Technical Information
- [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'UpdateTask' = '%APPDATA%\svchost.exe'
- Windows Task Manager (Taskmgr)
- %HOMEPATH%\desktop\000814251_video_01.avi
- %HOMEPATH%\desktop\tileimage.bmp
- %HOMEPATH%\desktop\thlps_keeper_mayer_1965.docx
- %HOMEPATH%\desktop\testcertificate.cer
- %HOMEPATH%\desktop\sdszfo.docx
- %HOMEPATH%\desktop\ovp25012015.doc
- %HOMEPATH%\desktop\lisp_success.doc
- %HOMEPATH%\desktop\issi2013_template_for_posters.docx
- %HOMEPATH%\desktop\howto-index.html
- %HOMEPATH%\desktop\file_p_00000000_1371597592.docx
- %HOMEPATH%\desktop\dialmap.bmp
- %HOMEPATH%\desktop\dashborder_120.bmp
- %HOMEPATH%\desktop\correct.avi
- %HOMEPATH%\desktop\coffee.bmp
- %HOMEPATH%\desktop\alert.html
- %HOMEPATH%\desktop\advice_process.htm
- %HOMEPATH%\desktop\tree_view.htm
- %HOMEPATH%\desktop\tree_view.html
- ClassName: 'OLLYDBG', WindowName: ''
- %TEMP%\tyson_protected.exe
- %APPDATA%\microsoft\office\recent\decryption instructions.txt
- C:\users\default\appdata\roaming\microsoft\windows\start menu\programs\maintenance\help.lnk.tyson
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\fr\decryption instructions.txt
- %LOCALAPPDATA%\microsoft\windows\wer\reportqueue\critical_microsoft .net f_5deabd23d637fc27acf7bfdd613025667396c824_cab_0a8d2661\decryption instructions.txt
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\microsoft office\decryption instructions.txt
- %APPDATA%\microsoft\internet explorer\quick launch\user pinned\taskbar\windows media player.lnk.tyson
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\accessories\tablet pc\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\he\decryption instructions.txt
- %APPDATA%\microsoft\internet explorer\quick launch\user pinned\taskbar\opera.lnk.tyson
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\q1e129qo\decryption instructions.txt
- %APPDATA%\microsoft\internet explorer\quick launch\user pinned\taskbar\internet explorer.lnk.tyson
- %APPDATA%\microsoft\internet explorer\quick launch\user pinned\taskbar\google chrome.lnk.tyson
- %APPDATA%\microsoft\internet explorer\quick launch\user pinned\taskbar\firefox.lnk.tyson
- %APPDATA%\microsoft\internet explorer\quick launch\user pinned\taskbar\decryption instructions.txt
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\accessories\decryption instructions.txt
- %ALLUSERSPROFILE%\microsoft\windows\wer\reportqueue\noncritical_x64_528c94ccf5464e2e06249b41105333fcda5052_cab_05e13dfe\decryption instructions.txt
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\accessories\windows powershell\decryption instructions.txt
- %APPDATA%\microsoft\uproof\decryption instructions.txt
- %APPDATA%\microsoft\uproof\custom.dic.tyson
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\id\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\hu\decryption instructions.txt
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\administrative tools\decryption instructions.txt
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\winrar\decryption instructions.txt
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\steam\decryption instructions.txt
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\startup\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\hr\decryption instructions.txt
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\decryption instructions.txt
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\microsoft office\microsoft office 2010 tools\decryption instructions.txt
- %APPDATA%\microsoft\office\recent\templates.lnk.tyson
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\hi\decryption instructions.txt
- %LOCALAPPDATA%\microsoft\windows mail\decryption instructions.txt
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\accessories\system tools\decryption instructions.txt
- %APPDATA%\microsoft\internet explorer\quick launch\window switcher.lnk.tyson
- %APPDATA%\microsoft\internet explorer\quick launch\user pinned\taskbar\windows explorer.lnk.tyson
- C:\users\default\appdata\roaming\microsoft\windows\start menu\programs\maintenance\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\fil\decryption instructions.txt
- C:\users\default\appdata\roaming\microsoft\windows\start menu\programs\accessories\system tools\private character editor.lnk.tyson
- %LOCALAPPDATA%\microsoft\windows\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\es_419\decryption instructions.txt
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\decryption instructions.txt
- %LOCALAPPDATA%\microsoft\windows\history\history.ie5\decryption instructions.txt
- %LOCALAPPDATA%\microsoft\windows\history\decryption instructions.txt
- %LOCALAPPDATA%\microsoft\windows\explorer\decryption instructions.txt
- %LOCALAPPDATA%\microsoft\windows\burn\burn\decryption instructions.txt
- C:\users\default\appdata\roaming\microsoft\windows\start menu\programs\accessories\accessibility\magnify.lnk.tyson
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\decryption instructions.txt
- C:\users\default\appdata\roaming\microsoft\windows\start menu\programs\accessories\accessibility\ease of access.lnk.tyson
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\es\decryption instructions.txt
- %ALLUSERSPROFILE%\microsoft\windows\ringtones\decryption instructions.txt
- %HOMEPATH%\music\decryption instructions.txt
- %HOMEPATH%\links\recentplaces.lnk.tyson
- %HOMEPATH%\links\downloads.lnk.tyson
- %LOCALAPPDATA%\microsoft\windows mail\backup\new\decryption instructions.txt
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\accessories\accessibility\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\et\decryption instructions.txt
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\604pwz7f\decryption instructions.txt
- C:\users\default\appdata\roaming\microsoft\windows\start menu\programs\accessories\accessibility\narrator.lnk.tyson
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\decryption instructions.txt
- %APPDATA%\microsoft\internet explorer\quick launch\shows desktop.lnk.tyson
- %APPDATA%\microsoft\internet explorer\quick launch\launch internet explorer browser.lnk.tyson
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\fi\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\eu\decryption instructions.txt
- %APPDATA%\microsoft\internet explorer\quick launch\google chrome.lnk.tyson
- %LOCALAPPDATA%\google\chrome\user data\default\session storage\decryption instructions.txt
- %ALLUSERSPROFILE%\microsoft\windows\start menu\decryption instructions.txt
- %APPDATA%\microsoft\internet explorer\quick launch\decryption instructions.txt
- C:\users\default\appdata\roaming\microsoft\windows\start menu\programs\accessories\system tools\control panel.lnk.tyson
- C:\users\default\appdata\roaming\microsoft\windows\start menu\programs\accessories\system tools\decryption instructions.txt
- C:\users\default\appdata\roaming\microsoft\windows\start menu\programs\accessories\system tools\computer.lnk.tyson
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\dzhkzdlo\decryption instructions.txt
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bg0n0zou\decryption instructions.txt
- C:\users\default\appdata\roaming\microsoft\windows\start menu\programs\accessories\accessibility\on-screen keyboard.lnk.tyson
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\it\decryption instructions.txt
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\games\decryption instructions.txt
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\java\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\el\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\de\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\da\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\cs\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\fr\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ca\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\fil\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\bg\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\fi\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ar\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\es\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\en\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\el\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\de\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\hr\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\en_us\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en_gb\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\lv\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\lt\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ko\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ja\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\it\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\he\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fr\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\id\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fil\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fi\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\et\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\es_419\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\hu\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\es\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en_us\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\da\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\zh_tw\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\sv\decryption instructions.txt
- %ALLUSERSPROFILE%\microsoft\windows nt\msscan\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\zh_cn\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\nl\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\ms\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\vi\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\lv\decryption instructions.txt
- %ALLUSERSPROFILE%\microsoft\windows defender\support\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\uk\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\tr\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\lt\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\th\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\ko\decryption instructions.txt
- %LOCALAPPDATA%\microsoft\windows mail\stationery\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\ja\decryption instructions.txt
- %APPDATA%\microsoft\windows\libraries\decryption instructions.txt
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\maintenance\decryption instructions.txt
- %ALLUSERSPROFILE%\microsoft\windows nt\msfax\virtualinbox\en-us\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ca\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\no\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\sr\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\bg\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\sl\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ar\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\sk\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\ru\decryption instructions.txt
- %LOCALAPPDATA%\microsoft\windows sidebar\decryption instructions.txt
- %LOCALAPPDATA%\microsoft\windows media\12.0\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\ro\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\pt_pt\decryption instructions.txt
- C:\users\public\videos\sample videos\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\pt_br\decryption instructions.txt
- C:\users\public\videos\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\pl\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\cs\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\hi\decryption instructions.txt
- C:\users\default\appdata\roaming\microsoft\windows\start menu\programs\accessories\accessibility\decryption instructions.txt
- C:\users\default\appdata\roaming\microsoft\windows\sendto\fax recipient.lnk.tyson
- %LOCALAPPDATA%\google\chrome\application\42.0.2311.135\visualelements\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\application\42.0.2311.135\pepperflash\decryption instructions.txt
- %ALLUSERSPROFILE%\microsoft\device stage\device\{8702d817-5aad-4674-9ef3-4d3decd87120}\decryption instructions.txt
- %ALLUSERSPROFILE%\mozilla\updates\d78bf5dd33499ec2\decryption instructions.txt
- %ALLUSERSPROFILE%\mozilla\updates\308046b0af4a39cb\decryption instructions.txt
- %ALLUSERSPROFILE%\microsoft\device stage\device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\decryption instructions.txt
- %ALLUSERSPROFILE%\microsoft\device stage\task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\decryption instructions.txt
- %ALLUSERSPROFILE%\package cache\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\packages\vcruntimeminimum_x86\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\application\42.0.2311.135\default_apps\decryption instructions.txt
- %ALLUSERSPROFILE%\adobe\setup\{ac76ba86-7ad7-1033-7b44-ac0f074e4100}\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\application\42.0.2311.135\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\application\decryption instructions.txt
- C:\users\public\decryption instructions.txt
- %LOCALAPPDATA%\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\application\42.0.2311.135\installer\decryption instructions.txt
- %WINDIR%\temp\{69f15d3d-cc6c-4f08-9bd1-a4bdc5830c5f}\.ba\1041\thm.wxl
- %ALLUSERSPROFILE%\package cache\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\packages\vcruntimeadditional_amd64\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extension rules\decryption instructions.txt
- %ALLUSERSPROFILE%\package cache\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\packages\vcruntimeminimum_amd64\decryption instructions.txt
- %ALLUSERSPROFILE%\package cache\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\packages\vcruntimeminimum_x86\decryption instructions.txt
- %ALLUSERSPROFILE%\package cache\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\packages\vcruntimeadditional_x86\decryption instructions.txt
- %ALLUSERSPROFILE%\package cache\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\packages\vcruntimeminimum_amd64\decryption instructions.txt
- %ALLUSERSPROFILE%\package cache\{9d29fc96-9eee-4253-943f-96b3bbfdd0b6}v14.16.27024\packages\vcruntimeadditional_amd64\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\databases\decryption instructions.txt
- %ALLUSERSPROFILE%\microsoft\office\decryption instructions.txt
- %ALLUSERSPROFILE%\microsoft\device stage\task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-us\decryption instructions.txt
- %ALLUSERSPROFILE%\package cache\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\packages\vcruntimeadditional_amd64\decryption instructions.txt
- %ALLUSERSPROFILE%\package cache\{6cd9e9ed-906d-4196-8dc3-f987d2f6615f}v14.29.30133\packages\vcruntimeminimum_amd64\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\decryption instructions.txt
- %ALLUSERSPROFILE%\microsoft\network\downloader\decryption instructions.txt
- %ALLUSERSPROFILE%\microsoft\device stage\task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\decryption instructions.txt
- %ALLUSERSPROFILE%\package cache\{42667d2e-b054-46c1-9d46-2ee1332c14c1}v14.29.30133\packages\vcruntimeadditional_x86\decryption instructions.txt
- %HOMEPATH%\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\application\42.0.2311.135\extensions\decryption instructions.txt
- C:\users\decryption instructions.txt
- %APPDATA%\svchost.exe
- %TEMP%\dd_vcredist_arm64_20240928010813.log
- %WINDIR%\temp\{69f15d3d-cc6c-4f08-9bd1-a4bdc5830c5f}\.ba\1028\thm.wxl
- %WINDIR%\temp\{69f15d3d-cc6c-4f08-9bd1-a4bdc5830c5f}\.ba\1036\thm.wxl
- %WINDIR%\temp\{69f15d3d-cc6c-4f08-9bd1-a4bdc5830c5f}\.ba\1031\license.rtf
- %WINDIR%\temp\{69f15d3d-cc6c-4f08-9bd1-a4bdc5830c5f}\.ba\1031\thm.wxl
- %WINDIR%\temp\{69f15d3d-cc6c-4f08-9bd1-a4bdc5830c5f}\.ba\1029\license.rtf
- %WINDIR%\temp\{69f15d3d-cc6c-4f08-9bd1-a4bdc5830c5f}\.ba\1029\thm.wxl
- %WINDIR%\temp\{69f15d3d-cc6c-4f08-9bd1-a4bdc5830c5f}\.ba\1028\license.rtf
- %WINDIR%\temp\{69f15d3d-cc6c-4f08-9bd1-a4bdc5830c5f}\.ba\license.rtf
- %WINDIR%\temp\{69f15d3d-cc6c-4f08-9bd1-a4bdc5830c5f}\.ba\1040\thm.wxl
- %WINDIR%\temp\{69f15d3d-cc6c-4f08-9bd1-a4bdc5830c5f}\.ba\logo.png
- %WINDIR%\temp\{69f15d3d-cc6c-4f08-9bd1-a4bdc5830c5f}\.ba\thm.wxl
- %WINDIR%\temp\{69f15d3d-cc6c-4f08-9bd1-a4bdc5830c5f}\.ba\thm.xml
- %WINDIR%\temp\{69f15d3d-cc6c-4f08-9bd1-a4bdc5830c5f}\.ba\wixstdba.dll
- %WINDIR%\temp\{6d419022-cb8c-4325-b805-f0191a08aa33}\.cr\vc_redist.arm64.exe
- %TEMP%\vc_redist.arm64.exe
- %ALLUSERSPROFILE%\package cache\{e699e009-1c3c-4e50-9b57-2b39f0954c7f}v14.29.30133\packages\vcruntimeadditional_amd64\decryption instructions.txt
- %ALLUSERSPROFILE%\microsoft\device stage\task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-us\decryption instructions.txt
- %WINDIR%\temp\{69f15d3d-cc6c-4f08-9bd1-a4bdc5830c5f}\.ba\1040\license.rtf
- %WINDIR%\temp\{69f15d3d-cc6c-4f08-9bd1-a4bdc5830c5f}\.ba\1042\thm.wxl
- %WINDIR%\temp\{69f15d3d-cc6c-4f08-9bd1-a4bdc5830c5f}\.ba\1036\license.rtf
- %WINDIR%\temp\{69f15d3d-cc6c-4f08-9bd1-a4bdc5830c5f}\.ba\bootstrapperapplicationdata.xml
- %WINDIR%\temp\{69f15d3d-cc6c-4f08-9bd1-a4bdc5830c5f}\.ba\3082\license.rtf
- %WINDIR%\temp\{69f15d3d-cc6c-4f08-9bd1-a4bdc5830c5f}\.ba\3082\thm.wxl
- %WINDIR%\temp\{69f15d3d-cc6c-4f08-9bd1-a4bdc5830c5f}\.ba\2052\license.rtf
- %WINDIR%\temp\{69f15d3d-cc6c-4f08-9bd1-a4bdc5830c5f}\.ba\2052\thm.wxl
- %WINDIR%\temp\{69f15d3d-cc6c-4f08-9bd1-a4bdc5830c5f}\.ba\1055\license.rtf
- %WINDIR%\temp\{69f15d3d-cc6c-4f08-9bd1-a4bdc5830c5f}\.ba\1055\thm.wxl
- %WINDIR%\temp\{69f15d3d-cc6c-4f08-9bd1-a4bdc5830c5f}\.ba\1049\license.rtf
- %WINDIR%\temp\{69f15d3d-cc6c-4f08-9bd1-a4bdc5830c5f}\.ba\1049\thm.wxl
- %WINDIR%\temp\{69f15d3d-cc6c-4f08-9bd1-a4bdc5830c5f}\.ba\1046\license.rtf
- %WINDIR%\temp\{69f15d3d-cc6c-4f08-9bd1-a4bdc5830c5f}\.ba\1046\thm.wxl
- %WINDIR%\temp\{69f15d3d-cc6c-4f08-9bd1-a4bdc5830c5f}\.ba\1045\license.rtf
- %WINDIR%\temp\{69f15d3d-cc6c-4f08-9bd1-a4bdc5830c5f}\.ba\1045\thm.wxl
- %WINDIR%\temp\{69f15d3d-cc6c-4f08-9bd1-a4bdc5830c5f}\.ba\1042\license.rtf
- %WINDIR%\temp\{69f15d3d-cc6c-4f08-9bd1-a4bdc5830c5f}\.ba\1041\license.rtf
- %ALLUSERSPROFILE%\microsoft\rac\statedata\decryption instructions.txt
- %ALLUSERSPROFILE%\package cache\{ec9807de-b577-47b1-a024-0251805acf24}v14.29.30133\packages\vcruntimeminimum_x86\decryption instructions.txt
- %ALLUSERSPROFILE%\package cache\{f1b0fb3a-e0ea-47a6-9383-3650655403b0}v14.16.27024\packages\vcruntimeminimum_amd64\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\ca\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\bg\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\ar\decryption instructions.txt
- %HOMEPATH%\favorites\links for united states\decryption instructions.txt
- C:\users\default\appdata\roaming\microsoft\windows\sendto\decryption instructions.txt
- %HOMEPATH%\favorites\links\decryption instructions.txt
- %HOMEPATH%\favorites\decryption instructions.txt
- %HOMEPATH%\downloads\decryption instructions.txt
- %HOMEPATH%\documents\decryption instructions.txt
- %HOMEPATH%\desktop\telegram.lnk.tyson
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\decryption instructions.txt
- C:\users\default\appdata\roaming\microsoft\internet explorer\quick launch\window switcher.lnk.tyson
- C:\users\default\appdata\roaming\microsoft\internet explorer\quick launch\shows desktop.lnk.tyson
- %ALLUSERSPROFILE%\microsoft\user account pictures\default pictures\decryption instructions.txt
- %TEMP%\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\cs\decryption instructions.txt
- %LOCALAPPDATA%\microsoft\feeds cache\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\en_gb\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\da\decryption instructions.txt
- C:\users\default\appdata\roaming\microsoft\windows\start menu\programs\accessories\windows explorer.lnk.tyson
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\el\decryption instructions.txt
- %LOCALAPPDATA%\microsoft\internet explorer\recovery\high\active\decryption instructions.txt
- %HOMEPATH%\links\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\_locales\de\decryption instructions.txt
- C:\users\default\appdata\roaming\microsoft\windows\start menu\programs\accessories\run.lnk.tyson
- C:\users\default\appdata\roaming\microsoft\windows\start menu\programs\accessories\notepad.lnk.tyson
- C:\users\default\appdata\roaming\microsoft\windows\start menu\programs\accessories\decryption instructions.txt
- C:\users\default\appdata\roaming\microsoft\windows\start menu\programs\accessories\command prompt.lnk.tyson
- %ALLUSERSPROFILE%\microsoft\windows\caches\decryption instructions.txt
- %LOCALAPPDATA%\microsoft\internet explorer\decryption instructions.txt
- %LOCALAPPDATA%\microsoft\feeds cache\aowdc71i\decryption instructions.txt
- %LOCALAPPDATA%\microsoft\feeds cache\9lygctr1\decryption instructions.txt
- %LOCALAPPDATA%\microsoft\feeds cache\17h8i54k\decryption instructions.txt
- %LOCALAPPDATA%\microsoft\feeds cache\09emkjp8\decryption instructions.txt
- C:\users\default\appdata\roaming\microsoft\internet explorer\quick launch\decryption instructions.txt
- %HOMEPATH%\searches\decryption instructions.txt
- %HOMEPATH%\desktop\google chrome.lnk.tyson
- %HOMEPATH%\saved games\decryption instructions.txt
- C:\users\default\decryption instructions.txt
- %ALLUSERSPROFILE%\sun\java\java update\decryption instructions.txt
- %ALLUSERSPROFILE%\microsoft\officesoftwareprotectionplatform\decryption instructions.txt
- C:\users\public\music\decryption instructions.txt
- C:\users\public\libraries\decryption instructions.txt
- C:\users\public\downloads\decryption instructions.txt
- C:\users\public\documents\decryption instructions.txt
- C:\users\public\desktop\steam.lnk.tyson
- C:\users\public\desktop\opera.lnk.tyson
- C:\users\public\desktop\mozilla thunderbird.lnk.tyson
- C:\users\public\desktop\firefox.lnk.tyson
- C:\users\public\desktop\acrobat reader dc.lnk.tyson
- %ALLUSERSPROFILE%\package cache\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\packages\vcruntimeadditional_x86\decryption instructions.txt
- %ALLUSERSPROFILE%\microsoft\search\data\applications\windows\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extension state\decryption instructions.txt
- %HOMEPATH%\pictures\decryption instructions.txt
- %HOMEPATH%\links\desktop.lnk.tyson
- %HOMEPATH%\desktop\dashborder_120.bmp.tyson
- %ALLUSERSPROFILE%\microsoft\officesoftwareprotectionplatform\cache\decryption instructions.txt
- C:\users\public\music\sample music\kalimba.mp3.tyson
- %HOMEPATH%\desktop\correct.avi.tyson
- %HOMEPATH%\desktop\coffee.bmp.tyson
- %HOMEPATH%\desktop\alert.html.tyson
- %HOMEPATH%\desktop\advice_process.htm.tyson
- %HOMEPATH%\desktop\decryption instructions.txt
- %ALLUSERSPROFILE%\microsoft\user account pictures\decryption instructions.txt
- %LOCALAPPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\startupcache\decryption instructions.txt
- %HOMEPATH%\desktop\000814251_video_01.avi.tyson
- C:\users\public\music\sample music\decryption instructions.txt
- %HOMEPATH%\contacts\user.contact.tyson
- %LOCALAPPDATA%low\microsoft\internet explorer\services\decryption instructions.txt
- %LOCALAPPDATA%\google\chrome\user data\default\extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\decryption instructions.txt
- %HOMEPATH%\contacts\decryption instructions.txt
- %HOMEPATH%\videos\decryption instructions.txt
- %HOMEPATH%\desktop\dialmap.bmp.tyson
- %APPDATA%\microsoft\windows\recent\decryption instructions.txt
- C:\users\public\desktop\acrobat reader dc.lnk
- C:\users\default\appdata\roaming\microsoft\windows\start menu\programs\accessories\accessibility\narrator.lnk
- C:\users\default\appdata\roaming\microsoft\windows\start menu\programs\accessories\accessibility\magnify.lnk
- C:\users\default\appdata\roaming\microsoft\windows\start menu\programs\accessories\accessibility\ease of access.lnk
- %HOMEPATH%\links\recentplaces.lnk
- %HOMEPATH%\links\downloads.lnk
- %HOMEPATH%\links\desktop.lnk
- C:\users\default\appdata\roaming\microsoft\windows\start menu\programs\accessories\windows explorer.lnk
- C:\users\default\appdata\roaming\microsoft\windows\start menu\programs\accessories\run.lnk
- C:\users\default\appdata\roaming\microsoft\windows\start menu\programs\accessories\notepad.lnk
- C:\users\default\appdata\roaming\microsoft\windows\start menu\programs\accessories\command prompt.lnk
- C:\users\default\appdata\roaming\microsoft\windows\sendto\fax recipient.lnk
- %HOMEPATH%\desktop\telegram.lnk
- C:\users\default\appdata\roaming\microsoft\internet explorer\quick launch\window switcher.lnk
- C:\users\default\appdata\roaming\microsoft\internet explorer\quick launch\shows desktop.lnk
- %HOMEPATH%\desktop\google chrome.lnk
- %HOMEPATH%\desktop\dialmap.bmp
- %HOMEPATH%\desktop\dashborder_120.bmp
- %HOMEPATH%\desktop\correct.avi
- %HOMEPATH%\desktop\coffee.bmp
- %HOMEPATH%\desktop\alert.html
- %HOMEPATH%\desktop\advice_process.htm
- %HOMEPATH%\desktop\000814251_video_01.avi
- %HOMEPATH%\contacts\user.contact
- C:\users\public\desktop\steam.lnk
- C:\users\public\desktop\opera.lnk
- C:\users\public\desktop\mozilla thunderbird.lnk
- C:\users\public\desktop\firefox.lnk
- C:\users\default\appdata\roaming\microsoft\windows\start menu\programs\accessories\accessibility\on-screen keyboard.lnk
- C:\users\default\appdata\roaming\microsoft\windows\start menu\programs\accessories\system tools\computer.lnk
- '%TEMP%\tyson_protected.exe'
- '%TEMP%\vc_redist.arm64.exe'
- '%WINDIR%\temp\{6d419022-cb8c-4325-b805-f0191a08aa33}\.cr\vc_redist.arm64.exe' -burn.clean.room="%TEMP%\VC_redist.arm64.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188
- '%APPDATA%\svchost.exe'
- '%WINDIR%\syswow64\cmd.exe' /C vssadmin delete shadows /all /quiet & wmic shadowcopy delete
- '%WINDIR%\syswow64\cmd.exe' /C bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no
- '%WINDIR%\syswow64\cmd.exe' /C wbadmin delete catalog -quiet
- '%WINDIR%\syswow64\cmd.exe' /C vssadmin delete shadows /all /quiet & wmic shadowcopy delete' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C wbadmin delete catalog -quiet' (with hidden window)