Technical Information
- %LOCALAPPDATA%\google\chrome\user data\default\web data
- %HOMEPATH%\desktop\dashborder_96.bmp
- %HOMEPATH%\desktop\iisstart.html
- %LOCALAPPDATA%\google\chrome\user data\default\login data
- %HOMEPATH%\desktop\ituneshelpunavailable.html
- %LOCALAPPDATA%\google\chrome\user data\default\cookies
- %APPDATA%\opera software\opera stable\login data
- %TEMP%\places.raw
- %TEMP%\tmp9a5.tmp.dat
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\directories\pictures.txt
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\directories\videos.txt
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\directories\startup.txt
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\directories\downloads.txt
- %TEMP%\tmpd7d.tmp.dat
- %TEMP%\tmpd8e.tmp.dat
- %TEMP%\tmpd9f.tmp.dat
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\browsers\google\cookies.txt
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\system\process.txt
- %TEMP%\tmpa32.tmp.dat
- %TEMP%\tmpdce.tmp.dat
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\grabber\drive-c\users\user\downloads\desktop.ini
- %TEMP%\tmp219e.tmp.dat
- %TEMP%\tmp3242.tmp.dat
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\directories\temp.txt
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\directories\drive-f.txt
- %TEMP%\tmp336c.tmp.dat
- %TEMP%\tmp33ab.tmp.dat
- %TEMP%\tmp33ac.tmp.dat
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\system\windows.txt
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\browsers\opera\cookies.txt
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\browsers\opera\history.txt
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\browsers\opera\bookmarks.txt
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\system\desktop.jpg
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\system\scanningnetworks.txt
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\directories\desktop.txt
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\directories\documents.txt
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\grabber\drive-c\users\user\desktop\ituneshelpunavailable.html
- %TEMP%\tmp782.tmp.dat
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\grabber\drive-c\users\user\desktop\iisstart.html
- %ALLUSERSPROFILE%\microsoft\vault\ac658cb4-9126-49bd-b877-31eedab3f204\3ccd5499-87a8-4b10-a215-608888dd3b55.vsch
- %ALLUSERSPROFILE%\microsoft\vault\ac658cb4-9126-49bd-b877-31eedab3f204\2f1a6504-0641-44cf-8bb5-3612d865f2e5.vsch
- %LOCALAPPDATA%\microsoft\vault\4bf4c442-9b8a-41a0-b380-dd4a704ddb28\policy.vpol
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\messenger\telegram\d877f783d5d3ef8c\map0
- %TEMP%\tmpfec8.tmp.dat
- %TEMP%\tmpfef8.tmp.dat
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\browsers\firefox\bookmarks.txt
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\browsers\firefox\cookies.txt
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\browsers\firefox\history.txt
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\system\productkey.txt
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\messenger\telegram\settings0
- %TEMP%\tmp159.tmp.dat
- %LOCALAPPDATA%\178bf1bf000406f1-user.zip
- %TEMP%\tmp31e4.tmp.dat
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\grabber\drive-c\users\user\documents\desktop.ini
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\grabber\drive-f\toolbar.bmp
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\grabber\drive-f\dashborder_96.bmp
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\grabber\drive-f\tree_view.html
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\grabber\drive-f\about.html
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\grabber\drive-f\browse.html
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\grabber\drive-f\arrow-down.png
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\grabber\drive-f\breakpoint.png
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\grabber\drive-f\cleanlyrics.png
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\grabber\drive-f\block.png
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\grabber\drive-c\users\user\desktop\dashborder_96.bmp
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\messenger\telegram\usertag
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\grabber\drive-c\users\user\desktop\desktop.ini
- %ALLUSERSPROFILE%\microsoft\vault\ac658cb4-9126-49bd-b877-31eedab3f204\policy.vpol
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\grabber\drive-c\users\user\pictures\desktop.ini
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\msgid.dat
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\msgid.dat
- %TEMP%\tmpfec8.tmp.dat
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\directories\videos.txt
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\grabber\drive-c\users\user\desktop\dashborder_96.bmp
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\grabber\drive-c\users\user\desktop\desktop.ini
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\grabber\drive-c\users\user\desktop\iisstart.html
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\grabber\drive-c\users\user\desktop\ituneshelpunavailable.html
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\grabber\drive-c\users\user\documents\desktop.ini
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\grabber\drive-c\users\user\downloads\desktop.ini
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\grabber\drive-c\users\user\pictures\desktop.ini
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\grabber\drive-f\about.html
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\grabber\drive-f\arrow-down.png
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\directories\startup.txt
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\directories\temp.txt
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\grabber\drive-f\block.png
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\grabber\drive-f\cleanlyrics.png
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\grabber\drive-f\dashborder_96.bmp
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\grabber\drive-f\toolbar.bmp
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\grabber\drive-f\tree_view.html
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\messenger\telegram\d877f783d5d3ef8c\map0
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\messenger\telegram\settings0
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\messenger\telegram\usertag
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\system\desktop.jpg
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\system\process.txt
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\system\productkey.txt
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\grabber\drive-f\breakpoint.png
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\grabber\drive-f\browse.html
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\directories\pictures.txt
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\directories\drive-f.txt
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\directories\downloads.txt
- %TEMP%\tmp159.tmp.dat
- %TEMP%\tmp782.tmp.dat
- %TEMP%\places.raw
- %TEMP%\tmp9a5.tmp.dat
- %TEMP%\tmpd7d.tmp.dat
- %TEMP%\tmpd8e.tmp.dat
- %TEMP%\tmpd9f.tmp.dat
- %TEMP%\tmpa32.tmp.dat
- %TEMP%\tmpdce.tmp.dat
- %TEMP%\tmp219e.tmp.dat
- %TEMP%\tmp31e4.tmp.dat
- %TEMP%\tmpfef8.tmp.dat
- %TEMP%\tmp3242.tmp.dat
- %TEMP%\tmp33ab.tmp.dat
- %TEMP%\tmp33ac.tmp.dat
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\browsers\firefox\bookmarks.txt
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\browsers\firefox\cookies.txt
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\browsers\firefox\history.txt
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\browsers\google\cookies.txt
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\browsers\opera\bookmarks.txt
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\browsers\opera\cookies.txt
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\browsers\opera\history.txt
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\directories\desktop.txt
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\directories\documents.txt
- %TEMP%\tmp336c.tmp.dat
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\system\scanningnetworks.txt
- %LOCALAPPDATA%\fd59146692c59f25dd76d48e9c9b3335\user@oxkxjbs_en-us\system\windows.txt
- %TEMP%\places.raw
- 'ic###azip.com':80
- 'ap#.##lnikov.org':443
- 'ap#.##legram.org':443
- '10#.#48.201.153':6606
- 'microsoft.com':80
- 'ap#.##lnikov.org':443
- 'ap#.##legram.org':443
- '10#.#48.201.153':6606
- DNS ASK ic###azip.com
- DNS ASK ap#.##lnikov.org
- DNS ASK ap#.##legram.org
- DNS ASK microsoft.com
- '%WINDIR%\syswow64\cmd.exe' /C chcp 65001 && netsh wlan show profile | findstr All
- '%WINDIR%\syswow64\chcp.com' 65001
- '%WINDIR%\syswow64\netsh.exe' wlan show profile
- '%WINDIR%\syswow64\findstr.exe' All
- '%WINDIR%\syswow64\cmd.exe' /C chcp 65001 && netsh wlan show networks mode=bssid
- '%WINDIR%\syswow64\netsh.exe' wlan show networks mode=bssid