %HOMEPATH%\recent\customdestinations\10a2479c877ca098.customdestinations-ms to %HOMEPATH%\recent\customdestinations\10a2479c877ca098.customdestinations-ms.globeimposter-alpha865qqz
- from %HOMEPATH%\sendto\mail recipient.mapimail to %HOMEPATH%\sendto\mail recipient.mapimail.globeimposter-alpha865qqz
- from %HOMEPATH%\sendto\desktop (create shortcut).desklink to %HOMEPATH%\sendto\desktop (create shortcut).desklink.globeimposter-alpha865qqz
- from %HOMEPATH%\recent\customdestinations\c312e260e424ae76.customdestinations-ms to %HOMEPATH%\recent\customdestinations\c312e260e424ae76.customdestinations-ms.globeimposter-alpha865qqz
- from C:\documents and settings\user\ntuser.pol to C:\documents and settings\user\ntuser.pol.globeimposter-alpha865qqz
- '%ALLUSERSPROFILE%\windowsdefenderupdater.exe'
- '%TEMP%\tmp56f5.tmp.exe'
- '%WINDIR%\syswow64\cmd.exe' /c @echo off sc config browser sc config browser start=enabled vssadmin delete shadows /all /quiet sc stop vss sc config vss start=disabled sc stop MongoDB sc config MongoDB start=disabl...