Technical Information
- <Drive name for removable media>:\price.zip
- <Drive name for removable media>:\archer.avi
- <Drive name for removable media>:\region-north-karelia.jpeg
- <Drive name for removable media>:\fiche_inscription_2015.xls
- <Drive name for removable media>:\excel_example.zip
- <Drive name for removable media>:\calculatorworksheet.zip
- <Drive name for removable media>:\flower_trans_matte.wmv
- <Drive name for removable media>:\digest.rdf
- <Drive name for removable media>:\file1.ppt
- <Drive name for removable media>:\investmentbankca_ca8.pem
- <Drive name for removable media>:\etc6_m_1.mov
- <Drive name for removable media>:\trivial-merge.htm
- <Drive name for removable media>:\notepad.exe
- <Drive name for removable media>:\contosoroot_1.cer
- <Drive name for removable media>:\10thingscondoms.pdf
- <Drive name for removable media>:\weeklysheet1215.doc
- <Drive name for removable media>:\nwfieldnotes1966.docx
- <Drive name for removable media>:\disclosuredetails.xlsx
- <Drive name for removable media>:\13.jpg
- <Drive name for removable media>:\contractualdeadlines.zip
- <Drive name for removable media>:\1sm_price.zip
- <Drive name for removable media>:\spib_pima.pdf
- <Drive name for removable media>:\ovp25012015.doc
- <Drive name for removable media>:\productos.xls
- <Drive name for removable media>:\2013_smccc_competition_points_jul2013.xlsx
- <Drive name for removable media>:\4f0bf7ff71f28.jpeg
- <Drive name for removable media>:\about.html
- %HOMEPATH%\desktop\508softwareandos.doc
- %HOMEPATH%\desktop\pushkin.jpeg
- %HOMEPATH%\desktop\holycrosschurchinstructions.docx
- <Current directory>\nw9y5y6n.exe
- %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\enu\jb88_readme.rtf
- %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\plug_ins\annotations\stamps\enu\jb88_readme.rtf
- %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\jb88_readme.rtf
- %ProgramFiles(x86)%\k-lite codec pack\tools\jb88_readme.rtf
- %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\jb88_readme.rtf
- %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\visualbasic\1033\jb88_readme.rtf
- %ProgramFiles(x86)%\microsoft.net\sdk\v1.1\tool developers guide\docs\jb88_readme.rtf
- %ProgramFiles(x86)%\steam\tenfoot\resource\images\jb88_readme.rtf
- %ProgramFiles(x86)%\steam\tenfoot\resource\images\store\jb88_readme.rtf
- C:\users\public\music\sample music\jb88_readme.rtf
- %ProgramFiles(x86)%\steam\tenfoot\resource\images\systemmenu\jb88_readme.rtf
- %ProgramFiles(x86)%\steam\tenfoot\resource\images\welcomeupdates\jb88_readme.rtf
- %ProgramFiles(x86)%\winamp\plugins\milkdrop2\textures\jb88_readme.rtf
- %ProgramFiles(x86)%\winamp\skins\bento\window\jb88_readme.rtf
- %ProgramFiles(x86)%\winamp\skins\big bento\window\jb88_readme.rtf
- %ProgramFiles%\java\jre1.8.0_45\lib\deploy\jb88_readme.rtf
- %ALLUSERSPROFILE%\microsoft\rac\publisheddata\jb88_readme.rtf
- %ALLUSERSPROFILE%\microsoft\rac\statedata\jb88_readme.rtf
- %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\jb88_readme.rtf
- %ProgramFiles(x86)%\steam\tenfoot\resource\images\music\jb88_readme.rtf
- <Current directory>\bad_6dbf72b4fda3b1cf.txt
- C:\far2\addons\jb88_readme.rtf
- <Current directory>\all_dmpfl.fldp
- <Current directory>\log.txt
- %APPDATA%\9rkuto6q.bmp
- %APPDATA%\7stwimwo.bat
- %APPDATA%\e0xf9mye.vbs
- <Current directory>\5equmbls.exe
- <Current directory>\egkmdwfg.bat
- C:\far2\jb88_readme.rtf
- C:\far2\addons\colors\custom_highlighting\jb88_readme.rtf
- C:\far2\plugins\compare\jb88_readme.rtf
- C:\far2\addons\colors\default_highlighting\jb88_readme.rtf
- C:\far2\addons\macros\jb88_readme.rtf
- C:\far2\addons\xlat\jb88_readme.rtf
- C:\far2\documentation\rus\jb88_readme.rtf
- C:\far2\encyclopedia\tap\jb88_readme.rtf
- C:\far2\plugins\arclite\jb88_readme.rtf
- C:\far2\plugins\autowrap\jb88_readme.rtf
- C:\far2\plugins\brackets\jb88_readme.rtf
- C:\far2\plugins\drawline\jb88_readme.rtf
- C:\users\public\pictures\sample pictures\jb88_readme.rtf
- from %APPDATA%\opera software\opera stable\thumbnails.db to %APPDATA%\opera software\opera stable\[jonbrown88@criptext.com].w4ofpksh-kdx2rseq.jb88
- from %APPDATA%\icqm\icq\html\tr\error\exclamation.jpg to %APPDATA%\icqm\icq\html\tr\error\[jonbrown88@criptext.com].tt3u68b9-8tfti1t3.jb88
- from %ProgramFiles(x86)%\steam\tenfoot\resource\images\welcomeupdates\controller_update_gyro_ex_constablebento.jpg to %ProgramFiles(x86)%\steam\tenfoot\resource\images\welcomeupdates\[jonbrown88@criptext.com].fsqm1z1e-92qjkvmw.jb88
- from %APPDATA%\mail.ru\agent\mra\html\pt\error\exclamation.jpg to %APPDATA%\mail.ru\agent\mra\html\pt\error\[jonbrown88@criptext.com].evpqpqzo-jyppqzy1.jb88
- from %ProgramFiles(x86)%\winamp\plugins\milkdrop2\textures\cells.jpg to %ProgramFiles(x86)%\winamp\plugins\milkdrop2\textures\[jonbrown88@criptext.com].hjmwrels-ocievsbo.jb88
- from %APPDATA%\opera software\opera stable\favorites.db to %APPDATA%\opera software\opera stable\[jonbrown88@criptext.com].efi3hp1q-hcnikhus.jb88
- from %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\healthreport.sqlite to %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\[jonbrown88@criptext.com].oaxnfwtp-a9dz1qtz.jb88
- from %ProgramFiles(x86)%\k-lite codec pack\tools\xvid_quant_matrices.zip to %ProgramFiles(x86)%\k-lite codec pack\tools\[jonbrown88@criptext.com].5m3ofs5s-vnf2eocr.jb88
- from %ProgramFiles(x86)%\winamp\plugins\milkdrop2\textures\manyfish.jpg to %ProgramFiles(x86)%\winamp\plugins\milkdrop2\textures\[jonbrown88@criptext.com].iqnkds5g-tjwl3nmc.jb88
- from %ProgramFiles(x86)%\winamp\plugins\milkdrop2\textures\smalltiled_electric_nebula.jpg to %ProgramFiles(x86)%\winamp\plugins\milkdrop2\textures\[jonbrown88@criptext.com].eg8iqmi4-zozihps8.jb88
- from %APPDATA%\thunderbird\profiles\wjj9aet2.default\permissions.sqlite to %APPDATA%\thunderbird\profiles\wjj9aet2.default\[jonbrown88@criptext.com].pqtevbwg-0jmpfg0y.jb88
- from %ProgramFiles(x86)%\winamp\skins\big bento\window\aol_radio_alb_art.jpg to %ProgramFiles(x86)%\winamp\skins\big bento\window\[jonbrown88@criptext.com].2gbagfic-n43twsx3.jb88
- from %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\assemblyinfo.zip to %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\[jonbrown88@criptext.com].yt79qm2x-etjfr2t9.jb88
- from %APPDATA%\opera software\opera stable\storage\ext\sync-login\def\databases\databases.db to %APPDATA%\opera software\opera stable\storage\ext\sync-login\def\databases\[jonbrown88@criptext.com].6ft7r7g4-g2ztm41z.jb88
- from %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\mdiparent.zip to %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\[jonbrown88@criptext.com].viseouw4-fmurgxwp.jb88
- from %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\dataset.zip to %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\[jonbrown88@criptext.com].0xpjqp2z-jx3hctnc.jb88
- from %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\visualbasic\1033\resourceinternal.zip to %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\visualbasic\1033\[jonbrown88@criptext.com].caeamoyy-qzohb4f3.jb88
- from %APPDATA%\icq-profile\base\mra.dbs to %APPDATA%\icq-profile\base\[jonbrown88@criptext.com].1vhisnoj-jyyeszpg.jb88
- from %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\xmlfile.zip to %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\[jonbrown88@criptext.com].oxsnhgi2-f7dqaxvb.jb88
- from %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\settingsinternal.zip to %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\[jonbrown88@criptext.com].9lbooreq-cdcxzozl.jb88
- from %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\visualbasic\1033\form.zip to %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\visualbasic\1033\[jonbrown88@criptext.com].x2oai9hu-vfx0tnh1.jb88
- from %APPDATA%\thunderbird\profiles\wjj9aet2.default\cookies.sqlite to %APPDATA%\thunderbird\profiles\wjj9aet2.default\[jonbrown88@criptext.com].lw0kxhev-4g0wg7kg.jb88
- from %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\visualbasic\1033\usercontrol.zip to %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\visualbasic\1033\[jonbrown88@criptext.com].xembo36o-f7oeqvpu.jb88
- from %APPDATA%\icq-profile\base\opt.dbs to %APPDATA%\icq-profile\base\[jonbrown88@criptext.com].ot04kqln-jxxzsncr.jb88
- from %ProgramFiles%\java\jre1.8.0_45\lib\deploy\ffjcext.zip to %ProgramFiles%\java\jre1.8.0_45\lib\deploy\[jonbrown88@criptext.com].zmitifbw-gooqtvcj.jb88
- from %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\codefile.zip to %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\[jonbrown88@criptext.com].79blvadp-qn8m2coc.jb88
- from %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\visualbasic\1033\dataset.zip to %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\visualbasic\1033\[jonbrown88@criptext.com].otazuimi-nuwbyzt6.jb88
- from %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\appconfig.zip to %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\[jonbrown88@criptext.com].geirphbo-1iiqmhq9.jb88
- from %APPDATA%\icqm\icq\html\de\error\exclamation.jpg to %APPDATA%\icqm\icq\html\de\error\[jonbrown88@criptext.com].dsltjgaq-we8sa0q9.jb88
- from %APPDATA%\mail.ru\agent\mra\html\bg\error\exclamation.jpg to %APPDATA%\mail.ru\agent\mra\html\bg\error\[jonbrown88@criptext.com].hfabzvo0-apjvz1k9.jb88
- from %APPDATA%\mail.ru\agent\mra\html\ua\error\exclamation.jpg to %APPDATA%\mail.ru\agent\mra\html\ua\error\[jonbrown88@criptext.com].tazi7xpa-90svk9jg.jb88
- from %ProgramFiles(x86)%\steam\tenfoot\resource\images\store\holidaysalebg.jpg to %ProgramFiles(x86)%\steam\tenfoot\resource\images\store\[jonbrown88@criptext.com].cwjqwwa6-qz1iwsdq.jb88
- from %APPDATA%\opera software\opera stable\bookmarks.bak to %APPDATA%\opera software\opera stable\[jonbrown88@criptext.com].r1o22fpo-silyskct.jb88
- from %ProgramFiles(x86)%\steam\tenfoot\resource\images\music\placeholder_album3.jpg to %ProgramFiles(x86)%\steam\tenfoot\resource\images\music\[jonbrown88@criptext.com].xylz3lra-bs6yudcp.jb88
- from %ProgramFiles(x86)%\steam\tenfoot\resource\images\generic.jpg to %ProgramFiles(x86)%\steam\tenfoot\resource\images\[jonbrown88@criptext.com].8igzhq09-ed5ae3z4.jb88
- from %APPDATA%\thunderbird\profiles\wjj9aet2.default\cert8.db to %APPDATA%\thunderbird\profiles\wjj9aet2.default\[jonbrown88@criptext.com].q6phuv4u-fptjbkuu.jb88
- from %APPDATA%\thunderbird\profiles\wjj9aet2.default\webappsstore.sqlite to %APPDATA%\thunderbird\profiles\wjj9aet2.default\[jonbrown88@criptext.com].diew8a9w-a6dsbe7t.jb88
- from %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\class.zip to %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\[jonbrown88@criptext.com].cqqg8fcg-n0oof4el.jb88
- from %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\resourceinternal.zip to %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\[jonbrown88@criptext.com].8jbgaj8e-l1xwjibr.jb88
- from %APPDATA%\thunderbird\profiles\wjj9aet2.default\key3.db to %APPDATA%\thunderbird\profiles\wjj9aet2.default\[jonbrown88@criptext.com].vs20zxro-tcnwjtgo.jb88
- from %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\visualbasic\1033\assemblyinfointernal.zip to %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\visualbasic\1033\[jonbrown88@criptext.com].24rvmvc0-1izu6pp0.jb88
- from %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\secmod.db to %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\[jonbrown88@criptext.com].ue5f6era-sgvj1xzp.jb88
- from %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\visualbasic\1033\mdiparent.zip to %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\visualbasic\1033\[jonbrown88@criptext.com].mbgwydpw-gokpzzmj.jb88
- from %ProgramFiles(x86)%\microsoft.net\sdk\v1.1\tool developers guide\docs\declarativesecuritysupport.doc to %ProgramFiles(x86)%\microsoft.net\sdk\v1.1\tool developers guide\docs\[jonbrown88@criptext.com].sl6geoud-4erpemhl.jb88
- from %APPDATA%\thunderbird\profiles\wjj9aet2.default\secmod.db to %APPDATA%\thunderbird\profiles\wjj9aet2.default\[jonbrown88@criptext.com].ahrg8qjz-syt7yb5z.jb88
- from %ProgramFiles(x86)%\microsoft.net\sdk\v1.1\tool developers guide\docs\partition v annexes.doc to %ProgramFiles(x86)%\microsoft.net\sdk\v1.1\tool developers guide\docs\[jonbrown88@criptext.com].nfmyni97-pnhcemkw.jb88
- from %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\pdfsigqformalrep.pdf to %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\[jonbrown88@criptext.com].ysnxfeho-vdct6sur.jb88
- from %APPDATA%\thunderbird\profiles\wjj9aet2.default\blist.sqlite to %APPDATA%\thunderbird\profiles\wjj9aet2.default\[jonbrown88@criptext.com].k82mieks-vunylno3.jb88
- from %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\aboutbox.zip to %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\[jonbrown88@criptext.com].kzdmx6nn-5zjfwhsj.jb88
- from %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\emptydatabase.zip to %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\[jonbrown88@criptext.com].yc1akav1-myczfzii.jb88
- from %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\edit_pdf_poster2x.jpg to %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\images\[jonbrown88@criptext.com].3wrkpnb9-7midotcc.jb88
- from %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\textfile.zip to %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\[jonbrown88@criptext.com].s4tfc6ed-8rozyu6w.jb88
- from %ProgramFiles(x86)%\steam\tenfoot\resource\images\music\placeholder_album8.jpg to %ProgramFiles(x86)%\steam\tenfoot\resource\images\music\[jonbrown88@criptext.com].wc8pjs85-lssnaefk.jb88
- from %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\visualbasic\1033\dialog.zip to %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\visualbasic\1033\[jonbrown88@criptext.com].r0fryzfy-rx3gw1os.jb88
- from %ProgramFiles(x86)%\steam\tenfoot\resource\images\systemmenu\capsule_04.jpg to %ProgramFiles(x86)%\steam\tenfoot\resource\images\systemmenu\[jonbrown88@criptext.com].i0h246ni-c2gownha.jb88
- from %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\visualbasic\1033\settingsinternal.zip to %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\visualbasic\1033\[jonbrown88@criptext.com].rzlnoxbw-7m3gpxmy.jb88
- from %APPDATA%\opera software\opera stable\databases\databases.db to %APPDATA%\opera software\opera stable\databases\[jonbrown88@criptext.com].yvydfrli-wh7juwmy.jb88
- from %ProgramFiles(x86)%\steam\tenfoot\resource\images\welcomeupdates\controller_update_moystick.jpg to %ProgramFiles(x86)%\steam\tenfoot\resource\images\welcomeupdates\[jonbrown88@criptext.com].cswlsrre-erhonfgq.jb88
- from %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.sqlite to %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\storage\permanent\moz-safe-about+home\idb\[jonbrown88@criptext.com].arxbcgpo-6gkjrnuj.jb88
- from %ProgramFiles(x86)%\winamp\plugins\milkdrop2\textures\image415.jpg to %ProgramFiles(x86)%\winamp\plugins\milkdrop2\textures\[jonbrown88@criptext.com].ehdf6azs-83agngq0.jb88
- from %APPDATA%\opera software\opera stable\session.db to %APPDATA%\opera software\opera stable\[jonbrown88@criptext.com].qvmmihrx-jzj6fef4.jb88
- from %ProgramFiles(x86)%\winamp\plugins\milkdrop2\textures\seaweed.jpg to %ProgramFiles(x86)%\winamp\plugins\milkdrop2\textures\[jonbrown88@criptext.com].oj2inupn-qemfezdc.jb88
- from %ProgramFiles(x86)%\microsoft.net\sdk\v1.1\tool developers guide\docs\metadata unmanaged api.doc to %ProgramFiles(x86)%\microsoft.net\sdk\v1.1\tool developers guide\docs\[jonbrown88@criptext.com].ofktebil-lg25q1pz.jb88
- from %ProgramFiles(x86)%\winamp\skins\bento\window\aol_radio_alb_art.jpg to %ProgramFiles(x86)%\winamp\skins\bento\window\[jonbrown88@criptext.com].vmgrzof8-vvx1gt6o.jb88
- from %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\plug_ins\annotations\stamps\enu\standardbusiness.pdf to %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\plug_ins\annotations\stamps\enu\[jonbrown88@criptext.com].swq26ofs-z30vl4n1.jb88
- from %APPDATA%\mra\base\mra.dbs to %APPDATA%\mra\base\[jonbrown88@criptext.com].iv4eul8c-my1r7n22.jb88
- from %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\form.zip to %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\[jonbrown88@criptext.com].oyi0fhul-x5jw0jcn.jb88
- http://at#.#konz.org/addrec.php?ap##########################################################################
- http://at#.#konz.org/addrec.php?ap##########################################################################################
- http://at#.#konz.org/addrec.php?ap###############################################################################################
- DNS ASK at#.#konz.org
- '<Current directory>\nw9y5y6n.exe' -n
- '%WINDIR%\syswow64\cmd.exe' /C copy /V /Y "<Full path to file>" "<Current directory>\NW9Y5Y6n.exe"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C reg add "HKCU\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d "%APPDATA%\9rKuTO6q.bmp" /f & reg add "HKCU\Control Panel\Desktop" /v WallpaperStyle /t REG_SZ /d "0" /f & reg add "HKCU\Contro...' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C wscript //B //Nologo "%APPDATA%\E0Xf9Mye.vbs"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""<Current directory>\egKMdWFg.bat" "%APPDATA%\Mozilla\Firefox\Profiles\gn7ryp3k.default\cert8.db""' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""<Current directory>\egKMdWFg.bat" "%APPDATA%\Mozilla\Firefox\Profiles\gn7ryp3k.default\key3.db""' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""<Current directory>\egKMdWFg.bat" "%APPDATA%\Mozilla\Firefox\Profiles\gn7ryp3k.default\places.sqlite""' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""<Current directory>\egKMdWFg.bat" "%APPDATA%\Mozilla\Firefox\Profiles\gn7ryp3k.default\webappsstore.sqlite""' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""<Current directory>\egKMdWFg.bat" "%APPDATA%\Mozilla\Firefox\Profiles\gn7ryp3k.default\content-prefs.sqlite""' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C copy /V /Y "<Full path to file>" "<Current directory>\NW9Y5Y6n.exe"
- '%WINDIR%\syswow64\cmd.exe' /C reg add "HKCU\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d "%APPDATA%\9rKuTO6q.bmp" /f & reg add "HKCU\Control Panel\Desktop" /v WallpaperStyle /t REG_SZ /d "0" /f & reg add "HKCU\Contro...
- '%WINDIR%\syswow64\cmd.exe' /C wscript //B //Nologo "%APPDATA%\E0Xf9Mye.vbs"
- '%WINDIR%\syswow64\cmd.exe' /c ""<Current directory>\egKMdWFg.bat" "%APPDATA%\Mozilla\Firefox\Profiles\gn7ryp3k.default\cert8.db""
- '%WINDIR%\syswow64\cmd.exe' /c ""<Current directory>\egKMdWFg.bat" "%APPDATA%\Mozilla\Firefox\Profiles\gn7ryp3k.default\key3.db""
- '%WINDIR%\syswow64\cmd.exe' /c ""<Current directory>\egKMdWFg.bat" "%APPDATA%\Mozilla\Firefox\Profiles\gn7ryp3k.default\places.sqlite""
- '%WINDIR%\syswow64\cmd.exe' /c ""<Current directory>\egKMdWFg.bat" "%APPDATA%\Mozilla\Firefox\Profiles\gn7ryp3k.default\webappsstore.sqlite""
- '%WINDIR%\syswow64\cmd.exe' /c ""<Current directory>\egKMdWFg.bat" "%APPDATA%\Mozilla\Firefox\Profiles\gn7ryp3k.default\content-prefs.sqlite""