Technical Information
- <Drive name for removable media>:\delete.avi
- iexplore.exe
- %APPDATA%\ecdh_pub_k.bin
- %LOCALAPPDATA%\microsoft\windows mail\backup\decr.txt
- %LOCALAPPDATA%\microsoft\windows mail\backup\new\decr.txt
- %LOCALAPPDATA%\microsoft\office\decr.txt
- %LOCALAPPDATA%\microsoft\office\groove\decr.txt
- %LOCALAPPDATA%\microsoft\office\groove\user\decr.txt
- %LOCALAPPDATA%\microsoft\office\groove\system\decr.txt
- %LOCALAPPDATA%\microsoft\media player\decr.txt
- %LOCALAPPDATA%\microsoft\media player\sync playlists\decr.txt
- %LOCALAPPDATA%\microsoft\media player\sync playlists\en-us\decr.txt
- %LOCALAPPDATA%\microsoft\media player\sync playlists\en-us\0000b025\decr.txt
- %LOCALAPPDATA%\microsoft\feeds cache\decr.txt
- %LOCALAPPDATA%\microsoft\feeds cache\xwtafhng\decr.txt
- %LOCALAPPDATA%\microsoft\feeds cache\bbs9hw0e\decr.txt
- %LOCALAPPDATA%\microsoft\feeds cache\6fwa5ftw\decr.txt
- %LOCALAPPDATA%\microsoft\feeds cache\15ivkcr3\decr.txt
- %LOCALAPPDATA%\microsoft\feeds\decr.txt
- %LOCALAPPDATA%\microsoft\feeds\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\decr.txt
- %LOCALAPPDATA%\microsoft\windows mail\stationery\decr.txt
- %LOCALAPPDATA%\microsoft\windows media\12.0\decr.txt
- %LOCALAPPDATA%\thunderbird\profiles\chdgbv82.default-release\safebrowsing\google4\decr.txt
- %LOCALAPPDATA%\microsoft\windows media\decr.txt
- %LOCALAPPDATA%\thunderbird\profiles\chdgbv82.default-release\cache2\decr.txt
- %LOCALAPPDATA%\thunderbird\profiles\chdgbv82.default-release\cache2\entries\decr.txt
- %LOCALAPPDATA%\thunderbird\profiles\chdgbv82.default-release\cache2\doomed\decr.txt
- %TEMP%\decr.txt
- %TEMP%\wpdnse\decr.txt
- %TEMP%\opera installer\decr.txt
- %TEMP%\microsoft visual c++ 2010 x86 redistributable setup_10.0.30319\decr.txt
- %TEMP%\microsoft visual c++ 2010 x64 redistributable setup_10.0.30319\decr.txt
- %TEMP%\microsoft .net framework 4 setup_4.0.30319\decr.txt
- %TEMP%\low\decr.txt
- %TEMP%\hsperfdata_user\decr.txt
- %LOCALAPPDATA%\programs\decr.txt
- %LOCALAPPDATA%\programs\common\decr.txt
- %LOCALAPPDATA%\microsoft help\decr.txt
- %LOCALAPPDATA%\microsoft\decr.txt
- %LOCALAPPDATA%\microsoft\windows sidebar\decr.txt
- %LOCALAPPDATA%\microsoft\windows sidebar\gadgets\decr.txt
- %LOCALAPPDATA%\microsoft\feeds\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\webslices~\decr.txt
- %LOCALAPPDATA%\microsoft\windows mail\decr.txt
- %LOCALAPPDATA%\microsoft\feeds\microsoft feeds~\decr.txt
- C:\users\default\links\decr.txt
- C:\users\default\downloads\decr.txt
- C:\users\default\documents\decr.txt
- C:\users\default\desktop\decr.txt
- C:\users\default\appdata\decr.txt
- C:\users\default\appdata\roaming\decr.txt
- C:\users\default\appdata\roaming\microsoft\decr.txt
- C:\users\default\appdata\roaming\media center programs\decr.txt
- C:\users\default\appdata\local\decr.txt
- C:\users\default\appdata\local\temp\decr.txt
- C:\users\default\appdata\local\microsoft\decr.txt
- C:\recovery\decr.txt
- C:\recovery\4cc8e8a4-51d2-11ee-b826-9a90d4dcffb5\decr.txt
- C:\perflogs\decr.txt
- C:\perflogs\admin\decr.txt
- C:\msocache\decr.txt
- C:\kms\decr.txt
- D:\decr.txt
- C:\users\default\favorites\decr.txt
- C:\users\default\music\decr.txt
- %LOCALAPPDATA%\microsoft\credentials\decr.txt
- C:\users\default\pictures\decr.txt
- C:\users\public\decr.txt
- C:\users\public\videos\decr.txt
- C:\users\public\videos\sample videos\decr.txt
- C:\users\public\recorded tv\decr.txt
- C:\users\public\recorded tv\sample media\decr.txt
- C:\users\public\pictures\decr.txt
- C:\users\public\pictures\sample pictures\decr.txt
- C:\users\public\music\decr.txt
- C:\users\public\music\sample music\decr.txt
- C:\users\public\libraries\decr.txt
- C:\users\public\favorites\decr.txt
- C:\users\public\downloads\decr.txt
- C:\users\public\documents\decr.txt
- C:\users\public\desktop\decr.txt
- C:\users\default\decr.txt
- C:\users\default\videos\decr.txt
- C:\users\default\saved games\decr.txt
- %LOCALAPPDATA%\microsoft\feeds\feeds for united states~\decr.txt
- %LOCALAPPDATA%\thunderbird\profiles\chdgbv82.default-release\safebrowsing\decr.txt
- from %TEMP%\adobearm.log to %TEMP%\adobearm.log.__nist_k571__
- from %TEMP%\dd_vcredist_amd64_20230912172247_002_vcruntimeadditional_x64.log to %TEMP%\dd_vcredist_amd64_20230912172247_002_vcruntimeadditional_x64.log.__nist_k571__
- from %TEMP%\dd_vcredist_amd64_20230912172315.log to %TEMP%\dd_vcredist_amd64_20230912172315.log.__nist_k571__
- from %TEMP%\dd_vcredist_x86_20230912171710.log to %TEMP%\dd_vcredist_x86_20230912171710.log.__nist_k571__
- from %TEMP%\dd_vcredist_x86_20230912171710_0_vcruntimeminimum_x86.log to %TEMP%\dd_vcredist_x86_20230912171710_0_vcruntimeminimum_x86.log.__nist_k571__
- from %TEMP%\dd_vcredist_x86_20230912171710_1_vcruntimeadditional_x86.log to %TEMP%\dd_vcredist_x86_20230912171710_1_vcruntimeadditional_x86.log.__nist_k571__
- from %TEMP%\dd_vcredist_x86_20230912171759.log to %TEMP%\dd_vcredist_x86_20230912171759.log.__nist_k571__
- from %TEMP%\dd_vcredist_x86_20230912171759_0_vcruntimeminimum_x86.log to %TEMP%\dd_vcredist_x86_20230912171759_0_vcruntimeminimum_x86.log.__nist_k571__
- from %TEMP%\dd_vcredist_x86_20230912171759_1_vcruntimeadditional_x86.log to %TEMP%\dd_vcredist_x86_20230912171759_1_vcruntimeadditional_x86.log.__nist_k571__
- from %TEMP%\dd_vcredist_x86_20230912171936.log to %TEMP%\dd_vcredist_x86_20230912171936.log.__nist_k571__
- from %TEMP%\dd_vcredist_x86_20230912171936_000_vcruntimeminimum_x86.log to %TEMP%\dd_vcredist_x86_20230912171936_000_vcruntimeminimum_x86.log.__nist_k571__
- from %TEMP%\dd_vcredist_x86_20230912171936_001_vcruntimeadditional_x86.log to %TEMP%\dd_vcredist_x86_20230912171936_001_vcruntimeadditional_x86.log.__nist_k571__
- from %TEMP%\dd_vcredist_x86_20230912172157.log to %TEMP%\dd_vcredist_x86_20230912172157.log.__nist_k571__
- from %TEMP%\dd_vcredist_x86_20230912172157_001_vcruntimeminimum_x86.log to %TEMP%\dd_vcredist_x86_20230912172157_001_vcruntimeminimum_x86.log.__nist_k571__
- from %TEMP%\dd_vcredist_x86_20230912172157_002_vcruntimeadditional_x86.log to %TEMP%\dd_vcredist_x86_20230912172157_002_vcruntimeadditional_x86.log.__nist_k571__
- from %TEMP%\dd_vcredist_x86_20230912172224.log to %TEMP%\dd_vcredist_x86_20230912172224.log.__nist_k571__
- from %TEMP%\dd_vcredist_x86_20230912172322.log to %TEMP%\dd_vcredist_x86_20230912172322.log.__nist_k571__
- from %TEMP%\dd_vcredist_x86_20230912172322_001_vcruntimeminimum_x86.log to %TEMP%\dd_vcredist_x86_20230912172322_001_vcruntimeminimum_x86.log.__nist_k571__
- from %TEMP%\dd_vcredist_x86_20230912172322_002_vcruntimeadditional_x86.log to %TEMP%\dd_vcredist_x86_20230912172322_002_vcruntimeadditional_x86.log.__nist_k571__
- from %TEMP%\dd_vcredist_x86_20230912172350.log to %TEMP%\dd_vcredist_x86_20230912172350.log.__nist_k571__
- from %TEMP%\dd_wcf_ca_smci_20230913_002944_977.txt to %TEMP%\dd_wcf_ca_smci_20230913_002944_977.txt.__nist_k571__
- from %TEMP%\dd_wcf_ca_smci_20230913_002946_802.txt to %TEMP%\dd_wcf_ca_smci_20230913_002946_802.txt.__nist_k571__
- from %TEMP%\dd_vcredist_amd64_20230912172247_001_vcruntimeminimum_x64.log to %TEMP%\dd_vcredist_amd64_20230912172247_001_vcruntimeminimum_x64.log.__nist_k571__
- from %TEMP%\opera installer\opera_installer_20230912173243.log to %TEMP%\opera installer\opera_installer_20230912173243.log.__nist_k571__
- from %TEMP%\dd_vcredist_amd64_20230912172247.log to %TEMP%\dd_vcredist_amd64_20230912172247.log.__nist_k571__
- from %TEMP%\dd_vcredist_amd64_20230912172034_002_vcruntimeadditional_x64.log to %TEMP%\dd_vcredist_amd64_20230912172034_002_vcruntimeadditional_x64.log.__nist_k571__
- from %TEMP%\adobesfx.log to %TEMP%\adobesfx.log.__nist_k571__
- from %TEMP%\armui.ini to %TEMP%\armui.ini.__nist_k571__
- from %TEMP%\aspnetsetup_00000.log to %TEMP%\aspnetsetup_00000.log.__nist_k571__
- from %TEMP%\aspnetsetup_00001.log to %TEMP%\aspnetsetup_00001.log.__nist_k571__
- from %TEMP%\chrome_installer.log to %TEMP%\chrome_installer.log.__nist_k571__
- from %TEMP%\dd_dotnetfx40_full_x86_x64_decompression_log.txt to %TEMP%\dd_dotnetfx40_full_x86_x64_decompression_log.txt.__nist_k571__
- from %TEMP%\dd_ndp48-x86-x64-allos-enu_decompression_log.txt to %TEMP%\dd_ndp48-x86-x64-allos-enu_decompression_log.txt.__nist_k571__
- from %TEMP%\dd_setuputility.txt to %TEMP%\dd_setuputility.txt.__nist_k571__
- from %TEMP%\dd_vcredistmsi12db.txt to %TEMP%\dd_vcredistmsi12db.txt.__nist_k571__
- from %TEMP%\dd_vcredistui12db.txt to %TEMP%\dd_vcredistui12db.txt.__nist_k571__
- from %TEMP%\dd_vcredist_amd64_20230912171641.log to %TEMP%\dd_vcredist_amd64_20230912171641.log.__nist_k571__
- from %TEMP%\dd_vcredist_amd64_20230912171641_0_vcruntimeminimum_x64.log to %TEMP%\dd_vcredist_amd64_20230912171641_0_vcruntimeminimum_x64.log.__nist_k571__
- from %TEMP%\dd_vcredist_amd64_20230912171641_1_vcruntimeadditional_x64.log to %TEMP%\dd_vcredist_amd64_20230912171641_1_vcruntimeadditional_x64.log.__nist_k571__
- from %TEMP%\dd_vcredist_amd64_20230912171735.log to %TEMP%\dd_vcredist_amd64_20230912171735.log.__nist_k571__
- from %TEMP%\dd_vcredist_amd64_20230912171735_0_vcruntimeminimum_x64.log to %TEMP%\dd_vcredist_amd64_20230912171735_0_vcruntimeminimum_x64.log.__nist_k571__
- from %TEMP%\dd_vcredist_amd64_20230912171735_1_vcruntimeadditional_x64.log to %TEMP%\dd_vcredist_amd64_20230912171735_1_vcruntimeadditional_x64.log.__nist_k571__
- from %TEMP%\dd_vcredist_amd64_20230912171824.log to %TEMP%\dd_vcredist_amd64_20230912171824.log.__nist_k571__
- from %TEMP%\dd_vcredist_amd64_20230912171824_000_vcruntimeminimum_x64.log to %TEMP%\dd_vcredist_amd64_20230912171824_000_vcruntimeminimum_x64.log.__nist_k571__
- from %TEMP%\dd_vcredist_amd64_20230912171824_001_vcruntimeadditional_x64.log to %TEMP%\dd_vcredist_amd64_20230912171824_001_vcruntimeadditional_x64.log.__nist_k571__
- from %TEMP%\dd_vcredist_amd64_20230912172034.log to %TEMP%\dd_vcredist_amd64_20230912172034.log.__nist_k571__
- from %TEMP%\dd_vcredist_amd64_20230912172034_001_vcruntimeminimum_x64.log to %TEMP%\dd_vcredist_amd64_20230912172034_001_vcruntimeminimum_x64.log.__nist_k571__
- from %TEMP%\dd_vcredist_amd64_20230912172134.log to %TEMP%\dd_vcredist_amd64_20230912172134.log.__nist_k571__
- from %TEMP%\opera installer\opera_installer_20230912173246.log to %TEMP%\opera installer\opera_installer_20230912173246.log.__nist_k571__