Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'XO1XADpO01' = '"C"'
- <Drive name for removable media>:\000814251_video_01.avi
- <Drive name for removable media>:\applicantform_en.doc
- <Drive name for removable media>:\sdksampleprivdeveloper.cer
- <Drive name for removable media>:\testcertificate.cer
- <Drive name for removable media>:\pmd.cer
- <Drive name for removable media>:\contosoroot.cer
- <Drive name for removable media>:\contoso_1.cer
- <Drive name for removable media>:\default.bmp
- <Drive name for removable media>:\dashborder_120.bmp
- <Drive name for removable media>:\dialmap.bmp
- <Drive name for removable media>:\tileimage.bmp
- <Drive name for removable media>:\dashborder_192.bmp
- <Drive name for removable media>:\join.avi
- <Drive name for removable media>:\delete.avi
- <Drive name for removable media>:\dashborder_144.bmp
- <Drive name for removable media>:\restore-my-files.txt
- <Drive name for removable media>:\hanni_umami_chapter.doc
- <Drive name for removable media>:\february_catalogue__2015.doc
- D:\restore-my-files.txt
- C:\far2\addons\colors\custom_highlighting\restore-my-files.txt
- C:\far2\addons\colors\default_highlighting\restore-my-files.txt
- C:\far2\addons\colors\restore-my-files.txt
- C:\far2\addons\restore-my-files.txt
- <Drive name for removable media>:\000814251_video_01.avi
- C:\far2\addons\colors\default_highlighting\descript.ion
- C:\far2\addons\colors\custom_highlighting\descript.ion
- <Drive name for removable media>:\february_catalogue__2015.doc
- <Drive name for removable media>:\ovp25012015.doc
- <Drive name for removable media>:\hanni_umami_chapter.doc
- <Drive name for removable media>:\applicantform_en.doc
- <Drive name for removable media>:\sdksampleprivdeveloper.cer
- <Drive name for removable media>:\testcertificate.cer
- <Drive name for removable media>:\pmd.cer
- C:\far2\addons\colors\descript.ion
- <Drive name for removable media>:\contosoroot.cer
- <Drive name for removable media>:\default.bmp
- <Drive name for removable media>:\dashborder_120.bmp
- <Drive name for removable media>:\dialmap.bmp
- <Drive name for removable media>:\tileimage.bmp
- <Drive name for removable media>:\dashborder_192.bmp
- <Drive name for removable media>:\join.avi
- <Drive name for removable media>:\delete.avi
- <Drive name for removable media>:\dashborder_144.bmp
- D:\install.log
- <Drive name for removable media>:\contoso_1.cer
- C:\far2\addons\descript.ion
- '<LOCALNET>.68.254':445
- '<LOCALNET>.68.237':135
- '<LOCALNET>.68.236':135
- '<LOCALNET>.68.235':135
- '<LOCALNET>.68.234':135
- '<LOCALNET>.68.233':135
- '<LOCALNET>.68.232':135
- '<LOCALNET>.68.231':135
- '<LOCALNET>.68.230':135
- '<LOCALNET>.68.229':135
- '<LOCALNET>.68.228':135
- '<LOCALNET>.68.246':135
- '<LOCALNET>.68.219':135
- '<LOCALNET>.68.245':135
- '<LOCALNET>.68.244':135
- '<LOCALNET>.68.243':135
- '<LOCALNET>.68.242':135
- '<LOCALNET>.68.241':135
- '<LOCALNET>.68.240':135
- '<LOCALNET>.68.239':135
- '<LOCALNET>.68.238':135
- '<LOCALNET>.68.252':135
- '<LOCALNET>.68.247':135
- '<LOCALNET>.68.9':445
- '<LOCALNET>.68.220':135
- '<LOCALNET>.68.200':135
- '<LOCALNET>.68.199':135
- '<LOCALNET>.68.198':135
- '<LOCALNET>.68.211':135
- '<LOCALNET>.68.210':135
- '<LOCALNET>.68.209':135
- '<LOCALNET>.68.208':135
- '<LOCALNET>.68.207':135
- '<LOCALNET>.68.206':135
- '<LOCALNET>.68.205':135
- '<LOCALNET>.68.251':135
- '<LOCALNET>.68.218':135
- '<LOCALNET>.68.215':135
- '<LOCALNET>.68.214':135
- '<LOCALNET>.68.213':135
- '<LOCALNET>.68.212':135
- '<LOCALNET>.68.227':135
- '<LOCALNET>.68.226':135
- '<LOCALNET>.68.225':135
- '<LOCALNET>.68.224':135
- '<LOCALNET>.68.223':135
- '<LOCALNET>.68.222':135
- '<LOCALNET>.68.216':135
- '<LOCALNET>.68.221':135
- '<LOCALNET>.68.250':135
- '<LOCALNET>.68.249':135
- '<LOCALNET>.68.248':135
- '<LOCALNET>.68.35':445
- '<LOCALNET>.68.25':445
- '<LOCALNET>.68.26':445
- '<LOCALNET>.68.27':445
- '<LOCALNET>.68.28':445
- '<LOCALNET>.68.29':445
- '<LOCALNET>.68.30':445
- '<LOCALNET>.68.31':445
- '<LOCALNET>.68.32':445
- '<LOCALNET>.68.33':445
- '<LOCALNET>.68.201':135
- '<LOCALNET>.68.23':445
- '<LOCALNET>.68.36':445
- '<LOCALNET>.68.37':445
- '<LOCALNET>.68.38':445
- '<LOCALNET>.68.39':445
- '<LOCALNET>.68.40':445
- '<LOCALNET>.68.41':445
- '<LOCALNET>.68.42':445
- '<LOCALNET>.68.43':445
- '<LOCALNET>.68.44':445
- '<LOCALNET>.68.45':445
- '<LOCALNET>.68.34':445
- '<LOCALNET>.68.217':135
- '<LOCALNET>.68.22':445
- '<LOCALNET>.68.19':445
- '<LOCALNET>.68.21':445
- '<LOCALNET>.68.253':135
- '<LOCALNET>.68.254':135
- '<LOCALNET>.68.0':445
- '<LOCALNET>.68.1':445
- '<LOCALNET>.68.2':445
- '<LOCALNET>.68.3':445
- '<LOCALNET>.68.4':445
- '<LOCALNET>.68.5':445
- '<LOCALNET>.68.6':445
- '<LOCALNET>.68.20':445
- '<LOCALNET>.68.7':445
- '<LOCALNET>.68.24':445
- '<LOCALNET>.68.10':445
- '<LOCALNET>.68.11':445
- '<LOCALNET>.68.12':445
- '<LOCALNET>.68.13':445
- '<LOCALNET>.68.14':445
- '<LOCALNET>.68.15':445
- '<LOCALNET>.68.16':445
- '<LOCALNET>.68.17':445
- '<LOCALNET>.68.18':445
- '<LOCALNET>.68.8':445
- '<LOCALNET>.68.202':135
- '<LOCALNET>.68.203':135
- '<LOCALNET>.68.204':135
- '<LOCALNET>.68.164':135
- '<LOCALNET>.68.163':135
- '<LOCALNET>.68.162':135
- '<LOCALNET>.68.161':135
- '<LOCALNET>.68.160':135
- '<LOCALNET>.68.159':135
- '<LOCALNET>.68.158':135
- '<LOCALNET>.68.174':135
- '<LOCALNET>.68.152':135
- '<LOCALNET>.68.151':135
- '<LOCALNET>.68.165':135
- '<LOCALNET>.68.150':135
- '<LOCALNET>.68.148':135
- '<LOCALNET>.68.147':135
- '<LOCALNET>.68.146':135
- '<LOCALNET>.68.167':135
- '<LOCALNET>.68.166':135
- '<LOCALNET>.68.136':135
- '<LOCALNET>.68.135':135
- '<LOCALNET>.68.134':135
- '<LOCALNET>.68.133':135
- '<LOCALNET>.68.132':135
- '<LOCALNET>.68.149':135
- '<LOCALNET>.68.63':135
- '<LOCALNET>.68.46':445
- '<LOCALNET>.68.169':135
- '<LOCALNET>.68.79':135
- '<LOCALNET>.68.78':135
- '<LOCALNET>.68.77':135
- '<LOCALNET>.68.76':135
- '<LOCALNET>.68.75':135
- '<LOCALNET>.68.74':135
- '<LOCALNET>.68.73':135
- '<LOCALNET>.68.72':135
- '<LOCALNET>.68.66':135
- '<LOCALNET>.68.65':135
- '<LOCALNET>.68.157':135
- '<LOCALNET>.68.64':135
- '<LOCALNET>.68.62':135
- '<LOCALNET>.68.61':135
- '<LOCALNET>.68.60':135
- '<LOCALNET>.68.59':135
- '<LOCALNET>.68.58':135
- '<LOCALNET>.68.57':135
- '<LOCALNET>.68.173':135
- '<LOCALNET>.68.172':135
- '<LOCALNET>.68.171':135
- '<LOCALNET>.68.170':135
- '<LOCALNET>.68.67':135
- '<LOCALNET>.68.123':135
- '<LOCALNET>.68.156':135
- '<LOCALNET>.68.184':135
- '<LOCALNET>.68.115':135
- '<LOCALNET>.68.114':135
- '<LOCALNET>.68.113':135
- '<LOCALNET>.68.121':135
- '<LOCALNET>.68.188':135
- '<LOCALNET>.68.187':135
- '<LOCALNET>.68.186':135
- '<LOCALNET>.68.175':135
- '<LOCALNET>.68.176':135
- '<LOCALNET>.68.177':135
- '<LOCALNET>.68.116':135
- '<LOCALNET>.68.178':135
- '<LOCALNET>.68.180':135
- '<LOCALNET>.68.197':135
- '<LOCALNET>.68.196':135
- '<LOCALNET>.68.195':135
- '<LOCALNET>.68.194':135
- '<LOCALNET>.68.193':135
- '<LOCALNET>.68.192':135
- '<LOCALNET>.68.191':135
- '<LOCALNET>.68.190':135
- '<LOCALNET>.68.189':135
- '<LOCALNET>.68.179':135
- '<LOCALNET>.68.80':135
- '<LOCALNET>.68.154':135
- '<LOCALNET>.68.183':135
- '<LOCALNET>.68.153':135
- '<LOCALNET>.68.145':135
- '<LOCALNET>.68.144':135
- '<LOCALNET>.68.143':135
- '<LOCALNET>.68.142':135
- '<LOCALNET>.68.141':135
- '<LOCALNET>.68.140':135
- '<LOCALNET>.68.139':135
- '<LOCALNET>.68.138':135
- '<LOCALNET>.68.137':135
- '<LOCALNET>.68.155':135
- '<LOCALNET>.68.122':135
- '<LOCALNET>.68.124':135
- '<LOCALNET>.68.125':135
- '<LOCALNET>.68.126':135
- '<LOCALNET>.68.127':135
- '<LOCALNET>.68.128':135
- '<LOCALNET>.68.129':135
- '<LOCALNET>.68.130':135
- '<LOCALNET>.68.131':135
- '<LOCALNET>.68.181':135
- '<LOCALNET>.68.182':135
- '<LOCALNET>.68.185':135
- '<LOCALNET>.68.168':135
- '<LOCALNET>.68.47':445
- '<LOCALNET>.68.74':445
- '<LOCALNET>.68.181':445
- '<LOCALNET>.68.182':445
- '<LOCALNET>.68.183':445
- '<LOCALNET>.68.184':445
- '<LOCALNET>.68.185':445
- '<LOCALNET>.68.186':445
- '<LOCALNET>.68.187':445
- '<LOCALNET>.68.188':445
- '<LOCALNET>.68.189':445
- '<LOCALNET>.68.190':445
- '<LOCALNET>.68.192':445
- '<LOCALNET>.68.179':445
- '<LOCALNET>.68.193':445
- '<LOCALNET>.68.194':445
- '<LOCALNET>.68.195':445
- '<LOCALNET>.68.196':445
- '<LOCALNET>.68.197':445
- '<LOCALNET>.68.198':445
- '<LOCALNET>.68.199':445
- '<LOCALNET>.68.200':445
- '<LOCALNET>.68.201':445
- '<LOCALNET>.68.191':445
- '<LOCALNET>.68.217':445
- '<LOCALNET>.68.178':445
- '<LOCALNET>.68.155':445
- '<LOCALNET>.68.156':445
- '<LOCALNET>.68.157':445
- '<LOCALNET>.68.158':445
- '<LOCALNET>.68.159':445
- '<LOCALNET>.68.160':445
- '<LOCALNET>.68.161':445
- '<LOCALNET>.68.162':445
- '<LOCALNET>.68.163':445
- '<LOCALNET>.68.164':445
- '<LOCALNET>.68.202':445
- '<LOCALNET>.68.180':445
- '<LOCALNET>.68.167':445
- '<LOCALNET>.68.168':445
- '<LOCALNET>.68.169':445
- '<LOCALNET>.68.170':445
- '<LOCALNET>.68.171':445
- '<LOCALNET>.68.172':445
- '<LOCALNET>.68.173':445
- '<LOCALNET>.68.174':445
- '<LOCALNET>.68.175':445
- '<LOCALNET>.68.176':445
- '<LOCALNET>.68.166':445
- '<LOCALNET>.68.177':445
- '<LOCALNET>.68.203':445
- '<LOCALNET>.68.204':445
- '<LOCALNET>.68.205':445
- '<LOCALNET>.68.243':445
- '<LOCALNET>.68.233':445
- '<LOCALNET>.68.234':445
- '<LOCALNET>.68.235':445
- '<LOCALNET>.68.236':445
- '<LOCALNET>.68.237':445
- '<LOCALNET>.68.238':445
- '<LOCALNET>.68.239':445
- '<LOCALNET>.68.240':445
- '<LOCALNET>.68.241':445
- '<LOCALNET>.68.154':445
- '<LOCALNET>.68.231':445
- '<LOCALNET>.68.244':445
- '<LOCALNET>.68.245':445
- '<LOCALNET>.68.246':445
- '<LOCALNET>.68.247':445
- '<LOCALNET>.68.248':445
- '<LOCALNET>.68.249':445
- '<LOCALNET>.68.250':445
- '<LOCALNET>.68.251':445
- '<LOCALNET>.68.252':445
- '<LOCALNET>.68.253':445
- '<LOCALNET>.68.242':445
- '<LOCALNET>.68.165':445
- '<LOCALNET>.68.230':445
- '<LOCALNET>.68.227':445
- '<LOCALNET>.68.229':445
- '<LOCALNET>.68.206':445
- '<LOCALNET>.68.207':445
- '<LOCALNET>.68.208':445
- '<LOCALNET>.68.209':445
- '<LOCALNET>.68.210':445
- '<LOCALNET>.68.211':445
- '<LOCALNET>.68.212':445
- '<LOCALNET>.68.213':445
- '<LOCALNET>.68.214':445
- '<LOCALNET>.68.228':445
- '<LOCALNET>.68.215':445
- '<LOCALNET>.68.232':445
- '<LOCALNET>.68.218':445
- '<LOCALNET>.68.219':445
- '<LOCALNET>.68.220':445
- '<LOCALNET>.68.221':445
- '<LOCALNET>.68.222':445
- '<LOCALNET>.68.223':445
- '<LOCALNET>.68.224':445
- '<LOCALNET>.68.225':445
- '<LOCALNET>.68.226':445
- '<LOCALNET>.68.216':445
- '<LOCALNET>.68.153':445
- '<LOCALNET>.68.152':445
- '<LOCALNET>.68.151':445
- '<LOCALNET>.68.77':445
- '<LOCALNET>.68.78':445
- '<LOCALNET>.68.79':445
- '<LOCALNET>.68.80':445
- '<LOCALNET>.68.81':445
- '<LOCALNET>.68.82':445
- '<LOCALNET>.68.83':445
- '<LOCALNET>.68.84':445
- '<LOCALNET>.68.85':445
- '<LOCALNET>.68.86':445
- '<LOCALNET>.68.76':445
- '<LOCALNET>.68.87':445
- '<LOCALNET>.68.89':445
- '<LOCALNET>.68.90':445
- '<LOCALNET>.68.91':445
- '<LOCALNET>.68.92':445
- '<LOCALNET>.68.93':445
- '<LOCALNET>.68.94':445
- '<LOCALNET>.68.95':445
- '<LOCALNET>.68.96':445
- '<LOCALNET>.68.97':445
- '<LOCALNET>.68.98':445
- '<LOCALNET>.68.88':445
- '<LOCALNET>.68.62':445
- '<LOCALNET>.68.48':445
- '<LOCALNET>.68.73':445
- '<LOCALNET>.68.50':445
- '<LOCALNET>.68.51':445
- '<LOCALNET>.68.52':445
- '<LOCALNET>.68.53':445
- '<LOCALNET>.68.55':445
- '<LOCALNET>.68.56':445
- '<LOCALNET>.68.57':445
- '<LOCALNET>.68.58':445
- '<LOCALNET>.68.59':445
- '<LOCALNET>.68.60':445
- '<LOCALNET>.68.99':445
- '<LOCALNET>.68.61':445
- '<LOCALNET>.68.63':445
- '<LOCALNET>.68.64':445
- '<LOCALNET>.68.65':445
- '<LOCALNET>.68.66':445
- '<LOCALNET>.68.67':445
- '<LOCALNET>.68.68':445
- '<LOCALNET>.68.69':445
- '<LOCALNET>.68.70':445
- '<LOCALNET>.68.71':445
- '<LOCALNET>.68.72':445
- '<LOCALNET>.68.75':445
- '<LOCALNET>.68.114':445
- '<LOCALNET>.68.100':445
- '<LOCALNET>.68.126':445
- '<LOCALNET>.68.129':445
- '<LOCALNET>.68.130':445
- '<LOCALNET>.68.131':445
- '<LOCALNET>.68.132':445
- '<LOCALNET>.68.133':445
- '<LOCALNET>.68.134':445
- '<LOCALNET>.68.135':445
- '<LOCALNET>.68.136':445
- '<LOCALNET>.68.137':445
- '<LOCALNET>.68.138':445
- '<LOCALNET>.68.128':445
- '<LOCALNET>.68.139':445
- '<LOCALNET>.68.141':445
- '<LOCALNET>.68.142':445
- '<LOCALNET>.68.143':445
- '<LOCALNET>.68.144':445
- '<LOCALNET>.68.145':445
- '<LOCALNET>.68.146':445
- '<LOCALNET>.68.147':445
- '<LOCALNET>.68.148':445
- '<LOCALNET>.68.149':445
- '<LOCALNET>.68.150':445
- '<LOCALNET>.68.140':445
- '<LOCALNET>.68.49':445
- '<LOCALNET>.68.102':445
- '<LOCALNET>.68.125':445
- '<LOCALNET>.68.103':445
- '<LOCALNET>.68.104':445
- '<LOCALNET>.68.105':445
- '<LOCALNET>.68.106':445
- '<LOCALNET>.68.107':445
- '<LOCALNET>.68.108':445
- '<LOCALNET>.68.109':445
- '<LOCALNET>.68.110':445
- '<LOCALNET>.68.111':445
- '<LOCALNET>.68.112':445
- '<LOCALNET>.68.101':445
- '<LOCALNET>.68.113':445
- '<LOCALNET>.68.115':445
- '<LOCALNET>.68.116':445
- '<LOCALNET>.68.117':445
- '<LOCALNET>.68.118':445
- '<LOCALNET>.68.119':445
- '<LOCALNET>.68.120':445
- '<LOCALNET>.68.121':445
- '<LOCALNET>.68.122':445
- '<LOCALNET>.68.123':445
- '<LOCALNET>.68.124':445
- '<LOCALNET>.68.127':445
- '<LOCALNET>.68.81':135
- '<SYSTEM32>\cmd.exe' /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog ...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog ...