Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'XO1XADpO01' = '"<Full path to file>"'
- <Drive name for removable media>:\000814251_video_01.avi
- <Drive name for removable media>:\waterresourcesag.pptx
- <Drive name for removable media>:\gruenspecht_02172016.pptx
- <Drive name for removable media>:\middaugh_keynote.pptx
- <Drive name for removable media>:\stoc13_ml_quoc_le.pptx
- <Drive name for removable media>:\uep_form_786_bulletin_1726i602.doc
- <Drive name for removable media>:\fi51.doc
- <Drive name for removable media>:\weeklysheet1215.doc
- <Drive name for removable media>:\testee.cer
- <Drive name for removable media>:\sdksampleprivdeveloper.cer
- <Drive name for removable media>:\testcertificate.cer
- <Drive name for removable media>:\pmd.cer
- <Drive name for removable media>:\contosoroot.cer
- <Drive name for removable media>:\dashborder_120.bmp
- <Drive name for removable media>:\coffee.bmp
- <Drive name for removable media>:\dialmap.bmp
- <Drive name for removable media>:\toolbar.bmp
- <Drive name for removable media>:\dashborder_192.bmp
- <Drive name for removable media>:\dashborder_144.bmp
- <Drive name for removable media>:\archer.avi
- <Drive name for removable media>:\correct.avi
- <Drive name for removable media>:\restore-my-files.txt
- <Drive name for removable media>:\iso27k_isms_implementation_and_certification_process_overview_v2.pptx
- <Drive name for removable media>:\hypothyroidism_slides.pptx
- firefox.exe
- D:\restore-my-files.txt
- C:\far2\plugins\filecase\restore-my-files.txt
- C:\far2\plugins\farcmds\restore-my-files.txt
- C:\far2\plugins\emenu\restore-my-files.txt
- C:\far2\plugins\editcase\restore-my-files.txt
- C:\far2\plugins\drawline\restore-my-files.txt
- C:\far2\plugins\compare\restore-my-files.txt
- C:\far2\plugins\brackets\restore-my-files.txt
- C:\far2\plugins\autowrap\restore-my-files.txt
- C:\far2\plugins\arclite\restore-my-files.txt
- C:\far2\plugins\align\restore-my-files.txt
- C:\far2\fexcept\restore-my-files.txt
- C:\far2\encyclopedia\tap\restore-my-files.txt
- C:\far2\encyclopedia\restore-my-files.txt
- C:\far2\documentation\rus\restore-my-files.txt
- C:\far2\documentation\eng\restore-my-files.txt
- C:\far2\restore-my-files.txt
- C:\far2\addons\xlat\russian\restore-my-files.txt
- C:\far2\addons\xlat\restore-my-files.txt
- C:\far2\addons\shell\restore-my-files.txt
- C:\far2\addons\setup\restore-my-files.txt
- C:\far2\addons\macros\restore-my-files.txt
- C:\far2\addons\restore-my-files.txt
- C:\far2\addons\colors\restore-my-files.txt
- C:\far2\addons\colors\default_highlighting\restore-my-files.txt
- C:\far2\addons\colors\custom_highlighting\restore-my-files.txt
- C:\far2\plugins\ftp\restore-my-files.txt
- C:\far2\plugins\ftp\lib\restore-my-files.txt
- <Drive name for removable media>:\calculatorworksheet.xls
- <Drive name for removable media>:\productos.zip
- '<LOCALNET>.117.254':445
- '<LOCALNET>.117.233':135
- '<LOCALNET>.117.234':135
- '<LOCALNET>.117.235':135
- '<LOCALNET>.117.218':135
- '<LOCALNET>.117.209':445
- '<LOCALNET>.117.210':445
- '<LOCALNET>.117.211':445
- '<LOCALNET>.117.212':445
- '<LOCALNET>.117.232':135
- '<LOCALNET>.117.213':445
- '<LOCALNET>.117.215':445
- '<LOCALNET>.117.216':445
- '<LOCALNET>.117.217':445
- '<LOCALNET>.117.218':445
- '<LOCALNET>.117.219':445
- '<LOCALNET>.117.241':135
- '<LOCALNET>.117.220':445
- '<LOCALNET>.117.221':445
- '<LOCALNET>.117.214':445
- '<LOCALNET>.117.231':135
- '<LOCALNET>.117.230':135
- '<LOCALNET>.117.229':135
- '<LOCALNET>.117.203':445
- '<LOCALNET>.117.225':135
- '<LOCALNET>.117.224':135
- '<LOCALNET>.117.223':135
- '<LOCALNET>.117.222':135
- '<LOCALNET>.117.221':135
- '<LOCALNET>.117.220':135
- '<LOCALNET>.117.204':445
- '<LOCALNET>.117.219':135
- '<LOCALNET>.117.205':445
- '<LOCALNET>.117.237':135
- '<LOCALNET>.117.240':135
- '<LOCALNET>.117.239':135
- '<LOCALNET>.117.238':135
- '<LOCALNET>.117.206':445
- '<LOCALNET>.117.207':445
- '<LOCALNET>.117.208':445
- '<LOCALNET>.117.236':135
- '<LOCALNET>.117.228':135
- '<LOCALNET>.117.222':445
- '<LOCALNET>.117.226':135
- '<LOCALNET>.117.223':445
- '<LOCALNET>.117.225':445
- '<LOCALNET>.117.245':135
- '<LOCALNET>.117.244':135
- '<LOCALNET>.117.252':135
- '<LOCALNET>.117.241':445
- '<LOCALNET>.117.242':445
- '<LOCALNET>.117.253':135
- '<LOCALNET>.117.246':445
- '<LOCALNET>.117.247':445
- '<LOCALNET>.117.251':135
- '<LOCALNET>.117.248':445
- '<LOCALNET>.117.250':445
- '<LOCALNET>.117.251':445
- '<LOCALNET>.117.243':445
- '<LOCALNET>.117.252':445
- '<LOCALNET>.117.244':445
- '<LOCALNET>.117.245':445
- '<LOCALNET>.117.254':135
- '<LOCALNET>.117.253':445
- '<LOCALNET>.117.249':445
- '<LOCALNET>.117.243':135
- '<LOCALNET>.117.250':135
- '<LOCALNET>.117.249':135
- '<LOCALNET>.117.242':135
- '<LOCALNET>.117.226':445
- '<LOCALNET>.117.227':445
- '<LOCALNET>.117.228':445
- '<LOCALNET>.117.229':445
- '<LOCALNET>.117.230':445
- '<LOCALNET>.117.231':445
- '<LOCALNET>.117.232':445
- '<LOCALNET>.117.233':445
- '<LOCALNET>.117.234':445
- '<LOCALNET>.117.235':445
- '<LOCALNET>.117.236':445
- '<LOCALNET>.117.237':445
- '<LOCALNET>.117.238':445
- '<LOCALNET>.117.239':445
- '<LOCALNET>.117.240':445
- '<LOCALNET>.117.247':135
- '<LOCALNET>.117.246':135
- '<LOCALNET>.117.248':135
- '<LOCALNET>.117.224':445
- '<LOCALNET>.117.227':135
- '<SYSTEM32>\cmd.exe' /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog ...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog ...