FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY
Close
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Trojan.Encoder.33680

Added to the Dr.Web virus database: 2021-03-24

Virus description added:

Technical Information

Malicious functions
To complicate detection of its presence in the operating system,
deletes volume shadow copies.
Modifies file system
Creates the following files
  • %TEMP%\2442.tmp\2443.tmp\2444.bat
  • %ProgramFiles(x86)%\steam\steam\cached\steamui_postlogon_english.txt.aes
  • %ProgramFiles(x86)%\steam\steam\cached\steamui_postlogon_dutch.txt.aes
  • %ProgramFiles(x86)%\steam\steam\cached\steamui_postlogon_danish.txt.aes
  • %ProgramFiles(x86)%\steam\steam\cached\steamui_postlogon_czech.txt.aes
  • %ProgramFiles(x86)%\steam\steam\cached\steamui_postlogon_bulgarian.txt.aes
  • %ProgramFiles(x86)%\steam\steam\cached\steamui_postlogon_brazilian.txt.aes
  • %ProgramFiles(x86)%\steam\skins\skins_readme.txt.aes
  • %ProgramFiles(x86)%\steam\servers\serverbrowser_ukrainian.txt.aes
  • %ProgramFiles(x86)%\steam\servers\serverbrowser_turkish.txt.aes
  • %ProgramFiles(x86)%\steam\servers\serverbrowser_thai.txt.aes
  • %ProgramFiles(x86)%\steam\servers\serverbrowser_tchinese.txt.aes
  • %ProgramFiles(x86)%\steam\servers\serverbrowser_swedish.txt.aes
  • %ProgramFiles(x86)%\steam\servers\serverbrowser_spanish.txt.aes
  • %ProgramFiles(x86)%\steam\servers\serverbrowser_schinese.txt.aes
  • %ProgramFiles(x86)%\steam\servers\serverbrowser_russian.txt.aes
  • %ProgramFiles(x86)%\steam\servers\serverbrowser_romanian.txt.aes
  • %ProgramFiles(x86)%\steam\servers\serverbrowser_portuguese.txt.aes
  • %ProgramFiles(x86)%\steam\servers\serverbrowser_polish.txt.aes
  • %ProgramFiles(x86)%\steam\servers\serverbrowser_norwegian.txt.aes
  • %ProgramFiles(x86)%\steam\servers\serverbrowser_koreana.txt.aes
  • %ProgramFiles(x86)%\steam\servers\serverbrowser_korean.txt.aes
  • %ProgramFiles(x86)%\steam\servers\serverbrowser_japanese.txt.aes
  • %ProgramFiles(x86)%\steam\servers\serverbrowser_italian.txt.aes
  • %ProgramFiles(x86)%\steam\servers\serverbrowser_hungarian.txt.aes
  • %ProgramFiles(x86)%\steam\servers\serverbrowser_greek.txt.aes
  • %ProgramFiles(x86)%\steam\steam\cached\steamui_postlogon_finnish.txt.aes
  • %ProgramFiles(x86)%\steam\steam\cached\steamui_postlogon_french.txt.aes
  • %ProgramFiles(x86)%\steam\steam\cached\steamui_postlogon_german.txt.aes
  • %ProgramFiles(x86)%\steam\steam\cached\steamui_postlogon_greek.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\keyboards\layout_english_dualtouch.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\keyboards\layout_english_default.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\keyboards\layout_dutch_dualtouch.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\keyboards\layout_dutch_default.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\keyboards\layout_danish_dualtouch.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\keyboards\layout_danish_default.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\keyboards\layout_brazilian_dualtouch.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\keyboards\layout_brazilian_default.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\fonts\license_cjk.txt.aes
  • %ProgramFiles(x86)%\steam\steam\cached\steamui_postlogon_ukrainian.txt.aes
  • %ProgramFiles(x86)%\steam\steam\cached\steamui_postlogon_turkish.txt.aes
  • %ProgramFiles(x86)%\steam\steam\cached\steamui_postlogon_thai.txt.aes
  • %ProgramFiles(x86)%\steam\steam\cached\steamui_postlogon_swedish.txt.aes
  • %ProgramFiles(x86)%\steam\steam\cached\steamui_postlogon_tchinese.txt.aes
  • %ProgramFiles(x86)%\steam\steam\cached\steamui_postlogon_spanish.txt.aes
  • %ProgramFiles(x86)%\steam\steam\cached\steamui_postlogon_schinese.txt.aes
  • %ProgramFiles(x86)%\steam\steam\cached\steamui_postlogon_russian.txt.aes
  • %ProgramFiles(x86)%\steam\steam\cached\steamui_postlogon_romanian.txt.aes
  • %ProgramFiles(x86)%\steam\steam\cached\steamui_postlogon_portuguese.txt.aes
  • %ProgramFiles(x86)%\steam\steam\cached\steamui_postlogon_polish.txt.aes
  • %ProgramFiles(x86)%\steam\steam\cached\steamui_postlogon_norwegian.txt.aes
  • %ProgramFiles(x86)%\steam\steam\cached\steamui_postlogon_koreana.txt.aes
  • %ProgramFiles(x86)%\steam\steam\cached\steamui_postlogon_korean.txt.aes
  • %ProgramFiles(x86)%\steam\steam\cached\steamui_postlogon_japanese.txt.aes
  • %ProgramFiles(x86)%\steam\steam\cached\steamui_postlogon_italian.txt.aes
  • %ProgramFiles(x86)%\steam\steam\cached\steamui_postlogon_hungarian.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\keyboards\layout_finnish_default.txt.aes
  • %ProgramFiles(x86)%\steam\servers\serverbrowser_german.txt.aes
  • %ProgramFiles(x86)%\steam\servers\serverbrowser_french.txt.aes
  • %ProgramFiles(x86)%\steam\servers\serverbrowser_finnish.txt.aes
  • %ProgramFiles(x86)%\steam\resource\vgui_bulgarian.txt.aes
  • %ProgramFiles(x86)%\steam\resource\vgui_brazilian.txt.aes
  • %ProgramFiles(x86)%\steam\resource\platform_ukrainian.txt.aes
  • %ProgramFiles(x86)%\steam\resource\platform_turkish.txt.aes
  • %ProgramFiles(x86)%\steam\resource\platform_thai.txt.aes
  • %ProgramFiles(x86)%\steam\resource\platform_tchinese.txt.aes
  • %ProgramFiles(x86)%\steam\resource\platform_swedish.txt.aes
  • %ProgramFiles(x86)%\steam\resource\platform_spanish.txt.aes
  • %ProgramFiles(x86)%\steam\resource\platform_schinese.txt.aes
  • %ProgramFiles(x86)%\steam\resource\platform_russian.txt.aes
  • %ProgramFiles(x86)%\steam\resource\platform_romanian.txt.aes
  • %ProgramFiles(x86)%\steam\resource\platform_portuguese.txt.aes
  • %ProgramFiles(x86)%\steam\resource\platform_polish.txt.aes
  • %ProgramFiles(x86)%\steam\resource\platform_norwegian.txt.aes
  • %ProgramFiles(x86)%\steam\resource\platform_koreana.txt.aes
  • %ProgramFiles(x86)%\steam\resource\platform_korean.txt.aes
  • %ProgramFiles(x86)%\steam\resource\platform_japanese.txt.aes
  • %ProgramFiles(x86)%\steam\resource\platform_italian.txt.aes
  • %ProgramFiles(x86)%\steam\resource\platform_hungarian.txt.aes
  • %ProgramFiles(x86)%\steam\resource\platform_greek.txt.aes
  • %ProgramFiles(x86)%\steam\resource\platform_german.txt.aes
  • %ProgramFiles(x86)%\steam\resource\platform_french.txt.aes
  • %ProgramFiles(x86)%\steam\resource\platform_finnish.txt.aes
  • %ProgramFiles(x86)%\steam\resource\platform_english.txt.aes
  • %ProgramFiles(x86)%\steam\resource\platform_dutch.txt.aes
  • %ProgramFiles(x86)%\steam\resource\vgui_czech.txt.aes
  • %ProgramFiles(x86)%\steam\resource\vgui_danish.txt.aes
  • %ProgramFiles(x86)%\steam\resource\vgui_dutch.txt.aes
  • %ProgramFiles(x86)%\steam\resource\vgui_english.txt.aes
  • %ProgramFiles(x86)%\steam\servers\serverbrowser_dutch.txt.aes
  • %ProgramFiles(x86)%\steam\servers\serverbrowser_danish.txt.aes
  • %ProgramFiles(x86)%\steam\servers\serverbrowser_czech.txt.aes
  • %ProgramFiles(x86)%\steam\servers\serverbrowser_bulgarian.txt.aes
  • %ProgramFiles(x86)%\steam\servers\serverbrowser_brazilian.txt.aes
  • %ProgramFiles(x86)%\steam\resource\vgui_ukrainian.txt.aes
  • %ProgramFiles(x86)%\steam\resource\vgui_turkish.txt.aes
  • %ProgramFiles(x86)%\steam\resource\vgui_thai.txt.aes
  • %ProgramFiles(x86)%\steam\resource\vgui_tchinese.txt.aes
  • %ProgramFiles(x86)%\steam\resource\vgui_swedish.txt.aes
  • %ProgramFiles(x86)%\steam\resource\vgui_spanish.txt.aes
  • %ProgramFiles(x86)%\steam\resource\vgui_schinese.txt.aes
  • %ProgramFiles(x86)%\steam\resource\vgui_romanian.txt.aes
  • %ProgramFiles(x86)%\steam\resource\vgui_russian.txt.aes
  • %ProgramFiles(x86)%\steam\resource\vgui_portuguese.txt.aes
  • %ProgramFiles(x86)%\steam\resource\vgui_polish.txt.aes
  • %ProgramFiles(x86)%\steam\resource\vgui_norwegian.txt.aes
  • %ProgramFiles(x86)%\steam\resource\vgui_koreana.txt.aes
  • %ProgramFiles(x86)%\steam\resource\vgui_korean.txt.aes
  • %ProgramFiles(x86)%\steam\resource\vgui_japanese.txt.aes
  • %ProgramFiles(x86)%\steam\resource\vgui_italian.txt.aes
  • %ProgramFiles(x86)%\steam\resource\vgui_hungarian.txt.aes
  • %ProgramFiles(x86)%\steam\resource\vgui_greek.txt.aes
  • %ProgramFiles(x86)%\steam\resource\vgui_german.txt.aes
  • %ProgramFiles(x86)%\steam\resource\vgui_french.txt.aes
  • %ProgramFiles(x86)%\steam\resource\vgui_finnish.txt.aes
  • %ProgramFiles(x86)%\steam\servers\serverbrowser_english.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\localization\tenfoot_spanish.txt.aes
  • %WINDIR%\ehome\en-us\playready_eula_oem.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\keyboards\layout_french_dualtouch.txt.aes
  • %APPDATA%\microsoft\windows\cookies\user@246059135.log.optimizely[1].txt.aes
  • %APPDATA%\mail.ru\agent\mra\smiles\skin.txt.aes
  • %APPDATA%\icqm\icq\smiles\skin.txt.aes
  • %TEMP%\webinstaller\qnzuposrqouvfisa\data.txt.aes
  • %TEMP%\microsoft .net framework 4.7.1 setup_20200610_200621826-msi_netfx_full_x64.msi.txt.aes
  • %TEMP%\microsoft .net framework 4.5.2 setup_20151216_212237215-msi_netfx_full_gdr_x64.msi.txt.aes
  • %TEMP%\fxsapidebuglogfile.txt.aes
  • %TEMP%\dd_wcf_ca_smci_20200611_031101_060.txt.aes
  • %TEMP%\dd_wcf_ca_smci_20200611_031056_919.txt.aes
  • %TEMP%\dd_wcf_ca_smci_20151217_052908_497.txt.aes
  • %TEMP%\dd_wcf_ca_smci_20151217_052858_840.txt.aes
  • %TEMP%\dd_setuputility.txt.aes
  • %TEMP%\dd_ndp471-kb4033342-x86-x64-allos-enu_decompression_log.txt.aes
  • %TEMP%\dd_ndp452-kb2901907-x86-x64-allos-enu_decompression_log.txt.aes
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\re1n75kr\f[3].txt.aes
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\re1n75kr\f[2].txt.aes
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\re1n75kr\f[1].txt.aes
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\re1n75kr\c4-5ab719-91cdfbc1[1].txt.aes
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\bzjx5bke\connect[1].txt.aes
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\0u8lpyu9\f[2].txt.aes
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\0u8lpyu9\f[1].txt.aes
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.ie5\0u8lpyu9\connect[1].txt.aes
  • %LOCALAPPDATA%\microsoft\internet explorer\brndlog.txt.aes
  • %LOCALAPPDATA%\google\chrome\user data\chrome_shutdown_ms.txt.aes
  • C:\totalcmd\size!.txt.aes
  • %APPDATA%\microsoft\windows\cookies\user@adnxs[1].txt.aes
  • %APPDATA%\microsoft\windows\cookies\user@adobe[1].txt.aes
  • %APPDATA%\microsoft\windows\cookies\user@adobe[3].txt.aes
  • %APPDATA%\microsoft\windows\cookies\user@bing[1].txt.aes
  • %WINDIR%\ehome\en-us\playready_eula.txt.aes
  • %WINDIR%\ehome\en-us\epgtos.txt.aes
  • %WINDIR%\ocsetup_cbs_uninstall_searchengine-client-package.txt.aes
  • %WINDIR%\ntbtlog.txt.aes
  • %APPDATA%\telegram desktop\log.txt.aes
  • %APPDATA%\opera software\opera stable\opera_shutdown_ms.txt.aes
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\sitesecurityservicestate.txt.aes
  • %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\revocations.txt.aes
  • %APPDATA%\microsoft\windows\cookies\user@yandex[2].txt.aes
  • %APPDATA%\microsoft\windows\cookies\user@yandex[1].txt.aes
  • %APPDATA%\microsoft\windows\cookies\user@www.msn[3].txt.aes
  • %APPDATA%\microsoft\windows\cookies\user@www.msn[2].txt.aes
  • %APPDATA%\microsoft\windows\cookies\user@sportiv[2].txt.aes
  • %APPDATA%\microsoft\windows\cookies\user@www.bing[1].txt.aes
  • %APPDATA%\microsoft\windows\cookies\user@scorecardresearch[3].txt.aes
  • %APPDATA%\microsoft\windows\cookies\user@scorecardresearch[2].txt.aes
  • %APPDATA%\microsoft\windows\cookies\user@onlinestores.metaservices.microsoft[1].txt.aes
  • %APPDATA%\microsoft\windows\cookies\user@msn[2].txt.aes
  • %APPDATA%\microsoft\windows\cookies\user@msn[1].txt.aes
  • %APPDATA%\microsoft\windows\cookies\user@mozilla[2].txt.aes
  • %APPDATA%\microsoft\windows\cookies\user@demdex[2].txt.aes
  • %APPDATA%\microsoft\windows\cookies\user@c.msn[2].txt.aes
  • %APPDATA%\microsoft\windows\cookies\user@c.msn[1].txt.aes
  • %APPDATA%\microsoft\windows\cookies\user@c.bing[2].txt.aes
  • %APPDATA%\microsoft\windows\cookies\user@c.bing[1].txt.aes
  • %APPDATA%\microsoft\windows\cookies\user@bing[2].txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\keyboards\layout_french_default.txt.aes
  • %ProgramFiles(x86)%\steam\resource\platform_danish.txt.aes
  • C:\totalcmd\history.txt.aes
  • %ALLUSERSPROFILE%\microsoft\windows\wer\reportqueue\appcrash_autokms.exe_efd62e343880604c4145a2e4462f8c532327bc70_cab_0841821b\wer5c82.tmp.appcompat.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\localization\tenfoot_dutch.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\localization\tenfoot_danish.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\localization\tenfoot_czech.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\localization\tenfoot_bulgarian.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\localization\tenfoot_brazilian.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\keyboards\layout_ukrainian_dualtouch.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\keyboards\layout_turkish_dualtouch.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\keyboards\layout_swedish_dualtouch.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\keyboards\layout_swedish_default.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\keyboards\layout_spanish_dualtouch.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\keyboards\layout_spanish_default.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\keyboards\layout_russian_dualtouch.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\keyboards\layout_russian_default.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\keyboards\layout_romanian_dualtouch.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\keyboards\layout_portuguese_dualtouch.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\keyboards\layout_portuguese_default.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\keyboards\layout_polish_dualtouch.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\keyboards\layout_polish_default.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\keyboards\layout_norwegian_dualtouch.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\keyboards\layout_norwegian_default.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\keyboards\layout_italian_dualtouch.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\keyboards\layout_italian_default.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\keyboards\layout_hungarian_dualtouch.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\keyboards\layout_german_dualtouch.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\keyboards\layout_german_default.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\localization\tenfoot_english.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\localization\tenfoot_finnish.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\localization\tenfoot_french.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\localization\tenfoot_german.txt.aes
  • %ProgramFiles(x86)%\windows nt\tabletextservice\tabletextservicesimplifiedzhengma.txt.aes
  • %ProgramFiles(x86)%\windows nt\tabletextservice\tabletextservicesimplifiedshuangpin.txt.aes
  • %ProgramFiles(x86)%\windows nt\tabletextservice\tabletextservicesimplifiedquanpin.txt.aes
  • %ProgramFiles(x86)%\windows nt\tabletextservice\tabletextservicedayi.txt.aes
  • %ProgramFiles(x86)%\windows nt\tabletextservice\tabletextservicearray.txt.aes
  • %ProgramFiles(x86)%\windows nt\tabletextservice\tabletextserviceamharic.txt.aes
  • %ProgramFiles(x86)%\winamp\plugins\freeform\xml\about\barcodefont.txt.aes
  • %ProgramFiles(x86)%\winamp\whatsnew.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\localization\tenfoot_ukrainian.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\localization\tenfoot_turkish.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\localization\tenfoot_thai.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\localization\tenfoot_tchinese.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\keyboards\layout_finnish_dualtouch.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\localization\tenfoot_swedish.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\localization\tenfoot_schinese.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\localization\tenfoot_russian.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\localization\tenfoot_romanian.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\localization\tenfoot_portuguese.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\localization\tenfoot_polish.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\localization\tenfoot_norwegian.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\localization\tenfoot_koreana.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\localization\tenfoot_korean.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\localization\tenfoot_japanese.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\localization\tenfoot_italian.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\localization\tenfoot_hungarian.txt.aes
  • %ProgramFiles(x86)%\steam\tenfoot\resource\localization\tenfoot_greek.txt.aes
  • %ProgramFiles(x86)%\windows nt\tabletextservice\tabletextserviceyi.txt.aes
  • C:\totalcmd\keyboard.txt.aes
  • %ProgramFiles(x86)%\steam\resource\platform_czech.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamui_bulgarian.txt.aes
  • %CommonProgramFiles(x86)%\microsoft shared\office10\ctryinfo.txt.aes
  • %CommonProgramFiles(x86)%\adobe\reader\dc\linguistics\providers\plugins2\adobehunspellplugin\supplementaldictionaries\en_us\excluded.txt.aes
  • %CommonProgramFiles(x86)%\adobe\reader\dc\linguistics\providers\plugins2\adobehunspellplugin\supplementaldictionaries\en_us\added.txt.aes
  • %CommonProgramFiles(x86)%\adobe\reader\dc\linguistics\providers\plugins2\adobehunspellplugin\supplementaldictionaries\en_gb\excluded.txt.aes
  • %CommonProgramFiles(x86)%\adobe\reader\dc\linguistics\providers\plugins2\adobehunspellplugin\supplementaldictionaries\en_gb\added.txt.aes
  • %CommonProgramFiles(x86)%\adobe\reader\dc\linguistics\providers\plugins2\adobehunspellplugin\supplementaldictionaries\en_ca\excluded.txt.aes
  • %CommonProgramFiles(x86)%\adobe\reader\dc\linguistics\providers\plugins2\adobehunspellplugin\supplementaldictionaries\en_ca\added.txt.aes
  • %CommonProgramFiles(x86)%\adobe\reader\dc\linguistics\providers\plugins2\adobehunspellplugin\dictionaries\en_us\readme_en_us.txt.aes
  • %CommonProgramFiles(x86)%\adobe\reader\dc\linguistics\providers\plugins2\adobehunspellplugin\dictionaries\en_gb\wordnet_license.txt.aes
  • %CommonProgramFiles(x86)%\adobe\reader\dc\linguistics\providers\plugins2\adobehunspellplugin\dictionaries\en_gb\readme_en_gb.txt.aes
  • %CommonProgramFiles(x86)%\adobe\reader\dc\linguistics\providers\plugins2\adobehunspellplugin\dictionaries\en_gb\readme.txt.aes
  • %CommonProgramFiles(x86)%\adobe\reader\dc\linguistics\providers\plugins2\adobehunspellplugin\dictionaries\en_gb\license.txt.aes
  • %CommonProgramFiles(x86)%\adobe\reader\dc\linguistics\providers\plugins2\adobehunspellplugin\dictionaries\en_gb\changelog.txt.aes
  • %CommonProgramFiles(x86)%\adobe\reader\dc\linguistics\providers\plugins2\adobehunspellplugin\dictionaries\en_gb\affdescription.txt.aes
  • %CommonProgramFiles(x86)%\adobe\reader\dc\linguistics\providers\plugins2\adobehunspellplugin\dictionaries\en_ca\readme_th_en_ca_v2.txt.aes
  • %CommonProgramFiles(x86)%\adobe\reader\dc\linguistics\providers\plugins2\adobehunspellplugin\dictionaries\en_ca\readme_en_ca.txt.aes
  • %CommonProgramFiles(x86)%\adobe\reader\dc\linguistics\providers\plugins2\adobehunspellplugin\abbreviations\en_us\list.txt.aes
  • %CommonProgramFiles(x86)%\adobe\reader\dc\linguistics\providers\plugins2\adobehunspellplugin\abbreviations\en_gb\list.txt.aes
  • %CommonProgramFiles(x86)%\adobe\reader\dc\linguistics\providers\plugins2\adobehunspellplugin\abbreviations\en_ca\list.txt.aes
  • %CommonProgramFiles(x86)%\adobe\reader\dc\linguistics\providers\adobe\products.txt.aes
  • %CommonProgramFiles(x86)%\adobe\reader\dc\linguistics\languagenames2\displaylanguagenames.en_us_posix.txt.aes
  • %CommonProgramFiles(x86)%\adobe\reader\dc\linguistics\languagenames2\displaylanguagenames.en_us.txt.aes
  • %CommonProgramFiles(x86)%\adobe\reader\dc\linguistics\languagenames2\displaylanguagenames.en_gb_euro.txt.aes
  • %CommonProgramFiles(x86)%\adobe\reader\dc\linguistics\languagenames2\displaylanguagenames.en_gb.txt.aes
  • %CommonProgramFiles(x86)%\adobe\reader\dc\linguistics\languagenames2\displaylanguagenames.en_ca.txt.aes
  • %ProgramFiles(x86)%\k-lite codec pack\icaros\ffmpeg license.txt.aes
  • %ProgramFiles(x86)%\k-lite codec pack\icaros\icaros license.txt.aes
  • %ProgramFiles(x86)%\microsoft.net\sdk\v1.1\license.txt.aes
  • %ProgramFiles(x86)%\microsoft.net\sdk\v1.1\redist.txt.aes
  • %ProgramFiles(x86)%\steam\friends\trackerui_schinese.txt.aes
  • %ProgramFiles(x86)%\steam\friends\trackerui_russian.txt.aes
  • %ProgramFiles(x86)%\steam\friends\trackerui_romanian.txt.aes
  • %ProgramFiles(x86)%\steam\friends\trackerui_portuguese.txt.aes
  • %ProgramFiles(x86)%\steam\friends\trackerui_polish.txt.aes
  • %ProgramFiles(x86)%\steam\friends\trackerui_norwegian.txt.aes
  • %ProgramFiles(x86)%\steam\friends\trackerui_koreana.txt.aes
  • %ProgramFiles(x86)%\steam\friends\trackerui_korean.txt.aes
  • %ProgramFiles(x86)%\steam\friends\trackerui_japanese.txt.aes
  • %ProgramFiles(x86)%\steam\friends\trackerui_italian.txt.aes
  • %ProgramFiles(x86)%\steam\friends\trackerui_hungarian.txt.aes
  • %ProgramFiles(x86)%\steam\friends\trackerui_greek.txt.aes
  • %ProgramFiles(x86)%\steam\friends\trackerui_french.txt.aes
  • %ProgramFiles(x86)%\steam\friends\trackerui_german.txt.aes
  • %ProgramFiles(x86)%\steam\friends\trackerui_finnish.txt.aes
  • %ProgramFiles(x86)%\steam\friends\trackerui_english.txt.aes
  • %ProgramFiles(x86)%\steam\friends\trackerui_dutch.txt.aes
  • %ProgramFiles(x86)%\steam\friends\trackerui_danish.txt.aes
  • %ProgramFiles(x86)%\steam\friends\trackerui_czech.txt.aes
  • %ProgramFiles(x86)%\steam\friends\trackerui_bulgarian.txt.aes
  • %ProgramFiles(x86)%\steam\friends\trackerui_brazilian.txt.aes
  • %ProgramFiles(x86)%\qip 2012\smilies\qip smilies\copyright.txt.aes
  • %ProgramFiles(x86)%\qip 2012\smilies\qip smilies\copyright(eng).txt.aes
  • %ProgramFiles(x86)%\opera\29.0.1795.47\resources\license.txt.aes
  • %ProgramFiles(x86)%\mirc\versions.txt.aes
  • %ProgramFiles(x86)%\mirc\readme.txt.aes
  • %ProgramFiles(x86)%\steam\friends\trackerui_spanish.txt.aes
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\win\cp1258.txt.aes
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\win\cp1257.txt.aes
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\win\cp1254.txt.aes
  • %ProgramFiles%\java\jre1.8.0_45\thirdpartylicensereadme-javafx.txt.aes
  • %ProgramFiles%\java\jre1.8.0_45\readme.txt.aes
  • %ProgramFiles%\firefox\readme.txt.aes
  • %CommonProgramFiles%\microsoft shared\smart tag\metconv.txt.aes
  • C:\far2\plugins\ftp\notes_rus.txt.aes
  • C:\far2\plugins\ftp\notes.txt.aes
  • C:\far2\plugins\ftp\ftpcmds_rus.txt.aes
  • C:\far2\plugins\ftp\ftpcmds.txt.aes
  • C:\far2\documentation\rus\techinfo.txt.aes
  • C:\far2\documentation\rus\plugins_review.txt.aes
  • C:\far2\documentation\rus\plugins_install.txt.aes
  • C:\far2\documentation\rus\far_faq.txt.aes
  • C:\far2\documentation\rus\bug_report.txt.aes
  • C:\far2\documentation\rus\arc_support.txt.aes
  • C:\far2\documentation\eng\techinfo.txt.aes
  • C:\far2\documentation\eng\plugins_review.txt.aes
  • C:\far2\documentation\eng\plugins_install.txt.aes
  • C:\far2\documentation\eng\far_faq.txt.aes
  • C:\far2\documentation\eng\bug_report.txt.aes
  • C:\far2\documentation\eng\arc_support.txt.aes
  • C:\far2\addons\readme.txt.aes
  • %APPDATA%\inf.bmp
  • %WINDIR%\logs\windowsbackup\wbadmin.0.etl
  • %TEMP%\2442.tmp\aescrypt.exe
  • %TEMP%\2442.tmp\photo.bmp
  • %ProgramFiles%\java\jre1.8.0_45\thirdpartylicensereadme.txt.aes
  • %ProgramFiles%\java\jre1.8.0_45\bin\server\xusage.txt.aes
  • %ProgramFiles%\java\jre1.8.0_45\lib\jvm.hprof.txt.aes
  • %ProgramFiles%\windows nt\tabletextservice\tabletextserviceamharic.txt.aes
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\win\cp1252.txt.aes
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\win\cp1251.txt.aes
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\win\cp1250.txt.aes
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\mac\ukraine.txt.aes
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\mac\turkish.txt.aes
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\mac\symbol.txt.aes
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\mac\romanian.txt.aes
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\mac\roman.txt.aes
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\mac\iceland.txt.aes
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\mac\greek.txt.aes
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\mac\cyrillic.txt.aes
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\mac\croatian.txt.aes
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\mac\centeuro.txt.aes
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\mac\corpchar.txt.aes
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\adobe\zdingbat.txt.aes
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\adobe\symbol.txt.aes
  • %ProgramFiles%\winrar\whatsnew.txt.aes
  • %ProgramFiles%\winrar\readme.txt.aes
  • %ProgramFiles%\winrar\rar.txt.aes
  • %ProgramFiles%\winrar\license.txt.aes
  • %ProgramFiles%\windows nt\tabletextservice\tabletextserviceyi.txt.aes
  • %ProgramFiles%\windows nt\tabletextservice\tabletextservicesimplifiedzhengma.txt.aes
  • %ProgramFiles%\windows nt\tabletextservice\tabletextservicesimplifiedshuangpin.txt.aes
  • %ProgramFiles%\windows nt\tabletextservice\tabletextservicesimplifiedquanpin.txt.aes
  • %ProgramFiles%\windows nt\tabletextservice\tabletextservicedayi.txt.aes
  • %ProgramFiles%\windows nt\tabletextservice\tabletextservicearray.txt.aes
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\resource\typesupport\unicode\mappings\win\cp1253.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamclean_hungarian.txt.aes
  • %ProgramFiles(x86)%\steam\resource\platform_brazilian.txt.aes
  • %ProgramFiles(x86)%\steam\friends\trackerui_thai.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamui_turkish.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamui_thai.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamui_tchinese.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamui_swedish.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamui_spanish.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamui_schinese.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamui_russian.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamui_romanian.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamui_postlogon_greek.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamui_portuguese.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamui_polish.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamui_norwegian.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamui_koreana.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamui_korean.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamui_japanese.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamui_italian.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamui_hungarian.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamui_greek.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamui_german.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamui_french.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamui_finnish.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamui_english.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamui_dutch.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamui_danish.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamui_czech.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamui_ukrainian.txt.aes
  • %ProgramFiles(x86)%\steam\public\url_list.txt.aes
  • %ProgramFiles(x86)%\steam\remoteui\static\libs\license.txt.aes
  • %ProgramFiles(x86)%\steam\resource\overlay_brazilian.txt.aes
  • %ProgramFiles(x86)%\steam\resource\overlay_ukrainian.txt.aes
  • %ProgramFiles(x86)%\steam\resource\overlay_turkish.txt.aes
  • %ProgramFiles(x86)%\steam\resource\overlay_thai.txt.aes
  • %ProgramFiles(x86)%\steam\resource\overlay_tchinese.txt.aes
  • %ProgramFiles(x86)%\steam\resource\overlay_swedish.txt.aes
  • %ProgramFiles(x86)%\steam\resource\overlay_spanish.txt.aes
  • %ProgramFiles(x86)%\steam\resource\overlay_schinese.txt.aes
  • %ProgramFiles(x86)%\steam\resource\overlay_russian.txt.aes
  • %ProgramFiles(x86)%\steam\resource\overlay_romanian.txt.aes
  • %ProgramFiles(x86)%\steam\resource\overlay_portuguese.txt.aes
  • %ProgramFiles(x86)%\steam\resource\overlay_polish.txt.aes
  • %ProgramFiles(x86)%\steam\resource\overlay_norwegian.txt.aes
  • %ProgramFiles(x86)%\steam\resource\overlay_korean.txt.aes
  • %ProgramFiles(x86)%\steam\resource\overlay_koreana.txt.aes
  • %ProgramFiles(x86)%\steam\resource\overlay_japanese.txt.aes
  • %ProgramFiles(x86)%\steam\resource\overlay_italian.txt.aes
  • %ProgramFiles(x86)%\steam\resource\overlay_hungarian.txt.aes
  • %ProgramFiles(x86)%\steam\resource\overlay_greek.txt.aes
  • %ProgramFiles(x86)%\steam\resource\overlay_german.txt.aes
  • %ProgramFiles(x86)%\steam\resource\overlay_french.txt.aes
  • %ProgramFiles(x86)%\steam\resource\overlay_finnish.txt.aes
  • %ProgramFiles(x86)%\steam\resource\overlay_english.txt.aes
  • %ProgramFiles(x86)%\steam\resource\overlay_dutch.txt.aes
  • %ProgramFiles(x86)%\steam\resource\overlay_danish.txt.aes
  • %ProgramFiles(x86)%\steam\resource\overlay_czech.txt.aes
  • %ProgramFiles(x86)%\steam\resource\overlay_bulgarian.txt.aes
  • %ProgramFiles(x86)%\steam\friends\trackerui_tchinese.txt.aes
  • %ProgramFiles(x86)%\steam\resource\platform_bulgarian.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamui_brazilian.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamclean_ukrainian.txt.aes
  • %ProgramFiles(x86)%\steam\public\steambootstrapper_russian.txt.aes
  • %ProgramFiles(x86)%\steam\public\steambootstrapper_romanian.txt.aes
  • %ProgramFiles(x86)%\steam\public\steambootstrapper_portuguese.txt.aes
  • %ProgramFiles(x86)%\steam\public\steambootstrapper_polish.txt.aes
  • %ProgramFiles(x86)%\steam\public\steambootstrapper_norwegian.txt.aes
  • %ProgramFiles(x86)%\steam\public\steambootstrapper_koreana.txt.aes
  • %ProgramFiles(x86)%\steam\public\steambootstrapper_korean.txt.aes
  • %ProgramFiles(x86)%\steam\public\steambootstrapper_japanese.txt.aes
  • %ProgramFiles(x86)%\steam\public\steambootstrapper_italian.txt.aes
  • %ProgramFiles(x86)%\steam\public\steambootstrapper_hungarian.txt.aes
  • %ProgramFiles(x86)%\steam\public\steambootstrapper_greek.txt.aes
  • %ProgramFiles(x86)%\steam\public\steambootstrapper_german.txt.aes
  • %ProgramFiles(x86)%\steam\public\steambootstrapper_french.txt.aes
  • %ProgramFiles(x86)%\steam\public\steambootstrapper_finnish.txt.aes
  • %ProgramFiles(x86)%\steam\public\steambootstrapper_english.txt.aes
  • %ProgramFiles(x86)%\steam\public\steambootstrapper_dutch.txt.aes
  • %ProgramFiles(x86)%\steam\public\steambootstrapper_danish.txt.aes
  • %ProgramFiles(x86)%\steam\public\steambootstrapper_czech.txt.aes
  • %ProgramFiles(x86)%\steam\public\steambootstrapper_brazilian.txt.aes
  • %ProgramFiles(x86)%\steam\logs\content_log.txt.aes
  • %ProgramFiles(x86)%\steam\logs\connection_log.txt.aes
  • %ProgramFiles(x86)%\steam\logs\configstore_log.txt.aes
  • %ProgramFiles(x86)%\steam\logs\bootstrap_log.txt.aes
  • %ProgramFiles(x86)%\steam\friends\trackerui_ukrainian.txt.aes
  • %ProgramFiles(x86)%\steam\friends\trackerui_turkish.txt.aes
  • %ProgramFiles(x86)%\steam\public\steambootstrapper_schinese.txt.aes
  • %ProgramFiles(x86)%\steam\public\steambootstrapper_spanish.txt.aes
  • %ProgramFiles(x86)%\steam\public\steambootstrapper_swedish.txt.aes
  • %ProgramFiles(x86)%\steam\public\steambootstrapper_tchinese.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamclean_thai.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamclean_tchinese.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamclean_swedish.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamclean_spanish.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamclean_schinese.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamclean_russian.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamclean_romanian.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamclean_portuguese.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamclean_polish.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamclean_norwegian.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamclean_korean.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamclean_japanese.txt.aes
  • %ProgramFiles(x86)%\steam\friends\trackerui_swedish.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamclean_italian.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamclean_greek.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamclean_german.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamclean_french.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamclean_finnish.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamclean_english.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamclean_dutch.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamclean_danish.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamclean_czech.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamclean_brazilian.txt.aes
  • %ProgramFiles(x86)%\steam\public\steambootstrapper_ukrainian.txt.aes
  • %ProgramFiles(x86)%\steam\public\steambootstrapper_turkish.txt.aes
  • %ProgramFiles(x86)%\steam\public\steambootstrapper_thai.txt.aes
  • %ProgramFiles(x86)%\steam\public\steamclean_turkish.txt.aes
  • %WINDIR%\installer\$patchcache$\managed\00004109110000000100000000f01fec\cachesize.txt.aes
Deletes the following files
  • %WINDIR%\ntbtlog.txt
  • %WINDIR%\microsoft.net\framework\v4.0.30319\thirdpartynotices.txt
  • %WINDIR%\microsoft.net\framework\v1.1.4322\1033\setupenu2.txt
  • %WINDIR%\microsoft.net\framework\v1.1.4322\1033\setupenu1.txt
  • %WINDIR%\installer\$patchcache$\managed\68ab67ca7da73301b744caf070e41400\cachesize.txt
  • %WINDIR%\installer\$patchcache$\managed\00004109f100c0400100000000f01fec\cachesize.txt
  • %WINDIR%\installer\$patchcache$\managed\00004109f100a0c00100000000f01fec\cachesize.txt
  • %WINDIR%\installer\$patchcache$\managed\00004109f10090400100000000f01fec\cachesize.txt
  • %WINDIR%\installer\$patchcache$\managed\00004109e60090400100000000f01fec\cachesize.txt
  • %WINDIR%\installer\$patchcache$\managed\00004109b10090400100000000f01fec\cachesize.txt
  • %WINDIR%\installer\$patchcache$\managed\00004109ab0090400100000000f01fec\cachesize.txt
  • %WINDIR%\installer\$patchcache$\managed\00004109a10090400100000000f01fec\cachesize.txt
  • %WINDIR%\installer\$patchcache$\managed\00004109810090400100000000f01fec\cachesize.txt
  • %WINDIR%\installer\$patchcache$\managed\00004109610090400100000000f01fec\cachesize.txt
  • %WINDIR%\installer\$patchcache$\managed\00004109510090400100000000f01fec\cachesize.txt
  • %WINDIR%\installer\$patchcache$\managed\00004109340090400100000000f01fec\cachesize.txt
  • %WINDIR%\installer\$patchcache$\managed\00004109340000000100000000f01fec\cachesize.txt
  • %WINDIR%\installer\$patchcache$\managed\000041091a0090400100000000f01fec\cachesize.txt
  • %WINDIR%\installer\$patchcache$\managed\00004109110000000100000000f01fec\cachesize.txt
  • %WINDIR%\ocsetup_cbs_uninstall_searchengine-client-package.txt
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\thirdpartynotices.txt
  • <SYSTEM32>\catroot2\dberr.txt
Moves the following files
  • from %WINDIR%\logs\windowsbackup\wbadmin.0.etl to %WINDIR%\logs\windowsbackup\wbadmin.1.etl
Miscellaneous
Creates and executes the following
  • '%TEMP%\2442.tmp\aescrypt.exe' -e -p "CpeYeZXGP9ErTfRFogKHmE5NpzCp3HXmRbGmv8SsAuETSNKsm6wdcuyyFFYdCk5kJk63VlmKSUV4KCwRd36dosrpCYlBP2E7wMCQx5rOPIpLJ7w4zRhjJ3gd5oCllLmhScEdZ90twx20qwertyy123432948204820sji29213o2ouery7t2yfeu2f...
  • '<SYSTEM32>\cmd.exe' /c "%TEMP%\2442.tmp\2443.tmp\2444.bat <Full path to file>"' (with hidden window)
Executes the following
  • '<SYSTEM32>\cmd.exe' /c "%TEMP%\2442.tmp\2443.tmp\2444.bat <Full path to file>"
  • '<SYSTEM32>\wbadmin.exe' delete catalog /quiet

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play