Technical Information
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] '<File name>' = '<LS_APPDATA>\<File name>.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '<File name>' = '<LS_APPDATA>\<File name>.exe'
- %APPDATA%\microsoft\windows\start menu\programs\startup\<File name>.exe
- [<HKLM>\System\CurrentControlSet\Services\IKEEXT] 'Start' = '00000002'
- <Drive name for removable media>:\delete.avi.id[923e3c7f-2315].[decrypt@files.mn].banks
- <Drive name for removable media>:\split.avi.id[923e3c7f-2315].[decrypt@files.mn].banks
- <Drive name for removable media>:\dashborder_144.bmp.id[923e3c7f-2315].[decrypt@files.mn].banks
- <Drive name for removable media>:\dialmap.bmp.id[923e3c7f-2315].[decrypt@files.mn].banks
- <Drive name for removable media>:\dashborder_120.bmp.id[923e3c7f-2315].[decrypt@files.mn].banks
- <Drive name for removable media>:\default.bmp.id[923e3c7f-2315].[decrypt@files.mn].banks
- <Drive name for removable media>:\contoso_1.cer.id[923e3c7f-2315].[decrypt@files.mn].banks
- <Drive name for removable media>:\contosoroot.cer.id[923e3c7f-2315].[decrypt@files.mn].banks
- <Drive name for removable media>:\pmd.cer.id[923e3c7f-2315].[decrypt@files.mn].banks
- <Drive name for removable media>:\testcertificate.cer.id[923e3c7f-2315].[decrypt@files.mn].banks
- <Drive name for removable media>:\508softwareandos.doc.id[923e3c7f-2315].[decrypt@files.mn].banks
- [<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- '<SYSTEM32>\netsh.exe' firewall set opmode mode=disable
- <LS_APPDATA>\<File name>.exe
- C:\far2\addons\xlat\russian\descript.ion.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\xlat\russian\ctrlshiftx.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\xlat\russian\ctrlr.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\xlat\russian\apps.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\xlat\russian\altr.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\xlat\descript.ion.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\shell\farhere.inf.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\shell\descript.ion.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\setup\windowsgui.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\setup\executor_cmd.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\setup\executor_4nt.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\setup\descript.ion.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\setup\default165.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\xlat\russian\qwerty.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\readme.txt.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\view_space.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\view_shiftinssearch.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\view_pgdn.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\view_nextprevfile.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\view_ctrlupdown.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\shifttab.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\shiftf1.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\shiftbs.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\panel_spacetoselect.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\panel_selectfromclipboard.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\panel_numpad.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\panel_mousewheeltilt.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\panel_lynx_mot.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\wheelscreenswitch.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\encyclopedia\tap\12_r0m.tap.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\fexcept\changelog.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\clearpluginscache.cmd.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\farspa.lng.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\farrus.lng.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\farrus.hlf.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\farpol.lng.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\farhun.lng.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\farhun.hlf.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\farger.lng.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\fareng.lng.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\fareng.hlf.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\farcze.lng.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\far.map.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\far.exe.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\encyclopedia\tap\code.idb.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\panel_jumptoselectedfile.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\encyclopedia\tap\code.bin.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\encyclopedia\farencyclopedia_ru.chm.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\documentation\rus\techinfo.txt.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\documentation\rus\plugins_review.txt.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\documentation\rus\plugins_install.txt.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\documentation\rus\far_faq.txt.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\documentation\rus\bug_report.txt.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\documentation\rus\arc_support.txt.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\documentation\eng\techinfo.txt.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\documentation\eng\plugins_review.txt.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\documentation\eng\plugins_install.txt.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\documentation\eng\far_faq.txt.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\documentation\eng\bug_report.txt.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\documentation\eng\arc_support.txt.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\changelog.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\changelog_eng.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\panel_esc.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\colors\default_highlighting\rodion_doroshkevich.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\colors\default_highlighting\hell.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\colors\default_highlighting\greenmile.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\colors\default_highlighting\farcolors242.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\colors\default_highlighting\dn_like.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\colors\default_highlighting\descript.ion.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\colors\default_highlighting\colors_from_sadovoj.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\colors\default_highlighting\colors_from_gernichenko.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\colors\default_highlighting\colors_from_admin_essp_ru.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\colors\default_highlighting\black_from_myodov.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\colors\default_highlighting\black_from_july.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\colors\default_highlighting\black_from_fonarev.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\colors\custom_highlighting\vaxcolors.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\colors\custom_highlighting\rodion_doroshkevich.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\colors\default_highlighting\import_colors.bat.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\colors\custom_highlighting\nc5pal2.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\colors\custom_highlighting\hell.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\colors\custom_highlighting\greenmile.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\colors\custom_highlighting\farcolors242.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\colors\custom_highlighting\dn_like.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\colors\custom_highlighting\descript.ion.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\colors\custom_highlighting\colors_from_sadovoj.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\colors\custom_highlighting\colors_from_gernichenko.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\colors\custom_highlighting\colors_from_admin_essp_ru.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\colors\custom_highlighting\black_from_myodov.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- D:\$recycle.bin\s-1-5-21-1960123792-2022915161-3775307078-1001\desktop.ini.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\colors\custom_highlighting\black_from_fonarev.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\$recycle.bin\s-1-5-21-1960123792-2022915161-3775307078-1001\desktop.ini.id[923e3c7f-2315].[decrypt@files.mn].banks
- %PROGRAMDATA%\microsoft\windows\start menu\programs\startup\<File name>.exe
- C:\far2\addons\colors\custom_highlighting\import_colors.bat.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\edit_saveandexit.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\panel_ctrlshiftpgupdn.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\colors\default_highlighting\vaxcolors.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\panel_ctrlshiftbackslash.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\panel_ctrlright.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\panel_ctrlq.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\panel_ctrlleft.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\panel_ctrlins__.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\panel_bs.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\panel_apps.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\panel_altbs.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\openinglastfile.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\macroconsts.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\f9table.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\f9deactivatemenu.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\f3.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\panel_del.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\edit_savefile.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\edit_notepad.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\dialog_altdown.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\descript.ion.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\ctrlf10.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\ctrldel.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\altx.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\altsearch.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\altscreens.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\macros\altmenu.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\descript.ion.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\colors\import_colors.bat.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\colors\export_colors.bat.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\colors\descript.ion.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\addons\colors\default_highlighting\nc5pal2.reg.id[923e3c7f-2315].[decrypt@files.mn].banks
- C:\far2\fexcept\demangle32.dll.id[923e3c7f-2315].[decrypt@files.mn].banks
- from %ProgramFiles%\microsoft office\office14\accwiz\acwzlib.accde to %ProgramFiles%\microsoft office\office14\accwiz\acwzlib.accde.id[923e3c7f-2315].[decrypt@files.mn].banks
- from %ProgramFiles%\microsoft office\office14\accwiz\acwztool.accde to %ProgramFiles%\microsoft office\office14\accwiz\acwztool.accde.id[923e3c7f-2315].[decrypt@files.mn].banks
- from %ProgramFiles%\microsoft office\office14\accwiz\acwzmain.accde to %ProgramFiles%\microsoft office\office14\accwiz\acwzmain.accde.id[923e3c7f-2315].[decrypt@files.mn].banks
- '<SYSTEM32>\cmd.exe' ' (with hidden window)
- '<SYSTEM32>\cmd.exe'
- '<SYSTEM32>\netsh.exe' advfirewall set currentprofile state off