Technical Information
- <SYSTEM32>\cmd.exe
- %HOMEPATH%\desktop\contoso.cer
- %HOMEPATH%\desktop\contosoroot.cer
- %HOMEPATH%\desktop\contosoroot_1.cer
- %HOMEPATH%\desktop\dashborder_144.bmp
- %HOMEPATH%\desktop\dashborder_96.bmp
- %HOMEPATH%\desktop\dialmap.bmp
- %HOMEPATH%\desktop\join.avi
- %HOMEPATH%\desktop\ovp25012015.doc
- %HOMEPATH%\desktop\pmd.cer
- %HOMEPATH%\desktop\sdksampleprivdeveloper.cer
- %HOMEPATH%\desktop\sdksampleunprivdeveloper.cer
- %HOMEPATH%\desktop\sdszfo.docx
- %HOMEPATH%\desktop\testcertificate.cer
- %HOMEPATH%\desktop\testee.cer
- %HOMEPATH%\desktop\thlps_keeper_mayer_1965.docx
- %TEMP%\2136.tmp\2147.tmp\2148.bat
- C:\nbxutylzs\users\public\music\sample music\folder.jpg
- C:\nbxutylzs\users\public\music\sample music\desktop.ini
- C:\nbxutylzs\users\public\music\sample music\albumartsmall.jpg
- C:\nbxutylzs\users\public\music\sample music\albumart_{5fa05d35-a682-4af6-96f7-0773e42d4d16}_small.jpg
- C:\nbxutylzs\users\public\music\sample music\albumart_{5fa05d35-a682-4af6-96f7-0773e42d4d16}_large.jpg
- C:\nbxutylzs\users\public\music\desktop.ini
- C:\nbxutylzs\users\public\desktop\mirc.lnk
- C:\nbxutylzs\users\public\libraries\recordedtv.library-ms
- C:\nbxutylzs\users\public\downloads\desktop.ini
- C:\nbxutylzs\users\public\documents\desktop.ini
- C:\nbxutylzs\users\public\desktop\winamp.lnk
- C:\nbxutylzs\users\public\desktop\steam.lnk
- C:\nbxutylzs\users\public\desktop\opera.lnk
- C:\nbxutylzs\users\public\desktop\mozilla thunderbird.lnk
- C:\nbxutylzs\users\public\libraries\desktop.ini
- C:\nbxutylzs\users\public\desktop\mozilla firefox.lnk
- C:\nbxutylzs\users\public\music\sample music\kalimba.mp3
- C:\nbxutylzs\users\public\pictures\sample pictures\koala.jpg
- C:\nbxutylzs\users\public\videos\desktop.ini
- C:\nbxutylzs\users\public\recorded tv\sample media\win7_scenic-demoshort_raw.wtv
- C:\nbxutylzs\users\public\recorded tv\sample media\desktop.ini
- C:\nbxutylzs\users\public\recorded tv\desktop.ini
- C:\nbxutylzs\users\public\pictures\sample pictures\tulips.jpg
- C:\nbxutylzs\users\public\pictures\sample pictures\penguins.jpg
- C:\nbxutylzs\users\public\music\sample music\sleep away.mp3
- C:\nbxutylzs\users\public\music\sample music\maid with the flaxen hair.mp3
- C:\nbxutylzs\users\public\pictures\sample pictures\jellyfish.jpg
- C:\nbxutylzs\users\public\pictures\sample pictures\hydrangeas.jpg
- C:\nbxutylzs\users\public\pictures\sample pictures\desktop.ini
- C:\nbxutylzs\users\public\pictures\sample pictures\desert.jpg
- C:\nbxutylzs\users\public\pictures\sample pictures\chrysanthemum.jpg
- C:\nbxutylzs\users\public\pictures\desktop.ini
- C:\nbxutylzs\users\public\pictures\sample pictures\lighthouse.jpg
- C:\nbxutylzs\users\public\desktop\google chrome.lnk
- C:\nbxutylzs\users\public\desktop\desktop.ini
- C:\nbxutylzs\users\public\desktop\acrobat reader dc.lnk
- C:\nbxutylzs\users\user\desktop\notepad.exe
- C:\nbxutylzs\users\user\desktop\mail.ru agent.lnk
- C:\nbxutylzs\users\user\desktop\join.avi
- C:\nbxutylzs\users\user\desktop\icq.lnk
- C:\nbxutylzs\users\user\desktop\dialmap.bmp
- C:\nbxutylzs\users\user\desktop\pmd.cer
- C:\nbxutylzs\users\user\desktop\desktop.ini
- C:\nbxutylzs\users\user\desktop\dashborder_144.bmp
- C:\nbxutylzs\users\user\desktop\contosoroot_1.cer
- C:\nbxutylzs\users\user\desktop\contosoroot.cer
- C:\nbxutylzs\users\user\desktop\contoso.cer
- C:\null
- <Current directory>\null
- C:\nbxutylzs\users\user\desktop\dashborder_96.bmp
- C:\nbxutylzs\users\user\desktop\qip 2012.lnk
- C:\nbxutylzs\users\user\desktop\ovp25012015.doc
- C:\nbxutylzs\users\user\desktop\sdksampleprivdeveloper.cer
- C:\nbxutylzs\users\public\desktop.ini
- C:\nbxutylzs\users\user\desktop\total commander 64 bit.lnk
- C:\nbxutylzs\users\user\contacts\user.contact
- C:\nbxutylzs\users\user\contacts\desktop.ini
- C:\nbxutylzs\users\user\pictures\desktop.ini
- C:\nbxutylzs\users\user\documents\desktop.ini
- C:\nbxutylzs\users\user\desktop\winmine.exe
- C:\nbxutylzs\users\user\desktop\utorrent.exe
- C:\nbxutylzs\users\user\desktop\thlps_keeper_mayer_1965.docx
- C:\nbxutylzs\users\user\desktop\sdksampleunprivdeveloper.cer
- C:\nbxutylzs\users\user\desktop\testee.cer
- C:\nbxutylzs\users\user\desktop\testcertificate.cer
- C:\nbxutylzs\users\user\desktop\telegram.lnk
- C:\nbxutylzs\users\user\desktop\tcm851ax32.exe
- C:\nbxutylzs\users\user\desktop\skypesetup.exe
- C:\nbxutylzs\users\user\desktop\sdszfo.docx
- C:\nbxutylzs\users\public\videos\sample videos\desktop.ini
- C:\nbxutylzs\users\public\videos\sample videos\wildlife.wmv
- C:\nbxutylzs\users\user\desktop\desktop.ini
- C:\nbxutylzs\users\public\recorded tv\sample media\desktop.ini
- C:\nbxutylzs\users\public\recorded tv\desktop.ini
- C:\nbxutylzs\users\public\pictures\sample pictures\desktop.ini
- C:\nbxutylzs\users\public\pictures\desktop.ini
- C:\nbxutylzs\users\public\music\sample music\folder.jpg
- C:\nbxutylzs\users\public\music\sample music\desktop.ini
- C:\nbxutylzs\users\public\music\sample music\albumartsmall.jpg
- C:\nbxutylzs\users\public\music\sample music\albumart_{5fa05d35-a682-4af6-96f7-0773e42d4d16}_small.jpg
- C:\nbxutylzs\users\public\videos\desktop.ini
- C:\nbxutylzs\users\public\music\sample music\albumart_{5fa05d35-a682-4af6-96f7-0773e42d4d16}_large.jpg
- C:\nbxutylzs\users\public\libraries\desktop.ini
- C:\nbxutylzs\users\public\downloads\desktop.ini
- C:\nbxutylzs\users\public\documents\desktop.ini
- C:\nbxutylzs\users\public\desktop\desktop.ini
- C:\nbxutylzs\users\public\desktop.ini
- C:\nbxutylzs\users\user\contacts\desktop.ini
- C:\nbxutylzs\users\user\pictures\desktop.ini
- C:\nbxutylzs\users\user\documents\desktop.ini
- C:\nbxutylzs\users\public\music\desktop.ini
- C:\nbxutylzs\users\public\videos\sample videos\desktop.ini
- C:\null
- %TEMP%\2136.tmp\2147.tmp\2148.bat
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\2136.tmp\2147.tmp\2148.bat <Full path to file>"
- '<SYSTEM32>\robocopy.exe' "%LOCALAPPDATA%\DxO\DxO PhotoLab 4\Workspaces" "C:\nbxutylzs\Users\user\AppData\Local\DxO\DxO PhotoLab 4\Workspaces" /XJ /E /MIR /ZB /R:1 /W:1 /V /FP
- '<SYSTEM32>\robocopy.exe' "%LOCALAPPDATA%\DxO\DxO PhotoLab 4\Modules" "C:\nbxutylzs\Users\user\AppData\Local\DxO\DxO PhotoLab 4\Modules" /XJ /E /MIR /ZB /R:1 /W:1 /V /FP
- '<SYSTEM32>\robocopy.exe' "%LOCALAPPDATA%\DxO\DxO PhotoLab 4\Presets" "C:\nbxutylzs\Users\user\AppData\Local\DxO\DxO PhotoLab 4\Presets" /XJ /E /MIR /ZB /R:1 /W:1 /V /FP
- '<SYSTEM32>\robocopy.exe' "%APPDATA%\DxO\DxO PhotoLab 4\Database" "C:\nbxutylzs\Users\user\AppData\Roaming\DxO\DxO PhotoLab 4\Database" /XJ /E /MIR /ZB /R:1 /W:1 /V /FP
- '<SYSTEM32>\robocopy.exe' "%LOCALAPPDATA%\CaptureOne\Workspaces130" "C:\nbxutylzs\Users\user\AppData\Local\CaptureOne\Workspaces130" /XJ /E /MIR /ZB /R:1 /W:1 /V /FP
- '<SYSTEM32>\robocopy.exe' "%LOCALAPPDATA%\CaptureOne\PrintTemplates" "C:\nbxutylzs\Users\user\AppData\Local\CaptureOne\PrintTemplates" /XJ /E /MIR /ZB /R:1 /W:1 /V /FP
- '<SYSTEM32>\robocopy.exe' "%LOCALAPPDATA%\CaptureOne\Styles" "C:\nbxutylzs\Users\user\AppData\Local\CaptureOne\Styles" /XJ /E /MIR /ZB /R:1 /W:1 /V /FP
- '<SYSTEM32>\robocopy.exe' "%LOCALAPPDATA%\Microsoft\Windows\Themes" "C:\nbxutylzs\Users\user\AppData\Local\Microsoft\Windows\Themes" /XJ /E /MIR /ZB /R:1 /W:1 /V /FP
- '<SYSTEM32>\robocopy.exe' "%APPDATA%\Adobe\Adobe Photoshop 2021\Presets" "C:\nbxutylzs\Users\user\AppData\Roaming\Adobe\Adobe Photoshop 2021\Presets" /XJ /E /MIR /ZB /R:1 /W:1 /V /FP
- '<SYSTEM32>\robocopy.exe' "%APPDATA%\Microsoft\Outlook" "C:\nbxutylzs\Users\user\AppData\Roaming\Microsoft\Outlook" /XJ /E /MIR /ZB /R:1 /W:1 /V /FP
- '<SYSTEM32>\robocopy.exe' "%LOCALAPPDATA%\Microsoft\Office\OTele" "C:\nbxutylzs\Users\user\AppData\Local\Microsoft\Office\OTele" /XJ /E /MIR /ZB /R:1 /W:1 /V /FP
- '<SYSTEM32>\robocopy.exe' "%HOMEPATH%\Contacts" "C:\nbxutylzs\Users\user\Contacts" /XJ /E /MIR /ZB /R:1 /W:1 /V /FP
- '<SYSTEM32>\robocopy.exe' "%HOMEPATH%\Pictures" "C:\nbxutylzs\Users\user\Pictures" /XJ /E /MIR /ZB /R:1 /W:1 /V /FP
- '<SYSTEM32>\robocopy.exe' "%HOMEPATH%\Documents" "C:\nbxutylzs\Users\user\Documents" /XJ /E /MIR /ZB /R:1 /W:1 /V /FP
- '<SYSTEM32>\robocopy.exe' "%HOMEPATH%\Desktop" "C:\nbxutylzs\Users\user\Desktop" /XJ /E /MIR /ZB /R:1 /W:1 /V /FP
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 3 -w 2000
- '<SYSTEM32>\robocopy.exe' "%APPDATA%\Adobe\Lightroom" "C:\nbxutylzs\Users\user\AppData\Roaming\Adobe\Lightroom" /XJ /E /MIR /ZB /R:1 /W:1 /V /FP
- '<SYSTEM32>\robocopy.exe' "C:\Users\Public" "C:\nbxutylzs\Users\Public" /XJ /E /MIR /ZB /R:1 /W:1 /V /FP