Technical Information
- <SYSTEM32>\tasks\svhost
- User Account Control (UAC)
- %HOMEPATH%\desktop\adhd_and_obesity.docx
- %HOMEPATH%\desktop\archer.avi
- %HOMEPATH%\desktop\contosoroot.cer
- %HOMEPATH%\desktop\contosoroot_1.cer
- %HOMEPATH%\desktop\contoso_1.cer
- %HOMEPATH%\desktop\correct.avi
- %HOMEPATH%\desktop\dashborder_192.bmp
- %HOMEPATH%\desktop\february_catalogue__2015.doc
- %HOMEPATH%\desktop\glidescope_review_rev_010.docx
- %HOMEPATH%\desktop\hadac_newsletter_july_2010_final.docx
- %HOMEPATH%\desktop\hanni_umami_chapter.doc
- %HOMEPATH%\desktop\issi2013_template_for_posters.docx
- %HOMEPATH%\desktop\join.avi
- %HOMEPATH%\desktop\sdkfailsafeemulator.cer
- %HOMEPATH%\desktop\sdszfo.docx
- %APPDATA%\svhost.exe
- C:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\recovery_instructions.html
- C:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.fr\recovery_instructions.html
- C:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.es\recovery_instructions.html
- C:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.en\recovery_instructions.html
- C:\msocache\all users\{90140000-001b-0409-1000-0000000ff1ce}-c\recovery_instructions.html
- C:\msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\recovery_instructions.html
- C:\msocache\all users\{90140000-0019-0409-1000-0000000ff1ce}-c\recovery_instructions.html
- C:\msocache\all users\{90140000-0018-0409-1000-0000000ff1ce}-c\recovery_instructions.html
- C:\msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\recovery_instructions.html
- C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\recovery_instructions.html
- C:\far2\pluginsdk\headers.pas\recovery_instructions.html
- C:\far2\pluginsdk\headers.c\recovery_instructions.html
- C:\far2\plugins\tmppanel\recovery_instructions.html
- C:\far2\plugins\proclist\recovery_instructions.html
- C:\far2\plugins\network\recovery_instructions.html
- C:\msocache\all users\{90140000-0043-0409-1000-0000000ff1ce}-c\recovery_instructions.html
- C:\msocache\all users\{90140000-00a1-0409-1000-0000000ff1ce}-c\recovery_instructions.html
- %HOMEPATH%\recovery_instructions.html
- C:\msocache\all users\{90140000-00ba-0409-1000-0000000ff1ce}-c\recovery_instructions.html
- %HOMEPATH%\favorites\windows live\recovery_instructions.html
- %HOMEPATH%\favorites\msn websites\recovery_instructions.html
- %HOMEPATH%\favorites\microsoft websites\recovery_instructions.html
- %HOMEPATH%\favorites\links for united states\recovery_instructions.html
- %HOMEPATH%\favorites\links\recovery_instructions.html
- %HOMEPATH%\desktop\recovery_instructions.html
- %HOMEPATH%\contacts\recovery_instructions.html
- C:\users\default\recovery_instructions.html
- C:\users\default\appdata\roaming\microsoft\windows\sendto\recovery_instructions.html
- C:\totalcmd\language\recovery_instructions.html
- C:\totalcmd\recovery_instructions.html
- C:\recovery\1195d5a8-f371-11e4-9c00-dd3082671db2\recovery_instructions.html
- C:\msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\recovery_instructions.html
- C:\msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\access.en-us\recovery_instructions.html
- C:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\recovery_instructions.html
- C:\far2\plugins\macroview\recovery_instructions.html
- C:\msocache\all users\{90140000-0044-0409-1000-0000000ff1ce}-c\recovery_instructions.html
- C:\far2\plugins\hlfviewer\recovery_instructions.html
- C:\far2\addons\xlat\recovery_instructions.html
- C:\far2\addons\setup\recovery_instructions.html
- z:\xeldz
- z:\bootsect.bak
- z:\recovery_instructions.html
- z:\bootmgr
- C:\far2\addons\macros\recovery_instructions.html
- C:\far2\addons\recovery_instructions.html
- C:\far2\addons\colors\recovery_instructions.html
- C:\far2\addons\colors\default_highlighting\recovery_instructions.html
- C:\far2\addons\colors\custom_highlighting\recovery_instructions.html
- z:\boot\bootstat.dat
- z:\boot\bcd.log2
- z:\boot\recovery_instructions.html
- z:\boot\bcd.log1
- z:\$recycle.bin\s-1-5-21-1960123792-2022915161-3775307078-1001\desktop.ini
- C:\far2\addons\shell\recovery_instructions.html
- C:\far2\addons\xlat\russian\recovery_instructions.html
- C:\far2\plugins\ftp\recovery_instructions.html
- C:\far2\recovery_instructions.html
- C:\far2\plugins\filecase\recovery_instructions.html
- C:\far2\plugins\farcmds\recovery_instructions.html
- C:\far2\plugins\emenu\recovery_instructions.html
- C:\far2\plugins\editcase\recovery_instructions.html
- C:\far2\plugins\drawline\recovery_instructions.html
- C:\far2\plugins\compare\recovery_instructions.html
- C:\far2\plugins\brackets\recovery_instructions.html
- C:\far2\plugins\autowrap\recovery_instructions.html
- C:\far2\plugins\arclite\recovery_instructions.html
- C:\far2\plugins\align\recovery_instructions.html
- C:\far2\fexcept\recovery_instructions.html
- C:\far2\encyclopedia\tap\recovery_instructions.html
- C:\far2\encyclopedia\recovery_instructions.html
- C:\far2\documentation\rus\recovery_instructions.html
- C:\far2\documentation\eng\recovery_instructions.html
- C:\far2\plugins\ftp\lib\recovery_instructions.html
- %HOMEPATH%\searches\recovery_instructions.html
- from z:\boot\bcd.log1 to z:\boot\bcd.log1.stopfiles
- from z:\boot\bcd.log2 to z:\boot\bcd.log2.stopfiles
- from z:\boot\bootstat.dat to z:\boot\bootstat.dat.stopfiles
- from z:\bootmgr to z:\bootmgr.stopfiles
- from z:\bootsect.bak to z:\bootsect.bak.stopfiles
- from z:\xeldz to z:\xeldz.stopfiles
- C:\far2\addons\colors\custom_highlighting\black_from_fonarev.reg
- C:\far2\addons\colors\default_highlighting\vaxcolors.reg
- C:\far2\addons\colors\default_highlighting\rodion_doroshkevich.reg
- C:\far2\addons\colors\default_highlighting\nc5pal2.reg
- C:\far2\addons\colors\default_highlighting\hell.reg
- C:\far2\addons\colors\default_highlighting\greenmile.reg
- C:\far2\addons\colors\default_highlighting\farcolors242.reg
- C:\far2\addons\colors\default_highlighting\dn_like.reg
- C:\far2\addons\colors\default_highlighting\descript.ion
- C:\far2\addons\colors\default_highlighting\colors_from_sadovoj.reg
- C:\far2\addons\colors\default_highlighting\colors_from_gernichenko.reg
- C:\far2\addons\colors\default_highlighting\colors_from_admin_essp_ru.reg
- C:\far2\addons\colors\default_highlighting\black_from_myodov.reg
- C:\far2\addons\colors\default_highlighting\black_from_july.reg
- C:\far2\addons\colors\default_highlighting\black_from_fonarev.reg
- C:\far2\addons\colors\custom_highlighting\vaxcolors.reg
- C:\far2\addons\colors\custom_highlighting\rodion_doroshkevich.reg
- C:\far2\addons\colors\custom_highlighting\nc5pal2.reg
- C:\far2\addons\colors\custom_highlighting\hell.reg
- C:\far2\addons\colors\custom_highlighting\greenmile.reg
- C:\far2\addons\colors\custom_highlighting\farcolors242.reg
- C:\far2\addons\colors\custom_highlighting\dn_like.reg
- C:\far2\addons\colors\custom_highlighting\descript.ion
- C:\far2\addons\colors\custom_highlighting\colors_from_sadovoj.reg
- C:\far2\addons\colors\custom_highlighting\colors_from_gernichenko.reg
- C:\far2\addons\colors\custom_highlighting\colors_from_admin_essp_ru.reg
- C:\far2\addons\colors\custom_highlighting\black_from_myodov.reg
- C:\far2\addons\colors\custom_highlighting\black_from_july.reg
- C:\far2\addons\colors\descript.ion
- C:\far2\addons\descript.ion
- '<LOCALNET>.68.1':445
- '<LOCALNET>.68.1':139
- '%APPDATA%\svhost.exe'
- '%APPDATA%\svhost.exe' ' (with hidden window)
- '%WINDIR%\syswow64\wbem\wmic.exe' SHADOWCOPY /nointeractive
- '<SYSTEM32>\taskeng.exe' {26785A50-CE1E-4860-AC36-B3DA727F92CE} S-1-5-21-1960123792-2022915161-3775307078-1001:udrfyh\user:Interactive:[1]