-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdecrypted_strings.txt
More file actions
83 lines (82 loc) · 1.77 KB
/
decrypted_strings.txt
File metadata and controls
83 lines (82 loc) · 1.77 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
EnableLinkedConnections
Software\Microsoft\Windows\CurrentVersion\Run
EnableLUA
ConsentPromptBehaviorAdmin
SYSTEMDRIVE
PROGRAMFILES(x86)
USERPROFILE
ProgramData
Program Files
ALLUSERSPROFILE
AppData
PUBLIC
TMP
Tor Browser
Windows
\Windows
\Program Files
\Users\All Users
\AppData
\Microsoft
wmic.exe SHADOWCOPY /nointeractive
wbadmin DELETE SYSTEMSTATEBACKUP
wbadmin DELETE SYSTEMSTATEBACKUP -deleteOldest
bcdedit.exe /set {default} recoveryenabled No
bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures
vssadmin.exe Delete Shadows /All /Quiet
Elevation:Administrator!new:
{3E5FC7F9-9A51-4367-9063-A120244FBEC7}
{6EDD6D74-C007-4E75-B76A-E5740995E24C}
powershell.exe
-readme.html
bckgrd.bmp
All your files has been encrypted
Instruction
HOMEDRIVE
HOMEPATH
Control Panel\Desktop
WallPaper
WallpaperStyle
{{id}}
update
{ACFC17C7-C5E2-4989-BF03-2ECE0B76CEC2}
\Program Files\Microsoft\Exchange Server
\Program Files (x86)\Microsoft\Exchange Server
\Program Files\Microsoft SQL Server
\Program Files (x86)\Microsoft SQL Server
WinInet
HTTP/1.1
GET
api.myip.com
http://
https://
VMware
VBOX
HARDWARE\DESCRIPTION\System\BIOS
SystemManufacturer
HARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0
Identifier
SYSTEM\CurrentControlSet\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S
SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers
HARDWARE\DESCRIPTION\System
SystemBiosVersion
HARDWARE\DEVICEMAP\Scsi\Scsi Port0\Scsi Bus 0\Target Id 0\Logical Unit Id 0
SYSTEM\CurrentControlSet\Enum\SCSI\Disk&Ven_VBOX&Prod_HARDDISK
ROOT\CIMV2
WQL
SELECT * FROM Win32_PerfFormattedData_PerfProc_Process
Name
IDProcess
PercentProcessorTime
svchost
csrss
services
lsass
winlogon
spoolsv
explorer
RuntimeBroker
System
powershell
wscript