Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Alcmeter' = '%TEMP%\VuWi0c84398073V.exe'
- [<HKLM>\Software\Classes\TSILUPFHMPTTBYZ\shell\open\command] '' = '%TEMP%\VuWi0c84398073V.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Alcmeter' = '%TEMP%\Z1KwmCp01uc28dX.exe'
- [<HKLM>\Software\Classes\MCZFRYVRFNKZMMH\shell\open\command] '' = '%TEMP%\Z1KwmCp01uc28dX.exe'
- <Drive name for removable media>:\how to decrypt files.txt
- <Drive name for removable media>:\000814251_video_01.avi
- <Drive name for removable media>:\correct.avi
- <Drive name for removable media>:\join.avi
- %APPDATA%\ggg\satan.exe
- %APPDATA%\ggg\satan2.exe
- %TEMP%\vuwi0c84398073v.exe
- %TEMP%\z1kwmcp01uc28dx.exe
- '%APPDATA%\ggg\satan.exe'
- '%APPDATA%\ggg\satan2.exe'