Technical Information
- <Drive name for removable media>:\pluto_296jnx6-decrypt.txt
- <Drive name for removable media>:\correct.avi
- <Drive name for removable media>:\default.bmp
- <Drive name for removable media>:\tileimage.bmp
- <Drive name for removable media>:\dial.bmp
- <Drive name for removable media>:\dashborder_96.bmp
- <Drive name for removable media>:\contosoroot_1.cer
- <Drive name for removable media>:\sdksampleunprivdeveloper.cer
- <Drive name for removable media>:\testee.cer
- <Drive name for removable media>:\sdksampleprivdeveloper.cer
- <Drive name for removable media>:\508softwareandos.doc
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\0433e70ca73f50d19c8146e911b405ad_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\b08e707ffa00f4471d53889cd151c905_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK my####rnalip.com
- DNS ASK microsoft.com
- '%WINDIR%\syswow64\cmd.exe' /c vSSAdmiN dELeTe ShaDowS /AlL /qUieT' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c vSSAdmiN dELeTe ShaDowS /AlL /qUieT
- '<SYSTEM32>\vssvc.exe'