Technical Information
- 'c:\tmp\aescrypt.exe' /pid=3436
- 'c:\tmp\aescrypt.exe' 1251
- 'C:\tmp\zap.exe' /c ""%CommonProgramFiles%\microsoft shared\ink\fsdefinitions\keypad.xml.bat""
- 'c:\tmp\aescrypt.exe' /c xxx.bat
- 'c:\tmp\aescrypt.exe' /pid=3024
- 'c:\tmp\aescrypt.exe' /pid=3080
- 'c:\tmp\aescrypt.exe' /c ""%CommonProgramFiles%\microsoft shared\ink\fsdefinitions\main\base_heb.xml.bat""
- 'c:\tmp\aescrypt.exe' /c ""%CommonProgramFiles%\microsoft shared\ink\Alphabet.xml.bat""
- 'c:\tmp\attrib.exe'
- 'c:\tmp\hello.exe'
- 'C:\tmp\zap.exe'
- 'c:\tmp\moar.exe'
- 'c:\tmp\aescrypt.exe' /pid=2912
- 'c:\tmp\aescrypt.exe' -e -p0jb9g3H08X5Hy19I26201i7C9e7869zij22GQ4162r6862f8S7V5v1SE774203T8 -oc:\tmp\kisa c:\tmp\kiskis
- 'c:\tmp\bmrsa.exe' -mkh -mit -moh -pu -f public.txt
- '<SYSTEM32>\chcp.com' /pid=332
- '<SYSTEM32>\cmd.exe' /c ""%CommonProgramFiles%\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.bat""
- '<SYSTEM32>\conhost.exe' /pid=3584
- '<SYSTEM32>\conhost.exe' /pid=2876
- '<SYSTEM32>\conhost.exe' /pid=3776
- '<SYSTEM32>\conhost.exe' /pid=3804
- '<SYSTEM32>\chcp.com' /pid=672
- '<SYSTEM32>\conhost.exe' /c ""%CommonProgramFiles%\microsoft shared\ink\fsdefinitions\keypad\ea.xml.bat""
- '<SYSTEM32>\conhost.exe' /pid=3128
- '<SYSTEM32>\cmd.exe' /c ""%CommonProgramFiles%\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml.bat""
- '<SYSTEM32>\chcp.com' -e -p0jb9g3H08X5Hy19I26201i7C9e7869zij22GQ4162r6862f8S7V5v1SE774203T8 -oc:\tmp\kisa c:\tmp\kiskis
- '<SYSTEM32>\chcp.com' /pid=3020
- '<SYSTEM32>\chcp.com' /pid=3460
- '<SYSTEM32>\conhost.exe' /pid=3368
- '<SYSTEM32>\conhost.exe' /c ""%CommonProgramFiles%\microsoft shared\ink\fsdefinitions\auxpad.xml.bat""
- '<SYSTEM32>\conhost.exe' /c ""%CommonProgramFiles%\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.bat""
- '<SYSTEM32>\chcp.com' /pid=2820
- '<SYSTEM32>\chcp.com' /pid=4080
- '<SYSTEM32>\chcp.com' /c ""%CommonProgramFiles%\microsoft shared\ink\fsdefinitions\main\base_kor.xml.bat""
- '<SYSTEM32>\conhost.exe' /c ""%CommonProgramFiles%\microsoft shared\ink\fsdefinitions\main\base_rtl.xml.bat""
- '<SYSTEM32>\conhost.exe' /pid=3600
- '<SYSTEM32>\conhost.exe' /pid=588
- '<SYSTEM32>\cmd.exe' /c ""%CommonProgramFiles%\microsoft shared\ink\fsdefinitions\main\base_ca.xml.bat""
- '<SYSTEM32>\cmd.exe' /c ""%CommonProgramFiles%\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.bat""
- '<SYSTEM32>\cmd.exe' /c ""%CommonProgramFiles%\microsoft shared\ink\fsdefinitions\main\base.xml.bat""
- '<SYSTEM32>\conhost.exe' /pid=1324
- '<SYSTEM32>\conhost.exe' /pid=3560
- '<SYSTEM32>\conhost.exe' /pid=2928
- '<SYSTEM32>\chcp.com' /pid=3564
- '<SYSTEM32>\conhost.exe' /pid=3632
- '<SYSTEM32>\cmd.exe' /c C:\Far2\Documentation\eng\Plugins.Install.txt.bat
- '<SYSTEM32>\cmd.exe' /c C:\Far2\Documentation\eng\Far.FAQ.txt.bat
- '<SYSTEM32>\cmd.exe' /c C:\Far2\Documentation\eng\Bug.Report.txt.bat
- '<SYSTEM32>\cmd.exe' /c C:\Far2\Documentation\eng\Plugins.Review.txt.bat
- '<SYSTEM32>\cmd.exe' /c C:\Far2\Documentation\rus\Arc.Support.txt.bat
- '<SYSTEM32>\cmd.exe' /c C:\Far2\Documentation\eng\TechInfo.txt.bat
- '<SYSTEM32>\conhost.exe' /pid=3996
- '<SYSTEM32>\cmd.exe' /c C:\Far2\Documentation\eng\Arc.Support.txt.bat
- '<SYSTEM32>\PING.EXE' -n 75 -w 1000 127.0.0.1
- '<SYSTEM32>\cmd.exe' /c windrv.bat
- '<SYSTEM32>\cmd.exe' /c zap.bat
- '<SYSTEM32>\cmd.exe' /c a.bat
- '<SYSTEM32>\chcp.com' 1251
- '<SYSTEM32>\cmd.exe' /c C:\Far2\Addons\README.TXT.bat
- '<SYSTEM32>\cmd.exe' /c xxx.bat
- '<SYSTEM32>\cmd.exe' /c C:\Far2\Plugins\FTP\Notes_rus.txt.bat
- '<SYSTEM32>\conhost.exe' /pid=2820
- '<SYSTEM32>\conhost.exe' /pid=3916
- '<SYSTEM32>\conhost.exe' /pid=2844
- '<SYSTEM32>\conhost.exe' /pid=3068
- '<SYSTEM32>\conhost.exe' /c xxx.bat
- '<SYSTEM32>\conhost.exe' /pid=580
- '<SYSTEM32>\conhost.exe' /c C:\Far2\Plugins\FTP\FtpCmds_rus.txt.bat
- '<SYSTEM32>\conhost.exe' -e -p0jb9g3H08X5Hy19I26201i7C9e7869zij22GQ4162r6862f8S7V5v1SE774203T8 -oc:\tmp\kisa c:\tmp\kiskis
- '<SYSTEM32>\PING.EXE' /pid=3168
- '<SYSTEM32>\cmd.exe' /c C:\Far2\Documentation\rus\Far.FAQ.txt.bat
- '<SYSTEM32>\cmd.exe' /c C:\Far2\Documentation\rus\Plugins.Install.txt.bat
- '<SYSTEM32>\cmd.exe' /c C:\Far2\Plugins\FTP\FtpCmds.txt.bat
- '<SYSTEM32>\cmd.exe' /c C:\Far2\Documentation\rus\TechInfo.txt.bat
- '<SYSTEM32>\conhost.exe' 1251
- C:\Far2\Addons\!!!Фaйлы зaшифpoвaнны!!!.txt
- C:\Far2\Documentation\eng\!!!Фaйлы зaшифpoвaнны!!!.txt
- C:\Far2\Documentation\rus\!!!Фaйлы зaшифpoвaнны!!!.txt
- C:\tmp\rsa.000
- C:\tmp\kiskis
- C:\tmp\kisa
- %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\!!!Фaйлы зaшифpoвaнны!!!.txt
- %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\keypad\!!!Фaйлы зaшифpoвaнны!!!.txt
- %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\main\!!!Фaйлы зaшифpoвaнны!!!.txt
- C:\Far2\Plugins\FTP\!!!Фaйлы зaшифpoвaнны!!!.txt
- %CommonProgramFiles%\microsoft shared\ink\!!!Фaйлы зaшифpoвaнны!!!.txt
- %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\auxpad\!!!Фaйлы зaшифpoвaнны!!!.txt
- C:\tmp\a.bat
- C:\tmp\hello.exe
- C:\tmp\moar.exe
- C:\tmp\windrv.bat
- C:\tmp\aescrypt.exe
- C:\tmp\attrib.exe
- C:\tmp\bmrsa.exe
- C:\tmp\wind.crp
- C:\tmp\public.txt
- C:\tmp\pwin.aes
- C:\tmp\xxx.bat
- C:\tmp\zap.bat
- C:\tmp\zap.exe
- C:\Far2\Documentation\rus\Bug.Report.txt.bat
- C:\tmp\kiskis
- C:\Far2\Plugins\FTP\FtpCmds_rus.txt.bat
- C:\Far2\Documentation\rus\Plugins.Review.txt.bat
- C:\tmp\public.txt
- C:\tmp\pwin.aes
- C:\tmp\bmrsa.exe
- C:\tmp\a.bat
- from C:\tmp\kisa to %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\auxpad.xml_crypt
- from C:\tmp\kisa to %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml_crypt
- from C:\tmp\kisa to %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml_crypt
- from C:\tmp\kisa to %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\keypad\ea.xml_crypt
- from C:\tmp\kisa to C:\Far2\Plugins\FTP\Notes_rus.txt_crypt
- from C:\tmp\kisa to C:\Far2\Plugins\FTP\Notes.txt_crypt
- from C:\tmp\kisa to %CommonProgramFiles%\microsoft shared\ink\Content.xml_crypt
- from C:\tmp\kisa to %CommonProgramFiles%\microsoft shared\ink\Alphabet.xml_crypt
- from C:\tmp\kisa to %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml_crypt
- from C:\tmp\kisa to %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\main\base_heb.xml_crypt
- from C:\tmp\kisa to %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\main\base_ca.xml_crypt
- from C:\tmp\kisa to %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\main\base_kor.xml_crypt
- from C:\tmp\kisa to %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\main\base_jpn.xml_crypt
- from C:\tmp\kisa to %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\main\base.xml_crypt
- from C:\tmp\kisa to %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\keypad.xml_crypt
- from C:\tmp\kisa to %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\main\base_altgr.xml_crypt
- from C:\tmp\kisa to %CommonProgramFiles%\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml_crypt
- from C:\tmp\kisa to C:\Far2\Documentation\eng\Far.FAQ.txt_crypt
- from C:\tmp\kisa to C:\Far2\Documentation\eng\Bug.Report.txt_crypt
- from C:\tmp\kisa to C:\Far2\Documentation\eng\Plugins.Review.txt_crypt
- from C:\tmp\kisa to C:\Far2\Documentation\eng\Plugins.Install.txt_crypt
- from C:\tmp\kisa to C:\DbgLog.log_crypt
- from C:\tmp\kisa to C:\all_services.txt_crypt
- from C:\tmp\kisa to C:\Far2\Documentation\eng\Arc.Support.txt_crypt
- from C:\tmp\kisa to C:\Far2\Addons\README.TXT_crypt
- from C:\tmp\kisa to C:\Far2\Documentation\eng\TechInfo.txt_crypt
- from C:\tmp\kisa to C:\Far2\Documentation\rus\TechInfo.txt_crypt
- from C:\tmp\kisa to C:\Far2\Documentation\rus\Plugins.Review.txt_crypt
- from C:\tmp\kisa to C:\Far2\Plugins\FTP\FtpCmds_rus.txt_crypt
- from C:\tmp\kisa to C:\Far2\Plugins\FTP\FtpCmds.txt_crypt
- from C:\tmp\kisa to C:\Far2\Documentation\rus\Bug.Report.txt_crypt
- from C:\tmp\kisa to C:\Far2\Documentation\rus\Arc.Support.txt_crypt
- from C:\tmp\kisa to C:\Far2\Documentation\rus\Plugins.Install.txt_crypt
- from C:\tmp\kisa to C:\Far2\Documentation\rus\Far.FAQ.txt_crypt
- ClassName: 'OleMainThreadWndClass' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'