Техническая информация
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Globalization\MCT\MCT-CA\Wallpaper\CA-wp6.jpg"
- '%TEMP%\svchost.exe' /pid=0xf20 /log
- '%TEMP%\svchost.exe' /pid=0x7dc /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Globalization\MCT\MCT-AU\Wallpaper\AU-wp1.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Globalization\MCT\MCT-AU\Wallpaper\AU-wp5.jpg"
- '%TEMP%\svchost.exe' /pid=0x644 /log
- '%TEMP%\svchost.exe' /pid=0x494 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Globalization\MCT\MCT-US\Wallpaper\US-wp1.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Globalization\MCT\MCT-GB\Wallpaper\GB-wp4.jpg"
- '%TEMP%\svchost.exe' /pid=0x4d0 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\ehome\CreateDisc\Styles\PAL\Symphony\Symphony\Symphony.psd"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg"
- '%TEMP%\svchost.exe' /pid=0xf74 /log
- '%TEMP%\svchost.exe' /pid=0xe5c /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "<LS_APPDATA>\Microsoft\Windows Mail\Stationery\Wrinkled_Paper.gif"
- '%TEMP%\svchost.exe' /pid=0xf24 /log
- '%TEMP%\svchost.exe' /pid=0xf98 /log
- '%TEMP%\svchost.exe' /pid=0xd64 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\Public\Pictures\Sample Pictures\Koala.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg"
- '%TEMP%\svchost.exe' /pid=0xfcc /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif"
- '%TEMP%\svchost.exe' /pid=0xf70 /log
- '%TEMP%\svchost.exe' /pid=0xf18 /log
- '%TEMP%\svchost.exe' /pid=0xf4c /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif"
- '%TEMP%\svchost.exe' /pid=0xcc0 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif"
- '%TEMP%\svchost.exe' /pid=0xcb4 /log
- '%TEMP%\svchost.exe' /pid=0xf04 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Globalization\MCT\MCT-ZA\Wallpaper\ZA-wp4.jpg"
- '%TEMP%\svchost.exe' /pid=0xd38 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Globalization\MCT\MCT-ZA\Wallpaper\ZA-wp3.jpg"
- '%TEMP%\svchost.exe' /pid=0xe2c /log
- '%TEMP%\svchost.exe' /pid=0xd40 /log
- '%TEMP%\svchost.exe' /pid=0xe24 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg"
- '%TEMP%\svchost.exe' /pid=0xda4 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Globalization\MCT\MCT-ZA\Wallpaper\ZA-wp5.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_Code\ApplicationConfigurationPage.cs"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "<LS_APPDATA>\Microsoft\Windows Mail\Stationery\Tiki.gif"
- '%TEMP%\svchost.exe' /pid=0xf10 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp"
- '%TEMP%\svchost.exe' /pid=0xf34 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp"
- '%TEMP%\svchost.exe' /pid=0xf00 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp"
- '%TEMP%\svchost.exe' /pid=0x738 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp"
- '%TEMP%\svchost.exe' /pid=0xe9c /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "<LS_APPDATA>\Microsoft\Windows Mail\Stationery\Small_News.jpg"
- '%TEMP%\svchost.exe' /pid=0xf60 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "<LS_APPDATA>\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "<LS_APPDATA>\Microsoft\Windows Mail\Stationery\Peacock.jpg"
- '%TEMP%\svchost.exe' /pid=0xc88 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "<LS_APPDATA>\Microsoft\Windows Mail\Stationery\Stucco.gif"
- '%TEMP%\svchost.exe' /pid=0xd00 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "<LS_APPDATA>\Microsoft\Windows Mail\Stationery\Connectivity.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "<LS_APPDATA>\Microsoft\Windows Mail\Stationery\SoftBlue.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "<LS_APPDATA>\Microsoft\Windows Mail\Stationery\White_Chocolate.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "<LS_APPDATA>\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp"
- '%TEMP%\svchost.exe' /pid=0xba0 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "<LS_APPDATA>\Microsoft\Windows Mail\Stationery\Monet.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "<LS_APPDATA>\Microsoft\Windows Mail\Stationery\Notebook.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "<LS_APPDATA>\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg"
- '%TEMP%\svchost.exe' /pid=0xe68 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "<LS_APPDATA>\Microsoft\Windows Mail\Stationery\Blue_Gradient.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1033\eula.rtf"
- '%TEMP%\svchost.exe' /pid=0xd30 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1032\eula.rtf"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1031\eula.rtf"
- '%TEMP%\svchost.exe' /pid=0xfdc /log
- '%TEMP%\svchost.exe' /pid=0xcf0 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1043\eula.rtf"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1038\eula.rtf"
- '%TEMP%\svchost.exe' /pid=0xe20 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1037\eula.rtf"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1030\eula.rtf"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif"
- '%TEMP%\svchost.exe' /pid=0xf44 /log
- '%TEMP%\svchost.exe' /pid=0xec0 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_1x1.gif"
- '%TEMP%\svchost.exe' /pid=0xe50 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1029\eula.rtf"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1025\eula.rtf"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\SplashScreen.bmp"
- '%TEMP%\svchost.exe' /pid=0xffc /log
- '%TEMP%\svchost.exe' /pid=0xf30 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1045\eula.rtf"
- '%TEMP%\svchost.exe' /pid=0xe64 /log
- '%TEMP%\svchost.exe' /pid=0x3d0 /log
- '%TEMP%\svchost.exe' /pid=0x368 /log
- '%TEMP%\svchost.exe' /pid=0xfc0 /log
- '%TEMP%\svchost.exe' /pid=0xc90 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\2052\eula.rtf"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1046\eula.rtf"
- '%TEMP%\svchost.exe' /pid=0xce4 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1036\eula.rtf"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1049\eula.rtf"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\2070\eula.rtf"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1046\eula.rtf"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1044\eula.rtf"
- '%TEMP%\svchost.exe' /pid=0xed8 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1032\eula.rtf"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1033\eula.rtf"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1028\eula.rtf"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\header.bmp"
- '%TEMP%\svchost.exe' /pid=0xb0c /log
- '%TEMP%\svchost.exe' /pid=0xdc8 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif"
- '%TEMP%\svchost.exe' /pid=0xcb0 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_sml.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif"
- '%TEMP%\svchost.exe' /pid=0xd2c /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif"
- '%TEMP%\svchost.exe' /pid=0xd20 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif"
- '%TEMP%\svchost.exe' /pid=0xdcc /log
- '%TEMP%\svchost.exe' /pid=0xe6c /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\App_Code\SecurityPage.cs"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif"
- '%TEMP%\svchost.exe' /pid=0xde0 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_Code\WizardPage.cs"
- '%TEMP%\svchost.exe' /pid=0xf58 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_Code\WebAdminPage.cs"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif"
- '%TEMP%\svchost.exe' /pid=0xd48 /log
- '%TEMP%\svchost.exe' /pid=0xd7c /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_Code\PasswordValueTextBox.cs"
- '%TEMP%\svchost.exe' /pid=0xe0c /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif"
- '%TEMP%\svchost.exe' /pid=0xd50 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif"
- '%TEMP%\svchost.exe' /pid=0xb78 /log
- '%TEMP%\svchost.exe' /pid=0xf3c /log
- '%TEMP%\svchost.exe' /pid=0xee0 /log
- '%TEMP%\svchost.exe' /pid=0x6f0 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\icons\Minimize.gif"
- '%TEMP%\svchost.exe' /pid=0xe18 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\icons\Close.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-up-dis.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-up-hov.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\radio\radio-check.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\scrollbar\slider.gif"
- '%TEMP%\svchost.exe' /pid=0xbe0 /log
- '%TEMP%\svchost.exe' /pid=0xe3c /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\radio\radio-check-dis.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-rit.gif"
- '%TEMP%\svchost.exe' /pid=0xf78 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-lft-sharp.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-lft-sharp-end.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-lft-dis.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-lft-hov.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-rit-sharp-end.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-rit-sharp.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-rit-hov.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-lft.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-rit-dis.gif"
- '%TEMP%\svchost.exe' /pid=0xcd0 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-rit-hov.gif"
- '%TEMP%\svchost.exe' /pid=0xce0 /log
- '%TEMP%\svchost.exe' /pid=0x448 /log
- '%TEMP%\svchost.exe' /pid=0xd34 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-up-dis.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-up-hov.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-rit.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-rit-sharp-end.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-rit-sharp.gif"
- '%TEMP%\svchost.exe' /pid=0xff8 /log
- '%TEMP%\svchost.exe' /pid=0xf38 /log
- '%TEMP%\svchost.exe' /pid=0xf80 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\splitter\grip-left.gif"
- '%TEMP%\svchost.exe' /pid=0xefc /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\splitter\grip-bottom.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-dn-hov.gif"
- '%TEMP%\svchost.exe' /pid=0xfd0 /log
- '%TEMP%\svchost.exe' /pid=0xfac /log
- '%TEMP%\svchost.exe' /pid=0xf8c /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-dn-dis.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-dn.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%CommonProgramFiles%\Microsoft Shared\Stationery\ShadesOfBlue.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%CommonProgramFiles%\Microsoft Shared\Stationery\Small_News.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%CommonProgramFiles%\Microsoft Shared\Stationery\Sand_Paper.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%CommonProgramFiles%\Microsoft Shared\Stationery\Psychedelic.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%CommonProgramFiles%\Microsoft Shared\Stationery\Roses.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%CommonProgramFiles%\Microsoft Shared\Stationery\White_Chocolate.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%CommonProgramFiles%\Microsoft Shared\Stationery\Cave_Drawings.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%CommonProgramFiles%\Microsoft Shared\Stationery\Tanspecks.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%CommonProgramFiles%\Microsoft Shared\Stationery\SoftBlue.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%CommonProgramFiles%\Microsoft Shared\Stationery\Stars.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%CommonProgramFiles%\Microsoft Shared\Stationery\Pretty_Peacock.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%CommonProgramFiles%\Microsoft Shared\Stationery\GreenBubbles.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%CommonProgramFiles%\Microsoft Shared\Stationery\HandPrints.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%CommonProgramFiles%\Microsoft Shared\Stationery\Garden.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%CommonProgramFiles%\Microsoft Shared\Stationery\Bears.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%CommonProgramFiles%\Microsoft Shared\Stationery\Blue_Gradient.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%CommonProgramFiles%\Microsoft Shared\Stationery\Peacock.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%CommonProgramFiles%\Microsoft Shared\Stationery\Pine_Lumber.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%CommonProgramFiles%\Microsoft Shared\Stationery\OrangeCircles.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%CommonProgramFiles%\Microsoft Shared\Stationery\Monet.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%CommonProgramFiles%\Microsoft Shared\Stationery\Notebook.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-dn-hov.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-dn-sharp.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\res\arrowd.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\res\arrow.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%CommonProgramFiles%\Microsoft Shared\Stationery\Wrinkled_Paper.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%CommonProgramFiles%\Services\verisign.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%CommonProgramFiles%\Microsoft Shared\Stationery\Tiki.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%CommonProgramFiles%\Microsoft Shared\Stationery\Connectivity.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%CommonProgramFiles%\Microsoft Shared\Stationery\Stucco.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-up-sharp.gif"
- '%TEMP%\svchost.exe' /pid=0xee4 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\ProgramData\Microsoft\User Account Pictures\user.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\ProgramData\Microsoft\User Account Pictures\guest.bmp"
- '%TEMP%\svchost.exe' /pid=0xe88 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES% (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\1px.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp"
- '%TEMP%\svchost.exe' /pid=0xf54 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp"
- '%TEMP%\svchost.exe' /pid=0x124 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES% (x86)\Common Files\microsoft shared\Stationery\SoftBlue.jpg"
- '%TEMP%\svchost.exe' /pid=0xdac /log
- '%TEMP%\svchost.exe' /pid=0xcd4 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES% (x86)\Common Files\microsoft shared\Stationery\Roses.jpg"
- '%TEMP%\svchost.exe' /pid=0xfec /log
- '%TEMP%\svchost.exe' /pid=0xe40 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES% (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\16-on-black.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES% (x86)\Windows Media Player\Media Renderer\DMR_48.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES% (x86)\Common Files\microsoft shared\Stationery\Stars.jpg"
- '%TEMP%\svchost.exe' /pid=0xdd4 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp"
- '%TEMP%\svchost.exe' /pid=0xf94 /log
- '%TEMP%\svchost.exe' /pid=0xca8 /log
- '%TEMP%\svchost.exe' /pid=0xf28 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile40.bmp"
- '%TEMP%\svchost.exe' /pid=0xd14 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp"
- '%TEMP%\svchost.exe' /pid=0x388 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES% (x86)\Common Files\microsoft shared\Stationery\Peacock.jpg"
- '%TEMP%\svchost.exe' /pid=0xd68 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\toolbar\chevron.gif"
- '%TEMP%\svchost.exe' /pid=0xccc /log
- '%TEMP%\svchost.exe' /pid=0xaa4 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\splitter\grip-right.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\res\table-add-row-after-hover.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\res\table-add-row-after.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\res\table-add-row-after-active.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\res\table-add-column-before-active.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\res\table-add-column-before-hover.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\splitter\grip-left.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\icons\Restore.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\radio\radio-check-dis.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\icons\Minimize.gif"
- '%TEMP%\svchost.exe' /pid=0xea8 /log
- '%TEMP%\svchost.exe' /pid=0xe54 /log
- '%TEMP%\svchost.exe' /pid=0x464 /log
- '%TEMP%\svchost.exe' /pid=0x310 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\scrollbar\slider.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\radio\radio-check.gif"
- '%TEMP%\svchost.exe' /pid=0xc9c /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\Windows Media Player\Network Sharing\wmpnss_color32.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\Windows Media Player\Network Sharing\wmpnss_color48.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\Windows Media Player\Network Sharing\wmpnss_color120.jpg"
- '%TEMP%\svchost.exe' /pid=0xd5c /log
- '%TEMP%\svchost.exe' /pid=0xd54 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES% (x86)\Common Files\microsoft shared\Stationery\OrangeCircles.jpg"
- '%TEMP%\svchost.exe' /pid=0xfa8 /log
- '%TEMP%\svchost.exe' /pid=0xfbc /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssLogo.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\Windows Sidebar\Gadgets\SlideShow.Gadget\images\Tulip.jpg"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\Windows Media Player\Network Sharing\wmpnss_bw32.bmp"
- '%TEMP%\svchost.exe' /pid=0xf48 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\res\table-remove-column-hover.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\res\table-add-row-before.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\res\table-add-row-before-active.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\res\table-add-row-before-hover.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\Windows Media Player\Media Renderer\DMR_48.jpg"
- '%TEMP%\svchost.exe' /pid=0xd24 /log
- '%TEMP%\svchost.exe' /pid=0xc84 /log
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\res\table-remove-column.gif"
- '%TEMP%\svchost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\res\table-remove-row-active.gif"
- '%WINDIR%\SysWOW64\attrib.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_Code\ProvidersPage.cs"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_Code\SecurityPage.cs"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_Code\NavigationBar.cs"
- '%WINDIR%\SysWOW64\attrib.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_Code\PasswordValueTextBox.cs"
- '<SYSTEM32>\conhost.exe' /pid=0xeb4 /log
- '<SYSTEM32>\conhost.exe' /pid=0xe6c /log
- '<SYSTEM32>\conhost.exe' /pid=0xde0 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_Code\WizardPage.cs"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Globalization\MCT\MCT-GB\Wallpaper\GB-wp3.jpg"
- '<SYSTEM32>\conhost.exe' /pid=0xf90 /log
- '<SYSTEM32>\conhost.exe' /pid=0xed4 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Globalization\MCT\MCT-GB\Wallpaper\GB-wp2.jpg"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Globalization\MCT\MCT-ZA\Wallpaper\ZA-wp2.jpg"
- '<SYSTEM32>\conhost.exe' /pid=0xda0 /log
- '<SYSTEM32>\conhost.exe' /pid=0xf94 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Globalization\MCT\MCT-US\Wallpaper\US-wp5.jpg"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\App_Code\NavigationBar.cs"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\App_Code\ProvidersPage.cs"
- '%WINDIR%\SysWOW64\attrib.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif"
- '%WINDIR%\SysWOW64\attrib.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\App_Code\ApplicationConfigurationPage.cs"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif"
- '<SYSTEM32>\conhost.exe' /pid=0xc88 /log
- '<SYSTEM32>\conhost.exe' /pid=0xf08 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif"
- '%WINDIR%\SysWOW64\chcp.com' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif"
- '%WINDIR%\SysWOW64\attrib.exe' /pid=0xcf0 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_1x1.gif"
- '<SYSTEM32>\conhost.exe' /pid=0xec4 /log
- '<SYSTEM32>\conhost.exe' /pid=0xd20 /log
- '<SYSTEM32>\conhost.exe' /pid=0xdcc /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "<LS_APPDATA>\Microsoft\Windows Mail\Stationery\Roses.jpg"
- '%WINDIR%\SysWOW64\chcp.com' --batch --no-verbose -q --encrypt-files -r uncrypt "<LS_APPDATA>\Microsoft\Windows Mail\Stationery\Sand_Paper.jpg"
- '<SYSTEM32>\conhost.exe' /pid=0xe20 /log
- '<SYSTEM32>\conhost.exe' /pid=0xbc8 /log
- '%WINDIR%\SysWOW64\attrib.exe' /pid=0xd24 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "<LS_APPDATA>\Microsoft\Windows Mail\Stationery\Stars.jpg"
- '<SYSTEM32>\conhost.exe' /pid=0xee8 /log
- '<SYSTEM32>\conhost.exe' /pid=0xf4c /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "<LS_APPDATA>\Microsoft\Windows Mail\Stationery\Bears.jpg"
- '<SYSTEM32>\conhost.exe' /pid=0xe84 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "<LS_APPDATA>\Microsoft\Windows Mail\Stationery\Psychedelic.jpg"
- '<SYSTEM32>\conhost.exe' /pid=0x278 /log
- '<SYSTEM32>\conhost.exe' /pid=0xff0 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "<LS_APPDATA>\Microsoft\Windows Mail\Stationery\Pine_Lumber.jpg"
- '%WINDIR%\SysWOW64\attrib.exe' /pid=0xf68 /log
- '%WINDIR%\SysWOW64\attrib.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Globalization\MCT\MCT-AU\Wallpaper\AU-wp4.jpg"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg"
- '<SYSTEM32>\conhost.exe' /pid=0xfe0 /log
- '<SYSTEM32>\conhost.exe' /pid=0xdb0 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Globalization\MCT\MCT-GB\Wallpaper\GB-wp1.jpg"
- '%WINDIR%\SysWOW64\attrib.exe' /pid=0x3d0 /log
- '%WINDIR%\SysWOW64\attrib.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Globalization\MCT\MCT-AU\Wallpaper\AU-wp6.jpg"
- '<SYSTEM32>\conhost.exe' /pid=0xe3c /log
- '<SYSTEM32>\DllHost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "<LS_APPDATA>\Microsoft\Windows Mail\Stationery\Cave_Drawings.gif"
- '<SYSTEM32>\conhost.exe' /pid=0xe0c /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg"
- '<SYSTEM32>\conhost.exe' /pid=0xf14 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\Public\Pictures\Sample Pictures\Desert.jpg"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1029\eula.rtf"
- '<SYSTEM32>\conhost.exe' /pid=0xd58 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1025\eula.rtf"
- '<SYSTEM32>\conhost.exe' /pid=0xcc0 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1035\eula.rtf"
- '<SYSTEM32>\conhost.exe' /pid=0xba0 /log
- '%WINDIR%\SysWOW64\chcp.com' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1030\eula.rtf"
- '<SYSTEM32>\conhost.exe' /pid=0xcd4 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1042\eula.rtf"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1055\eula.rtf"
- '<SYSTEM32>\conhost.exe' /pid=0xdb8 /log
- '%WINDIR%\SysWOW64\attrib.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1041\eula.rtf"
- '<SYSTEM32>\conhost.exe' /pid=0xfe4 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\SplashScreen.bmp"
- '<SYSTEM32>\conhost.exe' /pid=0xf7c /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\3082\eula.rtf"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\2070\eula.rtf"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\3082\eula.rtf"
- '<SYSTEM32>\conhost.exe' /pid=0xef0 /log
- '<SYSTEM32>\conhost.exe' /pid=0xe7c /log
- '<SYSTEM32>\conhost.exe' /pid=0xc98 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "<SYSTEM32>\license.rtf"
- '<SYSTEM32>\conhost.exe' /pid=0xf98 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\security\database\tmp.edb"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1041\eula.rtf"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1042\eula.rtf"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1037\eula.rtf"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1038\eula.rtf"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1044\eula.rtf"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1049\eula.rtf"
- '<SYSTEM32>\conhost.exe' /pid=0xe04 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1043\eula.rtf"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_Code\SecurityPage.cs"
- '<SYSTEM32>\conhost.exe' /pid=0xf64 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_Code\ApplicationConfigurationPage.cs"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg"
- '<SYSTEM32>\conhost.exe' /pid=0xfc8 /log
- '%WINDIR%\SysWOW64\chcp.com' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif"
- '<SYSTEM32>\conhost.exe' /pid=0xc94 /log
- '<SYSTEM32>\conhost.exe' /pid=0x368 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif"
- '<SYSTEM32>\conhost.exe' /pid=0xe1c /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif"
- '<SYSTEM32>\conhost.exe' /pid=0x388 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1028\eula.rtf"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif"
- '<SYSTEM32>\conhost.exe' /pid=0xc9c /log
- '<SYSTEM32>\conhost.exe' /pid=0x4f8 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1035\eula.rtf"
- '<SYSTEM32>\conhost.exe' /pid=0xca0 /log
- '%WINDIR%\SysWOW64\chcp.com' /pid=0xccc /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif"
- '<SYSTEM32>\conhost.exe' /pid=0xcac /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif"
- '<SYSTEM32>\conhost.exe' /pid=0x4b4 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif"
- '<SYSTEM32>\conhost.exe' /pid=0xd00 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\checkbox\cbox-check.gif"
- '<SYSTEM32>\conhost.exe' /pid=0xef8 /log
- '<SYSTEM32>\conhost.exe' /pid=0xe8c /log
- '<SYSTEM32>\DllHost.exe' /pid=0xe6c /log
- '<SYSTEM32>\conhost.exe' /pid=0xf6c /log
- '<SYSTEM32>\conhost.exe' /pid=0xf88 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\console\console-error-caret.gif"
- '<SYSTEM32>\conhost.exe' /pid=0xf1c /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-dn.gif"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-lft-dis.gif"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\console\console-error-dash.gif"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\splitter\grip-top.gif"
- '<SYSTEM32>\conhost.exe' /pid=0xdbc /log
- '<SYSTEM32>\conhost.exe' /pid=0xde4 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-lft-sharp-end.gif"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-lft-sharp.gif"
- '<SYSTEM32>\conhost.exe' /pid=0xcfc /log
- '<SYSTEM32>\conhost.exe' /pid=0xe98 /log
- '<SYSTEM32>\conhost.exe' /pid=0xdd8 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\res\table-add-column-after.gif"
- '<SYSTEM32>\conhost.exe' /pid=0xefc /log
- '<SYSTEM32>\conhost.exe' /pid=0xf00 /log
- '<SYSTEM32>\conhost.exe' /pid=0xbe0 /log
- '<SYSTEM32>\DllHost.exe' /pid=0xec0 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\splitter\grip-bottom.gif"
- '%WINDIR%\SysWOW64\attrib.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\splitter\grip-top.gif"
- '<SYSTEM32>\conhost.exe' /pid=0x598 /log
- '<SYSTEM32>\conhost.exe' /pid=0xfd4 /log
- '<SYSTEM32>\conhost.exe' /pid=0xddc /log
- '%WINDIR%\SysWOW64\attrib.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\res\table-add-column-after-hover.gif"
- '%WINDIR%\SysWOW64\attrib.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\global\tree\columnpicker.gif"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\res\table-add-column-after-active.gif"
- '<SYSTEM32>\conhost.exe' /pid=0xd38 /log
- '<SYSTEM32>\conhost.exe' /pid=0xd5c /log
- '%WINDIR%\SysWOW64\attrib.exe' +r +h "%APPDATA%\Roaming\gnupg"
- '<SYSTEM32>\DllHost.exe' /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
- '<SYSTEM32>\conhost.exe' /pid=0xedc /log
- '<SYSTEM32>\conhost.exe' /pid=0xf04 /log
- '<SYSTEM32>\conhost.exe' /pid=0xe18 /log
- '<SYSTEM32>\conhost.exe' /pid=0xeb8 /log
- '%WINDIR%\SysWOW64\attrib.exe' -s -h -r "%APPDATA%\Roaming\gnupg\*.*"
- '%WINDIR%\SysWOW64\attrib.exe' -s -h -r "%APPDATA%\Roaming\gnupg"
- '%WINDIR%\SysWOW64\cmd.exe' /c ""%TEMP%\csrss.bat" "
- '%WINDIR%\SysWOW64\chcp.com' 1251
- '%WINDIR%\SysWOW64\attrib.exe' +r +h "%APPDATA%\Roaming\gnupg\random_seed"
- '%WINDIR%\SysWOW64\attrib.exe' +r +h "%APPDATA%\Roaming\gnupg\trustdb.gpg"
- '%WINDIR%\SysWOW64\attrib.exe' +r +h "%APPDATA%\Roaming\gnupg\pubring.bak"
- '%WINDIR%\SysWOW64\attrib.exe' +r +h "%APPDATA%\Roaming\gnupg\pubring.gpg"
- '<SYSTEM32>\conhost.exe' /pid=0xf48 /log
- '<SYSTEM32>\conhost.exe' /pid=0xfa0 /log
- '<SYSTEM32>\conhost.exe' /pid=0xed0 /log
- '<SYSTEM32>\conhost.exe' /pid=0xf2c /log
- '%WINDIR%\SysWOW64\attrib.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-up.gif"
- '%WINDIR%\SysWOW64\attrib.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\chrome\toolkit\skin\classic\aero\global\console\console-error-caret.gif"
- '<SYSTEM32>\conhost.exe' /pid=0x6dc /log
- '%WINDIR%\SysWOW64\chcp.com' /pid=0xd50 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp"
- '<SYSTEM32>\conhost.exe' /pid=0xfa8 /log
- '<SYSTEM32>\conhost.exe' /pid=0x434 /log
- '<SYSTEM32>\conhost.exe' /pid=0xe38 /log
- '<SYSTEM32>\conhost.exe' /pid=0xe80 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp"
- '<SYSTEM32>\conhost.exe' /pid=0xecc /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp"
- '<SYSTEM32>\conhost.exe' /pid=0xdf8 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\ProgramData\Microsoft\Windows NT\MSScan\WelcomeScan.jpg"
- '<SYSTEM32>\conhost.exe' /pid=0xcbc /log
- '<SYSTEM32>\conhost.exe' /pid=0xfb4 /log
- '<SYSTEM32>\conhost.exe' /pid=0xf78 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp"
- '<SYSTEM32>\conhost.exe' /pid=0xd7c /log
- '<SYSTEM32>\conhost.exe' /pid=0xfcc /log
- '<SYSTEM32>\conhost.exe' /pid=0x644 /log
- '<SYSTEM32>\conhost.exe' /pid=0xd74 /log
- '<SYSTEM32>\conhost.exe' /pid=0xdc8 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp"
- '<SYSTEM32>\conhost.exe' /pid=0xd4c /log
- '<SYSTEM32>\conhost.exe' /pid=0xd60 /log
- '<SYSTEM32>\conhost.exe' /pid=0x3d0 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\All Users\Microsoft\Windows NT\MSScan\WelcomeScan.jpg"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile40.bmp"
- '<SYSTEM32>\conhost.exe' /pid=0xd9c /log
- '<SYSTEM32>\conhost.exe' /pid=0xdd4 /log
- '%WINDIR%\SysWOW64\attrib.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\All Users\Microsoft\User Account Pictures\user.bmp"
- '<SYSTEM32>\conhost.exe' /pid=0xd24 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "C:\Users\All Users\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp"
- '<SYSTEM32>\conhost.exe' /pid=0xd94 /log
- '<SYSTEM32>\conhost.exe' /pid=0x224 /log
- '<SYSTEM32>\conhost.exe' /pid=0xda4 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\Windows Media Player\Network Sharing\wmpnss_bw48.jpg"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\Windows Media Player\Network Sharing\wmpnss_bw120.jpg"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\Windows Media Player\Network Sharing\wmpnss_bw32.jpg"
- '<SYSTEM32>\conhost.exe' /pid=0xed8 /log
- '<SYSTEM32>\conhost.exe' /pid=0xe2c /log
- '<SYSTEM32>\conhost.exe' /pid=0xe70 /log
- '<SYSTEM32>\conhost.exe' /pid=0xe94 /log
- '<SYSTEM32>\conhost.exe' /pid=0xf44 /log
- '<SYSTEM32>\conhost.exe' /pid=0xcb4 /log
- '<SYSTEM32>\conhost.exe' /pid=0xf18 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\FireFox\res\table-remove-column-active.gif"
- '%WINDIR%\SysWOW64\attrib.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\Windows Media Player\Network Sharing\wmpnss_color32.bmp"
- '%WINDIR%\SysWOW64\attrib.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\Windows Media Player\Network Sharing\wmpnss_color48.bmp"
- '<SYSTEM32>\conhost.exe' /pid=0xfa4 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\Windows Media Player\Network Sharing\wmpnss_bw48.bmp"
- '%WINDIR%\SysWOW64\attrib.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES% (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssLogo.gif"
- '<SYSTEM32>\conhost.exe' /pid=0xe24 /log
- '<SYSTEM32>\conhost.exe' /pid=0xd30 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES% (x86)\Windows Media Player\Media Renderer\DMR_120.jpg"
- '<SYSTEM32>\conhost.exe' /pid=0xf5c /log
- '<SYSTEM32>\conhost.exe' /pid=0xf70 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES% (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\Tulip.jpg"
- '<SYSTEM32>\conhost.exe' /pid=0xdc0 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\16-on-black.gif"
- '<SYSTEM32>\DllHost.exe' /pid=0xf30 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Waitcursor.gif"
- '<SYSTEM32>\conhost.exe' /pid=0xef4 /log
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES% (x86)\Common Files\microsoft shared\Stationery\GreenBubbles.jpg"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES% (x86)\Common Files\Services\verisign.bmp"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES%\Windows Sidebar\Gadgets\Weather.Gadget\images\1px.gif"
- '<SYSTEM32>\conhost.exe' --batch --no-verbose -q --encrypt-files -r uncrypt "%PROGRAM_FILES% (x86)\Common Files\microsoft shared\Stationery\Garden.jpg"
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-up-dis.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-up-hov.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-up-sharp.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-rit.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-rit-hov.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-rit-sharp-end.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-rit-sharp.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-up.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\global\icons\Close.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\global\icons\Minimize.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\global\icons\Restore.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\global\console\console-error-dash.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\global\checkbox\cbox-check-dis.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\global\checkbox\cbox-check.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\global\console\console-error-caret.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-rit-dis.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\aero\global\toolbar\chevron.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\aero\global\tree\columnpicker.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-dn-dis.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\aero\global\splitter\grip-top.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\aero\global\splitter\grip-bottom.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\aero\global\splitter\grip-left.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\aero\global\splitter\grip-right.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-dn-hov.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-lft-sharp-end.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-lft-sharp.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-lft.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-lft-hov.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-dn-sharp.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-dn.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\global\arrow\arrow-lft-dis.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\global\radio\radio-check-dis.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\res\table-add-row-before.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\res\table-remove-column-active.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\res\table-remove-column-hover.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\res\table-add-row-before-hover.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\res\table-add-row-after-hover.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\res\table-add-row-after.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\res\table-add-row-before-active.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\res\table-remove-column.gif.gpg
- C:\ProgramData\Microsoft\User Account Pictures\user.bmp.gpg
- <LS_APPDATA>\VirtualStore\Windows\SoftwareDistribution\DataStore\DataStore.edb.gpg
- <LS_APPDATA>\VirtualStore\Windows\SysWOW64\license.rtf.gpg
- C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\res\table-remove-row-active.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\res\table-remove-row-hover.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\res\table-remove-row.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\res\table-add-row-after-active.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\global\splitter\grip-right.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\global\splitter\grip-top.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\global\toolbar\chevron.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\global\splitter\grip-left.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\global\radio\radio-check.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\global\scrollbar\slider.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\global\splitter\grip-bottom.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\global\tree\columnpicker.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\res\table-add-column-before-active.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\res\table-add-column-before-hover.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\res\table-add-column-before.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\res\table-add-column-after.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\res\grabber.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\res\table-add-column-after-active.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\res\table-add-column-after-hover.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.gpg
- <LS_APPDATA>\VirtualStore\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.gpg
- <LS_APPDATA>\VirtualStore\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.gpg
- <LS_APPDATA>\VirtualStore\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp.gpg
- <Служебный элемент>
- <LS_APPDATA>\VirtualStore\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.gpg
- <LS_APPDATA>\VirtualStore\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp.gpg
- <LS_APPDATA>\VirtualStore\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp.gpg
- <LS_APPDATA>\VirtualStore\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp.gpg
- <LS_APPDATA>\VirtualStore\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp.gpg
- <LS_APPDATA>\VirtualStore\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.gpg
- <LS_APPDATA>\VirtualStore\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.gpg
- <LS_APPDATA>\VirtualStore\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.gpg
- <LS_APPDATA>\VirtualStore\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.gpg
- <LS_APPDATA>\VirtualStore\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.gpg
- %HOMEPATH%\Documents\КАК РАСШИФРОВАТЬ ФАЙЛЫ.TXT
- %TEMP%\gnupg\trustdb.gpg
- %TEMP%\csrss.bat
- %TEMP%\iconv.dll
- %TEMP%\gnupg\random_seed
- %TEMP%\nss20D9.tmp\System.dll
- %TEMP%\gnupg\pubring.bak
- %TEMP%\gnupg\pubring.gpg
- %TEMP%\svchost.exe
- %APPDATA%\Roaming\gnupg\random_seed
- %APPDATA%\Roaming\gnupg\trustdb.gpg
- %HOMEPATH%\Desktop\КАК РАСШИФРОВАТЬ ФАЙЛЫ.TXT
- %APPDATA%\Roaming\gnupg\pubring.gpg
- %TEMP%\uncrypt.t
- %TEMP%\nss20D9.tmp\ExecDos.dll
- %APPDATA%\Roaming\gnupg\pubring.bak
- <LS_APPDATA>\VirtualStore\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-up.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\aero\global\checkbox\cbox-check-dis.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\aero\global\checkbox\cbox-check.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-up-sharp.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-rit.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-up-dis.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-up-hov.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\aero\global\console\console-error-caret.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\aero\global\radio\radio-check-dis.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\aero\global\radio\radio-check.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\aero\global\scrollbar\slider.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\aero\global\icons\Restore.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\aero\global\console\console-error-dash.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\aero\global\icons\Close.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\aero\global\icons\Minimize.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-rit-sharp.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-dn-hov.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-dn-sharp.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-dn.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-dn-dis.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\res\arrow.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\res\arrowd.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-lft-dis.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-rit-dis.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-rit-hov.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-rit-sharp-end.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-lft.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-lft-hov.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-lft-sharp-end.gif.gpg
- <LS_APPDATA>\VirtualStore\Program Files\FireFox\chrome\toolkit\skin\classic\aero\global\arrow\arrow-lft-sharp.gif.gpg
- %APPDATA%\Roaming\gnupg\random_seed
- %APPDATA%\Roaming\gnupg\trustdb.gpg
- %APPDATA%\Roaming\gnupg\pubring.bak
- %APPDATA%\Roaming\gnupg\pubring.gpg
- %TEMP%\gnupg\random_seed
- %TEMP%\gnupg\trustdb.gpg
- %TEMP%\gnupg\pubring.bak
- %TEMP%\gnupg\pubring.gpg