Trojan.Encoder.24249

Техническая информация

Для обеспечения автозапуска и распространения:

Модифицирует следующие ключи реестра:

[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Encrypter_074' = '%APPDATA%\info.exe'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'userinfo' = '%APPDATA%\recovery.txt'

Создает или изменяет следующие файлы:

%WINDIR%\win.ini
%HOMEPATH%\Start Menu\Programs\Startup\How Recovery Files.txt
%HOMEPATH%\Start Menu\Programs\Startup\Shortcut to startup_local.lnk
%HOMEPATH%\Start Menu\Programs\Startup\desktop.ini
%WINDIR%\Tasks\How Recovery Files.txt
%WINDIR%\Tasks\SA.DAT

Изменяет следующие исполняемые системные файлы:

%WINDIR%\XXInstall\vminstall.exe
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
%WINDIR%\twunk_32.exe
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
%WINDIR%\vmmreg32.dll
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
%WINDIR%\TASKMAN.EXE
%WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
%WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
%WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
%WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
%WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
%WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
%WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
%WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
%WINDIR%\twain_32\wiatwain.ds
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
%WINDIR%\twain_32.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
%WINDIR%\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
%WINDIR%\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll
%WINDIR%\XXInstall\devcon.exe
%WINDIR%\XXInstall\events.exe
%WINDIR%\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
%WINDIR%\XXInstall\exdir.exe
%WINDIR%\XXInstall\hashdeep.exe
%WINDIR%\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll
%WINDIR%\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcirt.dll
%WINDIR%\XXInstall\ps.exe
%WINDIR%\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0\rtcres.dll
%WINDIR%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
%WINDIR%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
%WINDIR%\winhlp32.exe
%WINDIR%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
%WINDIR%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
%WINDIR%\XXInstall\screen.exe
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
%WINDIR%\XXInstall\Scripts\antivm.exe
%WINDIR%\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
%WINDIR%\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll
%WINDIR%\XXInstall\cmdow.exe
%WINDIR%\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll

Заражает следующие исполняемые файлы:

<STUBS_DIR>\test.exe
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.Design.dll
C:\Far2\Plugins\FTP\lib\ftpDirList.fll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll
<ANALYSETOOLS_DIR>\XueTr_Cmd\XueTr.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.ComponentModel.DataAnnotations.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.dll
%WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll
<ANALYSETOOLS_DIR>\XueTr_Cmd\XueTrCmd.exe
%WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.Contract.dll
<ANALYSETOOLS_DIR>\XueTr_Cmd\PCHunter64.exe
%WINDIR%\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Utilities.v3.5.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Framework.dll
<ANALYSE_DIR>\muldrop.sys
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll
<ANALYSE_DIR>\dwshield.sys
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
<ANALYSE_DIR>\muldrop_dbg.sys
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.Design.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.dll
%WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.Design.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Abstractions.dll
%WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll
<ANALYSETOOLS_DIR>\XueTr_Cmd\XueTrSDK.sys
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Net.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Management.Instrumentation.dll
C:\Far2\Plugins\FileCase\FileCase.dll
C:\Far2\Plugins\FarCmds\FARCmds.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.DirectoryServices.AccountManagement.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll
%WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Design.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Client.dll
<ANALYSETOOLS_DIR>\XueTr_Cmd\XueTrCmdOrig.exe
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\WindowsFormsIntegration.dll
C:\Far2\Plugins\FTP\FarFtp.dll
C:\Far2\Plugins\FTP\lib\ftpProgress.fll
%ProgramFiles%\Windows Media Player\setup_wm.exe
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationTypes.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Classic.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Aero.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll
C:\Far2\Plugins\Colorer\bin\colorer.dll
C:\Far2\Plugins\Brackets\Brackets.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll
<ANALYSETOOLS_DIR>\STracer\SimplyTracer.exe
%ProgramFiles%\Outlook Express\wabmig.exe
%ProgramFiles%\Outlook Express\wabimp.dll
%ProgramFiles%\Outlook Express\wabfind.dll
%ProgramFiles%\Outlook Express\wab.exe
%ProgramFiles%\Outlook Express\setup50.exe
%ProgramFiles%\Outlook Express\oemiglib.dll
%ProgramFiles%\Outlook Express\oemig50.exe
<ANALYSETOOLS_DIR>\STracer\ollyext.dll
%ProgramFiles%\Outlook Express\oeimport.dll
%ProgramFiles%\Outlook Express\msoeres.dll
%ProgramFiles%\Outlook Express\msoe.dll
%ProgramFiles%\Outlook Express\msimn.exe
%ProgramFiles%\NetMeeting\wb32.exe
%ProgramFiles%\NetMeeting\rrcm.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.Design.dll
%WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClientsideProviders.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClient.dll
C:\Far2\Plugins\ExtSearch\esearch.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll
C:\Far2\Plugins\EditCase\EditCase.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll
<ANALYSER.EXE>.3
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll
<ANALYSER.EXE>.2
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll
<ANALYSER.EXE>.1
C:\Far2\Plugins\EMenu\EMenu.dll
C:\Far2\Plugins\DrawLine\DrawLine.dll
<ANALYSETOOLS_DIR>\XueTr_Cmd\PCHunter32.exe
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\System.IO.Log.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.Selectors.dll
C:\Far2\Plugins\Compare\Compare.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Royale.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationProvider.dll
<ANALYSE_DIR>\_kdump.sys_
%WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
%WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
C:\Far2\FExcept\FExcept.dll
C:\Far2\FExcept\ExcDump.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
C:\Far2\FExcept\demangle32.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
%WINDIR%\XXInstall\Scripts\antivm.exe
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
%WINDIR%\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
%ProgramFiles%\Windows NT\Pinball\PINBALL.EXE
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
C:\Far2\Plugins\TmpPanel\TmpPanel.dll
C:\Far2\Far.exe
%ProgramFiles%\Windows NT\hypertrm.exe
%WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
C:\Far2\Plugins\WinSCP\WinSCP.dll
%ProgramFiles%\MSN\MSNCoreFiles\Install\msnsusii.exe
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
%WINDIR%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
%WINDIR%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
%WINDIR%\winhlp32.exe
%WINDIR%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
%WINDIR%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
%WINDIR%\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0\rtcres.dll
%WINDIR%\XXInstall\screen.exe
%WINDIR%\XXInstall\ps.exe
%WINDIR%\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll
%WINDIR%\XXInstall\vminstall.exe
%WINDIR%\XXInstall\hashdeep.exe
%WINDIR%\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
%WINDIR%\XXInstall\events.exe
%WINDIR%\XXInstall\devcon.exe
%WINDIR%\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcirt.dll
%WINDIR%\XXInstall\cmdow.exe
%WINDIR%\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
%WINDIR%\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
%WINDIR%\XXInstall\exdir.exe
%WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Luna.dll
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
%WINDIR%\twain_32.dll
%ProgramFiles%\Windows Media Player\npdsplay.dll
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
%WINDIR%\twain_32\wiatwain.ds
%ProgramFiles%\Windows Media Player\npdrmv2.dll
%ProgramFiles%\Windows Media Player\mpvis.dll
C:\Far2\Plugins\Network\Network.dll
%ProgramFiles%\Windows Media Player\mplayer2.exe
C:\Far2\Plugins\MacroView\MacroView.dll
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
%ProgramFiles%\Windows Media Player\migrate.exe
%ProgramFiles%\Windows Media Player\custsat.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.WorkflowServices.dll
%WINDIR%\TASKMAN.EXE
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Windows.Presentation.dll
C:\Far2\Plugins\HlfViewer\HlfViewer.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Routing.dll
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll
%ProgramFiles%\Windows NT\htrn_jis.dll
%ProgramFiles%\Windows Media Player\npwmsdrm.dll
%ProgramFiles%\Windows NT\dialer.exe
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
%WINDIR%\vmmreg32.dll
%ProgramFiles%\Windows NT\Accessories\write.wpc
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
%ProgramFiles%\Windows NT\Accessories\wordpad.exe
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
%ProgramFiles%\Windows NT\Accessories\mswrd8.wpc
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
%ProgramFiles%\Windows NT\Accessories\mswrd6.wpc
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
%ProgramFiles%\Windows Media Player\wmpns.dll
%ProgramFiles%\Windows Media Player\wmplayer.exe
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
%ProgramFiles%\Windows Media Player\wmpband.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
%WINDIR%\twunk_32.exe
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
C:\Far2\Plugins\ProcList\Proclist.dll
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
%ProgramFiles%\NetMeeting\nmwb.dll

Вредоносные функции:

Для затруднения выявления своего присутствия в системе

удаляет теневые копии разделов.

Изменения в файловой системе:

Создает следующие файлы:

%TEMP%\M15XoD
%HOMEPATH%\My Documents\How Recovery Files.txt
<ANALYSE_DIR>\PET-DUMP\0B4C_pet_cmd.exe
<ANALYSETOOLS_DIR>\XueTr_Cmd\How Recovery Files.txt
<ANALYSE_DIR>\PET-DUMP\How Recovery Files.txt
C:\Far2\Addons\SetUp\How Recovery Files.txt
%HOMEPATH%\My Documents\My Music\How Recovery Files.txt
C:\Far2\Plugins\FileCase\How Recovery Files.txt
%HOMEPATH%\My Documents\My Pictures\How Recovery Files.txt
%HOMEPATH%\Favorites\How Recovery Files.txt
C:\Far2\Plugins\FarCmds\How Recovery Files.txt
%HOMEPATH%\How Recovery Files.txt
<ANALYSE_DIR>\How Recovery Files.txt
C:\Far2\Addons\XLat\How Recovery Files.txt
%WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\How Recovery Files.txt
%WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\How Recovery Files.txt
C:\Far2\Plugins\FTP\lib\How Recovery Files.txt
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\How Recovery Files.txt
%WINDIR%\Temp\How Recovery Files.txt
C:\Far2\Addons\Shell\How Recovery Files.txt
%HOMEPATH%\Local Settings\<INETFILES>\How Recovery Files.txt
<ANALYSE_DIR>\PET-DUMP\0B44_pet_vssadmin.exe
%HOMEPATH%\Favorites\Links\How Recovery Files.txt
<LS_APPDATA>\Microsoft\Windows Media\9.0\How Recovery Files.txt
<LS_APPDATA>\VMware\How Recovery Files.txt
%WINDIR%\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\How Recovery Files.txt
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\How Recovery Files.txt
%HOMEPATH%\Local Settings\History\History.IE5\MSHist012011111020111111\How Recovery Files.txt
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\How Recovery Files.txt
%HOMEPATH%\Local Settings\How Recovery Files.txt
%TEMP%\How Recovery Files.txt
<APATH_DUMPS_DIR>\How Recovery Files.txt
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\How Recovery Files.txt
C:\Far2\Plugins\ExtSearch\sources\How Recovery Files.txt
%WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\How Recovery Files.txt
%APPDATA%\Mozilla\Firefox\How Recovery Files.txt
%APPDATA%\How Recovery Files.txt
%HOMEPATH%\Cookies\How Recovery Files.txt
C:\Far2\Plugins\ExtSearch\sources\RegExp\How Recovery Files.txt
<ANALYSE_DIR>\PET-DUMP\0B14_pet_<Имя файла>.exe
C:\Far2\Addons\Macros\How Recovery Files.txt
C:\Far2\Addons\How Recovery Files.txt
C:\Far2\Addons\XLat\Russian\How Recovery Files.txt
%HOMEPATH%\Local Settings\History\History.IE5\How Recovery Files.txt
%HOMEPATH%\Recent\How Recovery Files.txt
C:\Far2\Plugins\HlfViewer\How Recovery Files.txt
%HOMEPATH%\Start Menu\Programs\How Recovery Files.txt
C:\Far2\FExcept\How Recovery Files.txt
C:\Far2\PluginSDK\Headers.pas\How Recovery Files.txt
C:\Far2\Plugins\WinSCP\How Recovery Files.txt
C:\Far2\How Recovery Files.txt
%HOMEPATH%\Templates\How Recovery Files.txt
C:\Muldrop\88744D2A29102FC88ECF505DD2E984FC.npg_0
C:\Muldrop\88744D2A29102FC88ECF505DD2E984FC.npg_1
%WINDIR%\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\How Recovery Files.txt
C:\Muldrop\dmp_0x14c_0x10000
C:\Muldrop\dmp_0x14c_0x30000
C:\Muldrop\dmp_0x198_0x10000
C:\Muldrop\dmp_0x198_0x20000
C:\Muldrop\dmp_0x198_0x30000
C:\Muldrop\dmp_0x1a4_0x10000
C:\Muldrop\dmp_0x1a4_0x20000
C:\Muldrop\dmp_0x1a4_0x30000
C:\Muldrop\dmp_0x1a8_0x10000
C:\Muldrop\dmp_0x14c_0x20000
C:\Far2\PluginSDK\Headers.c\How Recovery Files.txt
%WINDIR%\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\How Recovery Files.txt
C:\Far2\Plugins\TmpPanel\How Recovery Files.txt
C:\Far2\Plugins\FTP\How Recovery Files.txt
C:\Far2\Plugins\Network\How Recovery Files.txt
%WINDIR%\twain_32\How Recovery Files.txt
%HOMEPATH%\SendTo\How Recovery Files.txt
C:\Far2\Documentation\eng\How Recovery Files.txt
%ProgramFiles%\Windows Media Player\Skins\How Recovery Files.txt
%HOMEPATH%\Start Menu\Programs\Accessories\Accessibility\How Recovery Files.txt
%HOMEPATH%\Start Menu\How Recovery Files.txt
C:\Far2\Plugins\ProcList\How Recovery Files.txt
%ProgramFiles%\Windows Media Player\How Recovery Files.txt
%HOMEPATH%\Start Menu\Programs\Accessories\Entertainment\How Recovery Files.txt
%ProgramFiles%\Windows NT\Accessories\How Recovery Files.txt
C:\Far2\Documentation\rus\How Recovery Files.txt
C:\Far2\Encyclopedia\How Recovery Files.txt
%ProgramFiles%\Windows NT\How Recovery Files.txt
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\How Recovery Files.txt
%HOMEPATH%\Start Menu\Programs\Accessories\How Recovery Files.txt
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\How Recovery Files.txt
%WINDIR%\Web\printers\images\How Recovery Files.txt
C:\Far2\Plugins\MacroView\How Recovery Files.txt
<LS_APPDATA>\Mozilla\Firefox\Profiles\cwdgt0y8.default\How Recovery Files.txt
%WINDIR%\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\How Recovery Files.txt
<LS_APPDATA>\Microsoft\Media Player\How Recovery Files.txt
C:\Documents and Settings\NetworkService\Local Settings\How Recovery Files.txt
C:\Far2\Addons\Colors\Default Highlighting\How Recovery Files.txt
C:\Far2\Plugins\Colorer\bin\How Recovery Files.txt
C:\Far2\Plugins\Brackets\How Recovery Files.txt
C:\Far2\Plugins\Colorer\hrc\auto\How Recovery Files.txt
<ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x00630000.alloc
C:\Documents and Settings\NetworkService\Local Settings\History\How Recovery Files.txt
C:\Documents and Settings\NetworkService\Local Settings\<INETFILES>\Content.IE5\2VAZY7AN\How Recovery Files.txt
C:\Far2\Plugins\Colorer\hrc\auto\types\How Recovery Files.txt
<ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x00520000.alloc
C:\Documents and Settings\NetworkService\Local Settings\<INETFILES>\Content.IE5\How Recovery Files.txt
<ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x00930000.alloc
%WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_x-ww_caeee150\How Recovery Files.txt
C:\Documents and Settings\NetworkService\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\How Recovery Files.txt
C:\Far2\Plugins\Colorer\hrc\How Recovery Files.txt
<ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x00990000.alloc
C:\Documents and Settings\NetworkService\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\How Recovery Files.txt
C:\Documents and Settings\NetworkService\Local Settings\<INETFILES>\Content.IE5\YPORKZYZ\How Recovery Files.txt
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\How Recovery Files.txt
%ProgramFiles%\MSN\MSNCoreFiles\Install\How Recovery Files.txt
%WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\How Recovery Files.txt
%ProgramFiles%\NetMeeting\How Recovery Files.txt
C:\Documents and Settings\LocalService\Local Settings\<INETFILES>\Content.IE5\CJCTQ25G\How Recovery Files.txt
<ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x00330000.alloc
%ProgramFiles%\Online Services\How Recovery Files.txt
C:\Far2\Plugins\AutoWrap\How Recovery Files.txt
<ANALYSETOOLS_DIR>\THP\How Recovery Files.txt
<ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x00380000.alloc
C:\Documents and Settings\LocalService\Local Settings\<INETFILES>\Content.IE5\LBMMC3H3\How Recovery Files.txt
C:\Documents and Settings\LocalService\Local Settings\<INETFILES>\Content.IE5\How Recovery Files.txt
<ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x00390000.alloc
C:\Documents and Settings\LocalService\Local Settings\<INETFILES>\Content.IE5\MOE00UY1\How Recovery Files.txt
<ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x003A0000.alloc
C:\Documents and Settings\LocalService\Local Settings\<INETFILES>\How Recovery Files.txt
%ProgramFiles%\Outlook Express\How Recovery Files.txt
<ANALYSETOOLS_DIR>\THP\www\How Recovery Files.txt
<ANALYSETOOLS_DIR>\STracer\How Recovery Files.txt
<ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x003B0000.alloc
C:\Documents and Settings\LocalService\How Recovery Files.txt
<ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x00450000.alloc
C:\Far2\Plugins\Colorer\hrd\How Recovery Files.txt
C:\Far2\Addons\Colors\How Recovery Files.txt
C:\Far2\Plugins\Colorer\hrd\console\contrib\How Recovery Files.txt
<ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x00A80000.alloc
<ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x00B60000.alloc
C:\Far2\Plugins\ExtSearch\How Recovery Files.txt
%WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_x-ww_b8438ace\How Recovery Files.txt
C:\Far2\Plugins\EMenu\How Recovery Files.txt
C:\Far2\Plugins\EditCase\How Recovery Files.txt
C:\Far2\Plugins\ExtSearch\doc\How Recovery Files.txt
<LS_APPDATA>\Mozilla\Firefox\Profiles\cwdgt0y8.default\Cache\How Recovery Files.txt
<LS_APPDATA>\Mozilla\Firefox\Profiles\cwdgt0y8.default\startupCache\How Recovery Files.txt
<ANALYSE_DIR>\DWS-DUMP\0B14_dws_<Имя файла>.exe
%WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_x-ww_4ee8bb30\How Recovery Files.txt
<ANALYSE_DIR>\DWS-DUMP\0B44_dws_vssadmin.exe
%WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75\How Recovery Files.txt
<ANALYSE_DIR>\DWS-DUMP\0B4C_dws_cmd.exe
<LS_APPDATA>\How Recovery Files.txt
<ANALYSE_DIR>\DWS-DUMP\How Recovery Files.txt
C:\Far2\Plugins\ExtSearch\keys\How Recovery Files.txt
%HOMEPATH%\Local Settings\History\How Recovery Files.txt
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\How Recovery Files.txt
<LS_APPDATA>\Identities\{5518F2FB-DB74-45A3-BEC1-4575D8D9DC84}\Microsoft\Outlook Express\How Recovery Files.txt
%WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_x-ww_6ad67377\How Recovery Files.txt
%WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\How Recovery Files.txt
C:\Far2\Plugins\DrawLine\How Recovery Files.txt
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\bookmarkbackups\How Recovery Files.txt
<ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x7FFE0000.alloc
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\chrome\How Recovery Files.txt
C:\Documents and Settings\NetworkService\Local Settings\<INETFILES>\How Recovery Files.txt
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\How Recovery Files.txt
%WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_x-ww_0f75c32e\How Recovery Files.txt
%WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_x-ww_7d81c9f9\How Recovery Files.txt
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\How Recovery Files.txt
%WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_x-ww_9e7eb501\How Recovery Files.txt
C:\Documents and Settings\NetworkService\How Recovery Files.txt
C:\Far2\Plugins\Colorer\hrd\console\How Recovery Files.txt
<ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x7F6F0000.alloc
%APPDATA%\Microsoft\Address Book\How Recovery Files.txt
C:\Far2\Plugins\Compare\How Recovery Files.txt
C:\Far2\Plugins\Colorer\How Recovery Files.txt
%APPDATA%\Microsoft\Internet Explorer\How Recovery Files.txt
<ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x7FFB0000.alloc
<ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x7FFD5000.alloc
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\How Recovery Files.txt
<ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x7FFDF000.alloc
%APPDATA%\Microsoft\Media Player\How Recovery Files.txt
<ANALYSE_DIR>\ALLOC\How Recovery Files.txt
<ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x00510000.alloc
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\How Recovery Files.txt
<STUBS_DIR>\ashAvSrv\How Recovery Files.txt
<STUBS_DIR>\magent\How Recovery Files.txt
<STUBS_DIR>\lotroclient\How Recovery Files.txt
%WINDIR%\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\How Recovery Files.txt
<STUBS_DIR>\MCAGENT\How Recovery Files.txt
<STUBS_DIR>\Mir3Game\How Recovery Files.txt
<STUBS_DIR>\msn6\How Recovery Files.txt
<STUBS_DIR>\mpftray\How Recovery Files.txt
<STUBS_DIR>\miranda32\How Recovery Files.txt
%WINDIR%\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\How Recovery Files.txt
<STUBS_DIR>\msnmsgr\How Recovery Files.txt
<STUBS_DIR>\NAVAPW32\How Recovery Files.txt
<STUBS_DIR>\netxray\How Recovery Files.txt
<STUBS_DIR>\nod\How Recovery Files.txt
<STUBS_DIR>\nod32\How Recovery Files.txt
%WINDIR%\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0\How Recovery Files.txt
<STUBS_DIR>\opera\How Recovery Files.txt
<STUBS_DIR>\pidgin\How Recovery Files.txt
<STUBS_DIR>\outpost\How Recovery Files.txt
%WINDIR%\XXInstall\Scripts\How Recovery Files.txt
%WINDIR%\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\How Recovery Files.txt
<STUBS_DIR>\maplestory\How Recovery Files.txt
<STUBS_DIR>\loadmain\How Recovery Files.txt
<STUBS_DIR>\GVOnline\How Recovery Files.txt
<STUBS_DIR>\gw\How Recovery Files.txt
C:\Muldrop\unq4.unq_0
<STUBS_DIR>\httplook\How Recovery Files.txt
<STUBS_DIR>\ICQ\How Recovery Files.txt
<STUBS_DIR>\iexplore\How Recovery Files.txt
<STUBS_DIR>\inbank-start-ff\How Recovery Files.txt
%ProgramFiles%\Windows NT\Pinball\How Recovery Files.txt
C:\Muldrop\How Recovery Files.txt
<STUBS_DIR>\InphaseNXD\How Recovery Files.txt
C:\RECYCLER\S-1-5-21-2052111302-484763869-725345543-1003\How Recovery Files.txt
<STUBS_DIR>\intpro\How Recovery Files.txt
<STUBS_DIR>\iscc\How Recovery Files.txt
<STUBS_DIR>\java\How Recovery Files.txt
<STUBS_DIR>\ISClient\How Recovery Files.txt
<STUBS_DIR>\javaw\How Recovery Files.txt
<STUBS_DIR>\lin\How Recovery Files.txt
<STUBS_DIR>\kb_cli\How Recovery Files.txt
<STUBS_DIR>\l2\How Recovery Files.txt
<STUBS_DIR>\oncbcli\How Recovery Files.txt
%WINDIR%\Web\How Recovery Files.txt
<STUBS_DIR>\ntvdm\How Recovery Files.txt
<STUBS_DIR>\putty\How Recovery Files.txt
%WINDIR%\XXInstall\How Recovery Files.txt
<STUBS_DIR>\winbaram\How Recovery Files.txt
<STUBS_DIR>\zlclient\How Recovery Files.txt
<STUBS_DIR>\wow\How Recovery Files.txt
<STUBS_DIR>\wsm\How Recovery Files.txt
<STUBS_DIR>\YahooMessenger\How Recovery Files.txt
<STUBS_DIR>\ybclient\How Recovery Files.txt
<STUBS_DIR>\zapro\How Recovery Files.txt
<STUBS_DIR>\ZZ__cd75efb816b2cc__\How Recovery Files.txt
<STUBS_DIR>\ZONEALARM\How Recovery Files.txt
%WINDIR%\How Recovery Files.txt
C:\How Recovery Files.txt
%APPDATA%\recovery.txt
%TEMP%\tmp6.tmp
%APPDATA%\info.exe
%TEMP%\tmp5.tmp
%TEMP%\tmp4.tmp
%TEMP%\tmp3.tmp
<STUBS_DIR>\__cd75efb816b2cc__\How Recovery Files.txt
<STUBS_DIR>\webmoney\How Recovery Files.txt
<STUBS_DIR>\woool\How Recovery Files.txt
<STUBS_DIR>\TwelveSky2\How Recovery Files.txt
%WINDIR%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\How Recovery Files.txt
<STUBS_DIR>\Ragexe\How Recovery Files.txt
<STUBS_DIR>\rclient\How Recovery Files.txt
%WINDIR%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\How Recovery Files.txt
<STUBS_DIR>\RagFree\How Recovery Files.txt
<STUBS_DIR>\safari\How Recovery Files.txt
<STUBS_DIR>\skype\How Recovery Files.txt
<STUBS_DIR>\sgbclient\How Recovery Files.txt
<STUBS_DIR>\smc\How Recovery Files.txt
<STUBS_DIR>\so3d\How Recovery Files.txt
<STUBS_DIR>\sro_client\How Recovery Files.txt
<STUBS_DIR>\startclient7\How Recovery Files.txt
<STUBS_DIR>\spidernt\How Recovery Files.txt
<STUBS_DIR>\translink\How Recovery Files.txt
<STUBS_DIR>\tiny\How Recovery Files.txt
<STUBS_DIR>\How Recovery Files.txt
<STUBS_DIR>\trillian\How Recovery Files.txt
<STUBS_DIR>\wclnt\How Recovery Files.txt
<STUBS_DIR>\UniStream\How Recovery Files.txt
<STUBS_DIR>\qip\How Recovery Files.txt
%WINDIR%\Web\Wallpaper\How Recovery Files.txt
%WINDIR%\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\How Recovery Files.txt
<STUBS_DIR>\GUARD\How Recovery Files.txt
<STUBS_DIR>\AVGCTRL\How Recovery Files.txt
<STUBS_DIR>\AVP32\How Recovery Files.txt
<STUBS_DIR>\AVP\How Recovery Files.txt
C:\Muldrop\dmp_0xd8_0x10000
<STUBS_DIR>\AVPM\How Recovery Files.txt
<STUBS_DIR>\AVPCC\How Recovery Files.txt
C:\Muldrop\dmp_0xd8_0x20000
<STUBS_DIR>\bankcl\How Recovery Files.txt
<STUBS_DIR>\AVGCC32\How Recovery Files.txt
C:\Muldrop\dmp_0x88_0x30000
%WINDIR%\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\How Recovery Files.txt
<STUBS_DIR>\bdagent\How Recovery Files.txt
<STUBS_DIR>\bclient\How Recovery Files.txt
C:\Muldrop\jogp.fyf_0
<STUBS_DIR>\bc_loader\How Recovery Files.txt
<STUBS_DIR>\bdsubmit\How Recovery Files.txt
<STUBS_DIR>\bdss\How Recovery Files.txt
<STUBS_DIR>\bk\How Recovery Files.txt
<STUBS_DIR>\AVSYNMGR\How Recovery Files.txt
C:\Muldrop\dmp_0x1a8_0x30000
C:\Muldrop\dmp_0x88_0x20000
%WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\How Recovery Files.txt
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\How Recovery Files.txt
C:\Muldrop\dmp_0x1b8_0x10000
C:\Muldrop\dmp_0x1b8_0x20000
C:\Muldrop\dmp_0x1b8_0x30000
C:\Muldrop\dmp_0x1bc_0x10000
C:\Muldrop\dmp_0x1bc_0x20000
C:\Muldrop\dmp_0x1bc_0x30000
C:\Muldrop\dmp_0x1c0_0x10000
C:\Muldrop\dmp_0x1c0_0x20000
<STUBS_DIR>\360tray\How Recovery Files.txt
C:\Muldrop\dmp_0x1c0_0x30000
<STUBS_DIR>\aion\How Recovery Files.txt
<STUBS_DIR>\ageofconan\How Recovery Files.txt
C:\Muldrop\dmp_0x88_0x10000
<STUBS_DIR>\ash\How Recovery Files.txt
%WINDIR%\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\How Recovery Files.txt
<STUBS_DIR>\ashAvast\How Recovery Files.txt
<STUBS_DIR>\avgcc\How Recovery Files.txt
<STUBS_DIR>\cbank\How Recovery Files.txt
<STUBS_DIR>\BBClient\How Recovery Files.txt
<STUBS_DIR>\cabalmain\How Recovery Files.txt
<STUBS_DIR>\cbmain\How Recovery Files.txt
<STUBS_DIR>\chrome\How Recovery Files.txt
%WINDIR%\Web\printers\How Recovery Files.txt
<STUBS_DIR>\egni\How Recovery Files.txt
<STUBS_DIR>\ekrn\How Recovery Files.txt
C:\Muldrop\npgdpnq.mph_5
<STUBS_DIR>\elbank\How Recovery Files.txt
<STUBS_DIR>\elementclient\How Recovery Files.txt
<STUBS_DIR>\el_cli\How Recovery Files.txt
<STUBS_DIR>\firefox\How Recovery Files.txt
<STUBS_DIR>\fsav\How Recovery Files.txt
C:\Muldrop\Sztufn.emm_0
<STUBS_DIR>\ecmd\How Recovery Files.txt
<STUBS_DIR>\fsav32\How Recovery Files.txt
<STUBS_DIR>\fsavaui\How Recovery Files.txt
<STUBS_DIR>\fsavgui\How Recovery Files.txt
<STUBS_DIR>\gc\How Recovery Files.txt
<STUBS_DIR>\ge\How Recovery Files.txt
<STUBS_DIR>\googletalk\How Recovery Files.txt
%WINDIR%\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\How Recovery Files.txt
C:\Muldrop\unq3.unq_0
C:\Muldrop\dmp_0x1a8_0x20000
<STUBS_DIR>\Drwebwcl\How Recovery Files.txt
C:\Muldrop\npgdpnq.mph_3
<STUBS_DIR>\drweb386\How Recovery Files.txt
C:\Muldrop\npgdpnq.mph_4
<STUBS_DIR>\cbsmain\How Recovery Files.txt
<STUBS_DIR>\ccapp\How Recovery Files.txt
<STUBS_DIR>\clbank\How Recovery Files.txt
<STUBS_DIR>\ClamWin\How Recovery Files.txt
C:\Muldrop\M15XpD_0
<STUBS_DIR>\clmain\How Recovery Files.txt
%WINDIR%\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\How Recovery Files.txt
<STUBS_DIR>\client7\How Recovery Files.txt
<STUBS_DIR>\clntw32\How Recovery Files.txt
<STUBS_DIR>\contactNG\How Recovery Files.txt
<STUBS_DIR>\dekaron\How Recovery Files.txt
C:\Muldrop\npgdpnq.mph_0
<STUBS_DIR>\dnf\How Recovery Files.txt
<STUBS_DIR>\drweb\How Recovery Files.txt
%WINDIR%\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\How Recovery Files.txt
C:\Muldrop\npgdpnq.mph_1
<STUBS_DIR>\Drweb32w\How Recovery Files.txt
C:\Muldrop\npgdpnq.mph_2
<STUBS_DIR>\Drwebupw\How Recovery Files.txt
%ProgramFiles%\MSN\MSNCoreFiles\OOBE\How Recovery Files.txt

Удаляет следующие файлы:

%TEMP%\tmp3.tmp
%TEMP%\tmp4.tmp

Перемещает следующие системные файлы:

%WINDIR%\_default.pif в %WINDIR%\_default.pif.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll в %WINDIR%\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll в %WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll.rapid
%WINDIR%\Web\bullet.gif в %WINDIR%\Web\bullet.gif.rapid
%WINDIR%\Web\printers\images\ipp_0012.gif в %WINDIR%\Web\printers\images\ipp_0012.gif.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll в %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll в %WINDIR%\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll.rapid
%WINDIR%\vmmreg32.dll в %WINDIR%\vmmreg32.dll.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll в %WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll в %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll.rapid
%WINDIR%\Web\printers\images\ipp_0005.gif в %WINDIR%\Web\printers\images\ipp_0005.gif.rapid
%WINDIR%\twunk_32.exe в %WINDIR%\twunk_32.exe.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll в %WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll.rapid
%WINDIR%\Web\printers\images\ipp_0004.gif в %WINDIR%\Web\printers\images\ipp_0004.gif.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll в %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll.rapid
%WINDIR%\vb.ini в %WINDIR%\vb.ini.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll в %WINDIR%\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll в %WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll.rapid
%WINDIR%\updspapi.log в %WINDIR%\updspapi.log.rapid
%WINDIR%\Web\printers\images\ipp_0003.gif в %WINDIR%\Web\printers\images\ipp_0003.gif.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll в %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll в %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll.rapid
%WINDIR%\vbaddin.ini в %WINDIR%\vbaddin.ini.rapid
%WINDIR%\Web\deskmovr.htt в %WINDIR%\Web\deskmovr.htt.rapid
%WINDIR%\XXInstall\Scripts\apply_theme.vbs в %WINDIR%\XXInstall\Scripts\apply_theme.vbs.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll в %WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll.rapid
%WINDIR%\Web\printers\ipp_0004.asp в %WINDIR%\Web\printers\ipp_0004.asp.rapid
%WINDIR%\XXInstall\Scripts\bcode-start.vbs в %WINDIR%\XXInstall\Scripts\bcode-start.vbs.rapid
%WINDIR%\Web\printers\ipp_0003.asp в %WINDIR%\Web\printers\ipp_0003.asp.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll в %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll в %WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll в %WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll.rapid
%WINDIR%\XXInstall\Scripts\bcode-start-stop.vbs в %WINDIR%\XXInstall\Scripts\bcode-start-stop.vbs.rapid
%WINDIR%\Web\printers\ipp_0002.asp в %WINDIR%\Web\printers\ipp_0002.asp.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll в %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll.rapid
%WINDIR%\Web\printers\images\ipp_0015.gif в %WINDIR%\Web\printers\images\ipp_0015.gif.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll в %WINDIR%\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll.rapid
%WINDIR%\Web\printers\ipp_0001.asp в %WINDIR%\Web\printers\ipp_0001.asp.rapid
%WINDIR%\XXInstall\Scripts\antivm.exe в %WINDIR%\XXInstall\Scripts\antivm.exe.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll в %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll.rapid
%WINDIR%\Web\printers\ipp_0000.inc в %WINDIR%\Web\printers\ipp_0000.inc.rapid
%WINDIR%\XXInstall\Scripts\antivm.bat в %WINDIR%\XXInstall\Scripts\antivm.bat.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll в %WINDIR%\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll в %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll.rapid
%WINDIR%\Web\exclam.gif в %WINDIR%\Web\exclam.gif.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll в %WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll в %WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll.rapid
%WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.42.cat в %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.42.cat.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll в %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll.rapid
%WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_x-ww_6ad67377\9.0.30729.4148.cat в %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_x-ww_6ad67377\9.0.30729.4148.cat.rapid
%WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_x-ww_4ee8bb30\9.0.30729.4148.policy в %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_x-ww_4ee8bb30\9.0.30729.4148.policy.rapid
%WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_x-ww_4ee8bb30\9.0.30729.4148.cat в %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_x-ww_4ee8bb30\9.0.30729.4148.cat.rapid
%WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_x-ww_b8438ace\9.0.30729.4148.policy в %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_x-ww_b8438ace\9.0.30729.4148.policy.rapid
%WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_x-ww_b8438ace\9.0.30729.4148.cat в %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_x-ww_b8438ace\9.0.30729.4148.cat.rapid
%WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75\9.0.30729.4148.policy в %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75\9.0.30729.4148.policy.rapid
%WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75\9.0.30729.4148.cat в %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75\9.0.30729.4148.cat.rapid
%WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75\9.0.21022.8.policy в %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75\9.0.21022.8.policy.rapid
%WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75\9.0.21022.8.cat в %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75\9.0.21022.8.cat.rapid
%WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_x-ww_7d81c9f9\8.0.50727.762.policy в %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_x-ww_7d81c9f9\8.0.50727.762.policy.rapid
%WINDIR%\Web\printers\images\ipp_0002.gif в %WINDIR%\Web\printers\images\ipp_0002.gif.rapid
%WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_x-ww_9e7eb501\9.0.30729.4148.policy в %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_x-ww_9e7eb501\9.0.30729.4148.policy.rapid
%WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_x-ww_0f75c32e\8.0.50727.762.cat в %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_x-ww_0f75c32e\8.0.50727.762.cat.rapid
%WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_x-ww_7d81c9f9\8.0.50727.762.cat в %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_x-ww_7d81c9f9\8.0.50727.762.cat.rapid
%WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_x-ww_9e7eb501\9.0.30729.4148.cat в %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_x-ww_9e7eb501\9.0.30729.4148.cat.rapid
%WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_x-ww_caeee150\8.0.50727.762.policy в %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_x-ww_caeee150\8.0.50727.762.policy.rapid
%WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_x-ww_caeee150\8.0.50727.762.cat в %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_x-ww_caeee150\8.0.50727.762.cat.rapid
%WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.762.policy в %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.762.policy.rapid
%WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.762.cat в %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.762.cat.rapid
%WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.42.policy в %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.42.policy.rapid
%WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_x-ww_6ad67377\9.0.30729.4148.policy в %WINDIR%\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_x-ww_6ad67377\9.0.30729.4148.policy.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll в %WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll в %WINDIR%\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll.rapid
%WINDIR%\Temp\Perflib_Perfdata_7e8.dat в %WINDIR%\Temp\Perflib_Perfdata_7e8.dat.rapid
%WINDIR%\twunk_16.exe в %WINDIR%\twunk_16.exe.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll в %WINDIR%\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll в %WINDIR%\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll.rapid
%WINDIR%\twain_32.dll в %WINDIR%\twain_32.dll.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll в %WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll.rapid
%WINDIR%\twain.dll в %WINDIR%\twain.dll.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll в %WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll.rapid
%WINDIR%\tsoc.log в %WINDIR%\tsoc.log.rapid
%WINDIR%\twain_32\wiatwain.ds в %WINDIR%\twain_32\wiatwain.ds.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll в %WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll в %WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll в %WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll.rapid
%WINDIR%\TASKMAN.EXE в %WINDIR%\TASKMAN.EXE.rapid
%WINDIR%\tabletoc.log в %WINDIR%\tabletoc.log.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll в %WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll в %WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll в %WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll в %WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll в %WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll в %WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll в %WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll.rapid
%WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_x-ww_0f75c32e\8.0.50727.762.policy в %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_x-ww_0f75c32e\8.0.50727.762.policy.rapid
%WINDIR%\XXInstall\Scripts\bcode-stop.vbs в %WINDIR%\XXInstall\Scripts\bcode-stop.vbs.rapid
%WINDIR%\Web\printers\ipp_0010.asp в %WINDIR%\Web\printers\ipp_0010.asp.rapid
%WINDIR%\XXInstall\Scripts\smart_assembly_fix.reg в %WINDIR%\XXInstall\Scripts\smart_assembly_fix.reg.rapid
%WINDIR%\wiaservc.log в %WINDIR%\wiaservc.log.rapid
%WINDIR%\wiadebug.log в %WINDIR%\wiadebug.log.rapid
%WINDIR%\XXInstall\Scripts\safely.reg в %WINDIR%\XXInstall\Scripts\safely.reg.rapid
%WINDIR%\XXInstall\hashdeep.exe в %WINDIR%\XXInstall\hashdeep.exe.rapid
%WINDIR%\XXInstall\Scripts\reboot_on_bsod.reg в %WINDIR%\XXInstall\Scripts\reboot_on_bsod.reg.rapid
%WINDIR%\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll в %WINDIR%\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll.rapid
%WINDIR%\XXInstall\Scripts\prefs.js в %WINDIR%\XXInstall\Scripts\prefs.js.rapid
%WINDIR%\Web\tips.gif в %WINDIR%\Web\tips.gif.rapid
%WINDIR%\XXInstall\exdir.exe в %WINDIR%\XXInstall\exdir.exe.rapid
%WINDIR%\Web\printers\prtwebvw.css в %WINDIR%\Web\printers\prtwebvw.css.rapid
%WINDIR%\XXInstall\Scripts\perf.reg в %WINDIR%\XXInstall\Scripts\perf.reg.rapid
%WINDIR%\Web\tip.htm в %WINDIR%\Web\tip.htm.rapid
%WINDIR%\Web\Wallpaper\Wind.jpg в %WINDIR%\Web\Wallpaper\Wind.jpg.rapid
%WINDIR%\Web\safemode.htt в %WINDIR%\Web\safemode.htt.rapid
%WINDIR%\XXInstall\Scripts\not_collect_offline.reg в %WINDIR%\XXInstall\Scripts\not_collect_offline.reg.rapid
%WINDIR%\XXInstall\events.exe в %WINDIR%\XXInstall\events.exe.rapid
%WINDIR%\Web\Wallpaper\Vortec space.jpg в %WINDIR%\Web\Wallpaper\Vortec space.jpg.rapid
%WINDIR%\XXInstall\Scripts\norun.reg в %WINDIR%\XXInstall\Scripts\norun.reg.rapid
%WINDIR%\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll в %WINDIR%\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll.rapid
%WINDIR%\XXInstall\install.bat в %WINDIR%\XXInstall\install.bat.rapid
%WINDIR%\Web\Wallpaper\Windows XP.jpg в %WINDIR%\Web\Wallpaper\Windows XP.jpg.rapid
%WINDIR%\XXInstall\Scripts\startup_ar.bat в %WINDIR%\XXInstall\Scripts\startup_ar.bat.rapid
%WINDIR%\XXInstall\vminstall.exe в %WINDIR%\XXInstall\vminstall.exe.rapid
%WINDIR%\Zapotec.bmp в %WINDIR%\Zapotec.bmp.rapid
%WINDIR%\WMSysPr9.prx в %WINDIR%\WMSysPr9.prx.rapid
%WINDIR%\wmsetup.log в %WINDIR%\wmsetup.log.rapid
%WINDIR%\winnt256.bmp в %WINDIR%\winnt256.bmp.rapid
%WINDIR%\winnt.bmp в %WINDIR%\winnt.bmp.rapid
%WINDIR%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll в %WINDIR%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll.rapid
%WINDIR%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll в %WINDIR%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll.rapid
%WINDIR%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll в %WINDIR%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll.rapid
%WINDIR%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll в %WINDIR%\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll.rapid
%WINDIR%\winhlp32.exe в %WINDIR%\winhlp32.exe.rapid
%WINDIR%\XXInstall\install_ar.bat в %WINDIR%\XXInstall\install_ar.bat.rapid
%WINDIR%\XXInstall\screen.exe в %WINDIR%\XXInstall\screen.exe.rapid
%WINDIR%\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0\rtcres.dll в %WINDIR%\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0\rtcres.dll.rapid
%WINDIR%\XXInstall\Scripts\WindowsKiller.ini в %WINDIR%\XXInstall\Scripts\WindowsKiller.ini.rapid
%WINDIR%\XXInstall\ps.exe в %WINDIR%\XXInstall\ps.exe.rapid
%WINDIR%\XXInstall\Scripts\taskmgr.reg в %WINDIR%\XXInstall\Scripts\taskmgr.reg.rapid
%WINDIR%\XXInstall\install_small.bat в %WINDIR%\XXInstall\install_small.bat.rapid
%WINDIR%\winhelp.exe в %WINDIR%\winhelp.exe.rapid
%WINDIR%\WindowsUpdate.log в %WINDIR%\WindowsUpdate.log.rapid
%WINDIR%\XXInstall\Scripts\startup_bsod.bat в %WINDIR%\XXInstall\Scripts\startup_bsod.bat.rapid
%WINDIR%\win.ini в %WINDIR%\win.ini.rapid
%WINDIR%\Web\Wallpaper\Purple flower.jpg в %WINDIR%\Web\Wallpaper\Purple flower.jpg.rapid
%WINDIR%\Web\printers\ipp_0005.asp в %WINDIR%\Web\printers\ipp_0005.asp.rapid
%WINDIR%\XXInstall\devcon.exe в %WINDIR%\XXInstall\devcon.exe.rapid
%WINDIR%\XXInstall\Scripts\KernelDump.reg в %WINDIR%\XXInstall\Scripts\KernelDump.reg.rapid
%WINDIR%\Web\Wallpaper\Follow.jpg в %WINDIR%\Web\Wallpaper\Follow.jpg.rapid
%WINDIR%\Web\Wallpaper\Crystal.jpg в %WINDIR%\Web\Wallpaper\Crystal.jpg.rapid
%WINDIR%\Web\printers\ipp_0013.asp в %WINDIR%\Web\printers\ipp_0013.asp.rapid
%WINDIR%\XXInstall\Scripts\ipv6_disable.reg в %WINDIR%\XXInstall\Scripts\ipv6_disable.reg.rapid
%WINDIR%\Web\Wallpaper\Bliss.bmp в %WINDIR%\Web\Wallpaper\Bliss.bmp.rapid
%WINDIR%\Web\Wallpaper\Azul.jpg в %WINDIR%\Web\Wallpaper\Azul.jpg.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll в %WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll.rapid
%WINDIR%\XXInstall\Scripts\eventmon-startlog.vbs в %WINDIR%\XXInstall\Scripts\eventmon-startlog.vbs.rapid
%WINDIR%\Web\Wallpaper\Autumn.jpg в %WINDIR%\Web\Wallpaper\Autumn.jpg.rapid
%WINDIR%\Web\Wallpaper\Stonehenge.jpg в %WINDIR%\Web\Wallpaper\Stonehenge.jpg.rapid
%WINDIR%\XXInstall\Scripts\eventmon-setup.vbs в %WINDIR%\XXInstall\Scripts\eventmon-setup.vbs.rapid
%WINDIR%\Web\Wallpaper\Ascent.jpg в %WINDIR%\Web\Wallpaper\Ascent.jpg.rapid
%WINDIR%\Web\printers\ipp_0007.asp в %WINDIR%\Web\printers\ipp_0007.asp.rapid
%WINDIR%\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll в %WINDIR%\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll в %WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll в %WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll.rapid
%WINDIR%\XXInstall\Scripts\CompleteDump.reg в %WINDIR%\XXInstall\Scripts\CompleteDump.reg.rapid
%WINDIR%\Web\printers\ipp_0006.asp в %WINDIR%\Web\printers\ipp_0006.asp.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll в %WINDIR%\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll.rapid
%WINDIR%\Web\printers\ipp_0014.asp в %WINDIR%\Web\printers\ipp_0014.asp.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll в %WINDIR%\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll.rapid
%WINDIR%\XXInstall\Scripts\kill_saves.vbs в %WINDIR%\XXInstall\Scripts\kill_saves.vbs.rapid
%WINDIR%\Web\printers\ipp_res.inc в %WINDIR%\Web\printers\ipp_res.inc.rapid
%WINDIR%\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcirt.dll в %WINDIR%\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcirt.dll.rapid
%WINDIR%\XXInstall\Scripts\noballon.reg в %WINDIR%\XXInstall\Scripts\noballon.reg.rapid
%WINDIR%\Web\printers\page1.asp в %WINDIR%\Web\printers\page1.asp.rapid
%WINDIR%\Web\Wallpaper\Ripple.jpg в %WINDIR%\Web\Wallpaper\Ripple.jpg.rapid
%WINDIR%\Web\printers\ipp_util.inc в %WINDIR%\Web\printers\ipp_util.inc.rapid
%WINDIR%\XXInstall\cmdow.exe в %WINDIR%\XXInstall\cmdow.exe.rapid
%WINDIR%\XXInstall\Scripts\ncsi_disable.reg в %WINDIR%\XXInstall\Scripts\ncsi_disable.reg.rapid
%WINDIR%\Web\Wallpaper\Red moon desert.jpg в %WINDIR%\Web\Wallpaper\Red moon desert.jpg.rapid
%WINDIR%\Web\Wallpaper\Radiance.jpg в %WINDIR%\Web\Wallpaper\Radiance.jpg.rapid
%WINDIR%\Web\Wallpaper\Tulips.jpg в %WINDIR%\Web\Wallpaper\Tulips.jpg.rapid
%WINDIR%\Web\Wallpaper\Friend.jpg в %WINDIR%\Web\Wallpaper\Friend.jpg.rapid
%WINDIR%\XXInstall\Scripts\LanDisabler.vbs в %WINDIR%\XXInstall\Scripts\LanDisabler.vbs.rapid
%WINDIR%\Web\Wallpaper\Power.jpg в %WINDIR%\Web\Wallpaper\Power.jpg.rapid
%WINDIR%\Web\printers\ipp_adsi.inc в %WINDIR%\Web\printers\ipp_adsi.inc.rapid
%WINDIR%\Web\Wallpaper\Peace.jpg в %WINDIR%\Web\Wallpaper\Peace.jpg.rapid
%WINDIR%\XXInstall\Scripts\kill_windows.vbs в %WINDIR%\XXInstall\Scripts\kill_windows.vbs.rapid
%WINDIR%\Web\Wallpaper\Moon flower.jpg в %WINDIR%\Web\Wallpaper\Moon flower.jpg.rapid
%WINDIR%\Web\printers\ipp_0015.asp в %WINDIR%\Web\printers\ipp_0015.asp.rapid
%WINDIR%\Web\Wallpaper\Home.jpg в %WINDIR%\Web\Wallpaper\Home.jpg.rapid
%WINDIR%\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll в %WINDIR%\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll.rapid
%WINDIR%\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll в %WINDIR%\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll.rapid
%WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.3053.policy в %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.3053.policy.rapid

Перемещает следующие файлы:

C:\Muldrop\unq4.unq_0 в C:\Muldrop\unq4.unq_0.rapid
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\prefs.js в %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\prefs.js.rapid
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\pluginreg.dat в %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\pluginreg.dat.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Framework.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Framework.dll.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll.rapid
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\places.sqlite в %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\places.sqlite.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.rapid
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\permissions.sqlite в %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\permissions.sqlite.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\WindowsFormsIntegration.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\WindowsFormsIntegration.dll.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll.rapid
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\key3.db в %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\key3.db.rapid
<ANALYSE_DIR>\DWS-DUMP\0B4C_dws_cmd.exe в <ANALYSE_DIR>\DWS-DUMP\0B4C_dws_cmd.exe.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationTypes.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationTypes.dll.rapid
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\search.json в %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\search.json.rapid
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\formhistory.sqlite в %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\formhistory.sqlite.rapid
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions.sqlite в %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions.sqlite.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClientsideProviders.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClientsideProviders.dll.rapid
<ANALYSE_DIR>\DWS-DUMP\0B44_dws_vssadmin.exe в <ANALYSE_DIR>\DWS-DUMP\0B44_dws_vssadmin.exe.rapid
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions.ini в %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions.ini.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClient.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClient.dll.rapid
<ANALYSE_DIR>\DWS-DUMP\0B14_dws_<Имя файла>.exe в <ANALYSE_DIR>\DWS-DUMP\0B14_dws_<Имя файла>.exe.rapid
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\downloads.sqlite в %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\downloads.sqlite.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll.rapid
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\cookies.sqlite в %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\cookies.sqlite.rapid
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\content-prefs.sqlite в %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\content-prefs.sqlite.rapid
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\compatibility.ini в %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\compatibility.ini.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll.rapid
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\chromeappsstore.sqlite в %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\chromeappsstore.sqlite.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Utilities.v3.5.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Utilities.v3.5.dll.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll.rapid
<APATH_DUMPS_DIR>\0B14_<Имя файла>.exe_0.ndmp в <APATH_DUMPS_DIR>\0B14_<Имя файла>.exe_0.ndmp.rapid
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\chrome\userContent-example.css в %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\chrome\userContent-example.css.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Management.Instrumentation.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Management.Instrumentation.dll.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.DirectoryServices.AccountManagement.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.DirectoryServices.AccountManagement.dll.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll.rapid
<ANALYSE_DIR>\PET-DUMP\0B44_pet_vssadmin.exe в <ANALYSE_DIR>\PET-DUMP\0B44_pet_vssadmin.exe.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Design.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Design.dll.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Client.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Client.dll.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll.rapid
<ANALYSE_DIR>\PET-DUMP\0B14_pet_<Имя файла>.exe в <ANALYSE_DIR>\PET-DUMP\0B14_pet_<Имя файла>.exe.rapid
%APPDATA%\winscp.rnd в %APPDATA%\winscp.rnd.rapid
%APPDATA%\Mozilla\Firefox\profiles.ini в %APPDATA%\Mozilla\Firefox\profiles.ini.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.Design.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.Design.dll.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Net.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Net.dll.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationProvider.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationProvider.dll.rapid
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\webappsstore.sqlite в %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\webappsstore.sqlite.rapid
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\sessionstore.js в %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\sessionstore.js.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.ComponentModel.DataAnnotations.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.ComponentModel.DataAnnotations.dll.rapid
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\sessionstore.bak в %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\sessionstore.bak.rapid
<APATH_DUMPS_DIR>\0B44_vssadmin.exe_0.ndmp в <APATH_DUMPS_DIR>\0B44_vssadmin.exe_0.ndmp.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.dll.rapid
%TEMP%\M15XoD в %TEMP%\M15XoD.rapid
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\secmod.db в %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\secmod.db.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.Contract.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.Contract.dll.rapid
%TEMP%\nsu2.tmp\System.dll в %TEMP%\nsu2.tmp\System.dll.rapid
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\search.sqlite в %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\search.sqlite.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\Client.xml в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\Client.xml.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll.rapid
<APATH_DUMPS_DIR>\0B4C_cmd.exe_0.ndmp в <APATH_DUMPS_DIR>\0B4C_cmd.exe_0.ndmp.rapid
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\signons.sqlite в %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\signons.sqlite.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND19.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND19.WAV.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Classic.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Classic.dll.rapid
<ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x00630000.alloc в <ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x00630000.alloc.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Aero.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Aero.dll.rapid
<ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x00520000.alloc в <ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x00520000.alloc.rapid
<ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x00510000.alloc в <ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x00510000.alloc.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll.rapid
<ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x00450000.alloc в <ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x00450000.alloc.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll.rapid
<ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x003B0000.alloc в <ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x003B0000.alloc.rapid
%ProgramFiles%\Outlook Express\wabmig.exe в %ProgramFiles%\Outlook Express\wabmig.exe.rapid
%ProgramFiles%\Outlook Express\wabimp.dll в %ProgramFiles%\Outlook Express\wabimp.dll.rapid
%ProgramFiles%\Outlook Express\wabfind.dll в %ProgramFiles%\Outlook Express\wabfind.dll.rapid
%ProgramFiles%\Outlook Express\wab.exe в %ProgramFiles%\Outlook Express\wab.exe.rapid
<ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x003A0000.alloc в <ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x003A0000.alloc.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll.rapid
<ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x00930000.alloc в <ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x00930000.alloc.rapid
%ProgramFiles%\Outlook Express\oeimport.dll в %ProgramFiles%\Outlook Express\oeimport.dll.rapid
<ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x00390000.alloc в <ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x00390000.alloc.rapid
%ProgramFiles%\Outlook Express\msoeres.dll в %ProgramFiles%\Outlook Express\msoeres.dll.rapid
%ProgramFiles%\Outlook Express\msoe.txt в %ProgramFiles%\Outlook Express\msoe.txt.rapid
<ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x00380000.alloc в <ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x00380000.alloc.rapid
%ProgramFiles%\Outlook Express\msoe.dll в %ProgramFiles%\Outlook Express\msoe.dll.rapid
%ProgramFiles%\Outlook Express\msimn.exe в %ProgramFiles%\Outlook Express\msimn.exe.rapid
%ProgramFiles%\Online Services\Use MSN Explorer to sign up for Internet Access (US only).lnk в %ProgramFiles%\Online Services\Use MSN Explorer to sign up for Internet Access (US only).lnk.rapid
%ProgramFiles%\Online Services\Refer me to more Internet Service Providers.lnk в %ProgramFiles%\Online Services\Refer me to more Internet Service Providers.lnk.rapid
%ProgramFiles%\NetMeeting\wb32.exe в %ProgramFiles%\NetMeeting\wb32.exe.rapid
<ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x00330000.alloc в <ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x00330000.alloc.rapid
%ProgramFiles%\MSN\MSNCoreFiles\Install\xfp.xml в %ProgramFiles%\MSN\MSNCoreFiles\Install\xfp.xml.rapid
%ProgramFiles%\NetMeeting\TestSnd.wav в %ProgramFiles%\NetMeeting\TestSnd.wav.rapid
%ProgramFiles%\Outlook Express\oemiglib.dll в %ProgramFiles%\Outlook Express\oemiglib.dll.rapid
%ProgramFiles%\Outlook Express\setup50.exe в %ProgramFiles%\Outlook Express\setup50.exe.rapid
<ANALYSE_DIR>\PET-DUMP\0B4C_pet_cmd.exe в <ANALYSE_DIR>\PET-DUMP\0B4C_pet_cmd.exe.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Luna.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Luna.dll.rapid
%APPDATA%\Microsoft\Address Book\%USERNAME%.wab~ в %APPDATA%\Microsoft\Address Book\%USERNAME%.wab~.rapid
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\bookmarkbackups\bookmarks-2011-11-10.json в %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\bookmarkbackups\bookmarks-2011-11-10.json.rapid
%APPDATA%\Microsoft\Media Player\0007F0B7.wpl в %APPDATA%\Microsoft\Media Player\0007F0B7.wpl.rapid
<ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x7FFE0000.alloc в <ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x7FFE0000.alloc.rapid
<ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x7FFDF000.alloc в <ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x7FFDF000.alloc.rapid
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk в %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk.rapid
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf в %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf.rapid
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk в %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk.rapid
<ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x7FFD5000.alloc в <ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x7FFD5000.alloc.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll.rapid
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\desktop.ini в %APPDATA%\Microsoft\Internet Explorer\Quick Launch\desktop.ini.rapid
%APPDATA%\Microsoft\Internet Explorer\Desktop.htt в %APPDATA%\Microsoft\Internet Explorer\Desktop.htt.rapid
%APPDATA%\Microsoft\Internet Explorer\brndlog.txt в %APPDATA%\Microsoft\Internet Explorer\brndlog.txt.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll.rapid
<ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x00990000.alloc в <ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x00990000.alloc.rapid
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\chrome\userChrome-example.css в %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\chrome\userChrome-example.css.rapid
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\cert8.db в %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\cert8.db.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll.rapid
%APPDATA%\Microsoft\Address Book\%USERNAME%.wab в %APPDATA%\Microsoft\Address Book\%USERNAME%.wab.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\System.IO.Log.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\System.IO.Log.dll.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.Selectors.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.Selectors.dll.rapid
%APPDATA%\desktop.ini в %APPDATA%\desktop.ini.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.dll.rapid
<ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x7F6F0000.alloc в <ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x7F6F0000.alloc.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\Client.xml в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\Client.xml.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml.rapid
<ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x00B60000.alloc в <ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x00B60000.alloc.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Royale.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Royale.dll.rapid
<ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x00A80000.alloc в <ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x00A80000.alloc.rapid
<ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x7FFB0000.alloc в <ANALYSE_DIR>\ALLOC\dmp_0x0B14_0x7FFB0000.alloc.rapid
%APPDATA%\Microsoft\Internet Explorer\brndlog.bak в %APPDATA%\Microsoft\Internet Explorer\brndlog.bak.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Abstractions.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Abstractions.dll.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.Design.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.Design.dll.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.dll.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND528.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND528.WAV.rapid
C:\Muldrop\dmp_0x1bc_0x30000 в C:\Muldrop\dmp_0x1bc_0x30000.rapid
C:\Muldrop\dmp_0x1bc_0x20000 в C:\Muldrop\dmp_0x1bc_0x20000.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND50.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND50.WAV.rapid
C:\Muldrop\dmp_0x1bc_0x10000 в C:\Muldrop\dmp_0x1bc_0x10000.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND5.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND5.WAV.rapid
C:\Muldrop\dmp_0x1b8_0x30000 в C:\Muldrop\dmp_0x1b8_0x30000.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND49D.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND49D.WAV.rapid
C:\Muldrop\dmp_0x1b8_0x20000 в C:\Muldrop\dmp_0x1b8_0x20000.rapid
C:\Muldrop\dmp_0x1b8_0x10000 в C:\Muldrop\dmp_0x1b8_0x10000.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND49.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND49.WAV.rapid
C:\Muldrop\dmp_0x1a8_0x30000 в C:\Muldrop\dmp_0x1a8_0x30000.rapid
C:\Muldrop\dmp_0x1c0_0x20000 в C:\Muldrop\dmp_0x1c0_0x20000.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND7.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND7.WAV.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND53.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND53.WAV.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND45.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND45.WAV.rapid
C:\Muldrop\dmp_0x1a4_0x30000 в C:\Muldrop\dmp_0x1a4_0x30000.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND42.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND42.WAV.rapid
C:\Muldrop\dmp_0x1a4_0x20000 в C:\Muldrop\dmp_0x1a4_0x20000.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND4.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND4.WAV.rapid
C:\Muldrop\dmp_0x1a4_0x10000 в C:\Muldrop\dmp_0x1a4_0x10000.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND39.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND39.WAV.rapid
C:\Muldrop\dmp_0x198_0x30000 в C:\Muldrop\dmp_0x198_0x30000.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND38.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND38.WAV.rapid
C:\Muldrop\dmp_0x198_0x20000 в C:\Muldrop\dmp_0x198_0x20000.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND36.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND36.WAV.rapid
C:\Muldrop\dmp_0x198_0x10000 в C:\Muldrop\dmp_0x198_0x10000.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND35.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND35.WAV.rapid
C:\Muldrop\dmp_0x1a8_0x20000 в C:\Muldrop\dmp_0x1a8_0x20000.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND43.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND43.WAV.rapid
C:\Muldrop\dmp_0x1a8_0x10000 в C:\Muldrop\dmp_0x1a8_0x10000.rapid
%ProgramFiles%\NetMeeting\rrcm.dll в %ProgramFiles%\NetMeeting\rrcm.dll.rapid
C:\Muldrop\dmp_0x14c_0x30000 в C:\Muldrop\dmp_0x14c_0x30000.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND55.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND55.WAV.rapid
C:\Muldrop\Sztufn.emm_0 в C:\Muldrop\Sztufn.emm_0.rapid
C:\Muldrop\npgdpnq.mph_5 в C:\Muldrop\npgdpnq.mph_5.rapid
C:\Muldrop\npgdpnq.mph_4 в C:\Muldrop\npgdpnq.mph_4.rapid
%ProgramFiles%\Windows NT\Pinball\table.bmp в %ProgramFiles%\Windows NT\Pinball\table.bmp.rapid
C:\Muldrop\npgdpnq.mph_3 в C:\Muldrop\npgdpnq.mph_3.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND999.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND999.WAV.rapid
C:\Muldrop\npgdpnq.mph_2 в C:\Muldrop\npgdpnq.mph_2.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND9.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND9.WAV.rapid
C:\Muldrop\npgdpnq.mph_1 в C:\Muldrop\npgdpnq.mph_1.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND827.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND827.WAV.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND8.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND8.WAV.rapid
C:\Muldrop\npgdpnq.mph_0 в C:\Muldrop\npgdpnq.mph_0.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND735.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND735.WAV.rapid
C:\Muldrop\dmp_0x1c0_0x30000 в C:\Muldrop\dmp_0x1c0_0x30000.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND54.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND54.WAV.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND713.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND713.WAV.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND68.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND68.WAV.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND65.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND65.WAV.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND6.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND6.WAV.rapid
C:\Muldrop\jogp.fyf_0 в C:\Muldrop\jogp.fyf_0.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND58.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND58.WAV.rapid
C:\Muldrop\dmp_0xd8_0x20000 в C:\Muldrop\dmp_0xd8_0x20000.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND57.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND57.WAV.rapid
C:\Muldrop\dmp_0xd8_0x10000 в C:\Muldrop\dmp_0xd8_0x10000.rapid
C:\Muldrop\dmp_0x88_0x30000 в C:\Muldrop\dmp_0x88_0x30000.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND563.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND563.WAV.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND560.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND560.WAV.rapid
C:\Muldrop\dmp_0x88_0x20000 в C:\Muldrop\dmp_0x88_0x20000.rapid
C:\Muldrop\dmp_0x88_0x10000 в C:\Muldrop\dmp_0x88_0x10000.rapid
C:\Muldrop\unq3.unq_0 в C:\Muldrop\unq3.unq_0.rapid
C:\Muldrop\M15XpD_0 в C:\Muldrop\M15XpD_0.rapid
%ProgramFiles%\Outlook Express\oemig50.exe в %ProgramFiles%\Outlook Express\oemig50.exe.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND34.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND34.WAV.rapid
C:\Muldrop\dmp_0x14c_0x10000 в C:\Muldrop\dmp_0x14c_0x10000.rapid
%ProgramFiles%\Windows NT\Pinball\FONT.DAT в %ProgramFiles%\Windows NT\Pinball\FONT.DAT.rapid
%ProgramFiles%\Windows NT\hypertrm.exe в %ProgramFiles%\Windows NT\hypertrm.exe.rapid
%ProgramFiles%\Windows NT\htrn_jis.dll в %ProgramFiles%\Windows NT\htrn_jis.dll.rapid
%ProgramFiles%\Windows NT\dialer.exe в %ProgramFiles%\Windows NT\dialer.exe.rapid
%ProgramFiles%\Windows NT\Accessories\write.wpc в %ProgramFiles%\Windows NT\Accessories\write.wpc.rapid
%ProgramFiles%\Windows NT\Accessories\wordpad.exe в %ProgramFiles%\Windows NT\Accessories\wordpad.exe.rapid
%ProgramFiles%\Windows NT\Accessories\mswrd8.wpc в %ProgramFiles%\Windows NT\Accessories\mswrd8.wpc.rapid
%ProgramFiles%\Windows NT\Accessories\mswrd6.wpc в %ProgramFiles%\Windows NT\Accessories\mswrd6.wpc.rapid
%ProgramFiles%\Windows Media Player\wmpns.dll в %ProgramFiles%\Windows Media Player\wmpns.dll.rapid
%ProgramFiles%\Windows Media Player\wmplayer.exe в %ProgramFiles%\Windows Media Player\wmplayer.exe.rapid
%ProgramFiles%\Windows Media Player\wmpband.dll в %ProgramFiles%\Windows Media Player\wmpband.dll.rapid
%ProgramFiles%\Windows Media Player\Skins\Revert.wmz в %ProgramFiles%\Windows Media Player\Skins\Revert.wmz.rapid
%ProgramFiles%\Windows Media Player\Skins\compact.wmz в %ProgramFiles%\Windows Media Player\Skins\compact.wmz.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND30.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND30.WAV.rapid
%ProgramFiles%\Windows NT\Pinball\PINBALL.DAT в %ProgramFiles%\Windows NT\Pinball\PINBALL.DAT.rapid
%ProgramFiles%\Windows NT\Pinball\PINBALL.EXE в %ProgramFiles%\Windows NT\Pinball\PINBALL.EXE.rapid
%ProgramFiles%\Windows Media Player\npdrmv2.dll в %ProgramFiles%\Windows Media Player\npdrmv2.dll.rapid
%ProgramFiles%\Windows Media Player\mpvis.dll в %ProgramFiles%\Windows Media Player\mpvis.dll.rapid
%ProgramFiles%\Windows Media Player\mplayer2.exe в %ProgramFiles%\Windows Media Player\mplayer2.exe.rapid
%ProgramFiles%\Windows Media Player\migrate.exe в %ProgramFiles%\Windows Media Player\migrate.exe.rapid
%ProgramFiles%\Windows Media Player\custsat.dll в %ProgramFiles%\Windows Media Player\custsat.dll.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.WorkflowServices.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.WorkflowServices.dll.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Windows.Presentation.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Windows.Presentation.dll.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Routing.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Routing.dll.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.Design.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.Design.dll.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.dll.rapid
%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.Design.dll в %ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.Design.dll.rapid
%ProgramFiles%\Windows Media Player\setup_wm.exe в %ProgramFiles%\Windows Media Player\setup_wm.exe.rapid
%ProgramFiles%\Windows Media Player\npdsplay.dll в %ProgramFiles%\Windows Media Player\npdsplay.dll.rapid
C:\Muldrop\dmp_0x14c_0x20000 в C:\Muldrop\dmp_0x14c_0x20000.rapid
%ProgramFiles%\Windows Media Player\npwmsdrm.dll в %ProgramFiles%\Windows Media Player\npwmsdrm.dll.rapid
C:\Muldrop\dmp_0x1c0_0x10000 в C:\Muldrop\dmp_0x1c0_0x10000.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND3.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND3.WAV.rapid
C:\Muldrop\88744D2A29102FC88ECF505DD2E984FC.npg_1 в C:\Muldrop\88744D2A29102FC88ECF505DD2E984FC.npg_1.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND29.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND29.WAV.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND28.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND28.WAV.rapid
C:\Muldrop\88744D2A29102FC88ECF505DD2E984FC.npg_0 в C:\Muldrop\88744D2A29102FC88ECF505DD2E984FC.npg_0.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND27.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND27.WAV.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND26.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND26.WAV.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND25.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND25.WAV.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND243.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND243.WAV.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND240.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND240.WAV.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND24.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND24.WAV.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND22.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND22.WAV.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND21.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND21.WAV.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND1.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND1.WAV.rapid
%ProgramFiles%\Windows NT\Pinball\PINBALL.MID в %ProgramFiles%\Windows NT\Pinball\PINBALL.MID.rapid
%ProgramFiles%\Windows NT\Pinball\PINBALL2.MID в %ProgramFiles%\Windows NT\Pinball\PINBALL2.MID.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND18.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND18.WAV.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND17.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND17.WAV.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND16.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND16.WAV.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND14.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND14.WAV.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND136.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND136.WAV.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND131.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND131.WAV.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND13.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND13.WAV.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND12.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND12.WAV.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND112.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND112.WAV.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND111.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND111.WAV.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND108.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND108.WAV.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND105.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND105.WAV.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND104.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND104.WAV.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND20.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND20.WAV.rapid
%ProgramFiles%\Windows NT\Pinball\SOUND181.WAV в %ProgramFiles%\Windows NT\Pinball\SOUND181.WAV.rapid
%ProgramFiles%\MSN\MSNCoreFiles\OOBE\signup.mar в %ProgramFiles%\MSN\MSNCoreFiles\OOBE\signup.mar.rapid

Изменяет множество файлов пользовательских данных (Trojan.Encoder).

Изменяет расширения файлов пользовательских данных (Trojan.Encoder).

Другое:

Создает и запускает на исполнение:

'<Полный путь к файлу>'

Запускает на исполнение:

'<SYSTEM32>\cmd.exe' /c vssadmin.exe Delete Shadows /All /Quiet
'<SYSTEM32>\cmd.exe' /c bcdedit.exe /set {default} recoveryenabled No
'<SYSTEM32>\cmd.exe' /c bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures
'<SYSTEM32>\cmd.exe' /c wbadmin DELETE SYSTEMSTATEBACKUP
'<SYSTEM32>\cmd.exe' /c wmic SHADOWCOPY DELETE
'<SYSTEM32>\schtasks.exe' /Create /SC MINUTE /TN Encrypter /TR %APPDATA%\info.exe
'<SYSTEM32>\schtasks.exe' /Create /SC ONLOGON /TN EncrypterSt /TR %APPDATA%\info.exe

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней