Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.ProcessCritical

PUP.ProcessCritical

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.ProcessCritical
Signature status: No Signature

Known Samples

MD5: 9e30abf10f67dddf1e5f1e295ae3eb82
SHA1: db65567c15aedf84ebc43c620f46fdbab8336810
File Size: 2.41 MB, 2407936 bytes
MD5: 297421a83d0a31962777cc52e58b24bc
SHA1: 947244743498cc8494a163cc83959cfe06442683
File Size: 2.41 MB, 2408448 bytes
MD5: 34296e3f269946dedb5650728bfd3f33
SHA1: cae6f2bed9b68033dfeb03f9ffcc537d236aab90
File Size: 2.41 MB, 2409472 bytes
MD5: d4efe7aa88c352c3cb0cfa3be58cbfaa
SHA1: 9038adcf04fbfc8bd53fd5a9bf4c8f14283ddcbf
File Size: 2.41 MB, 2409472 bytes
MD5: aef57fbcec514e87ca25a5ace74ff1b4
SHA1: 5c26372126a6816ea675727469d6684367b9f8e4
File Size: 2.10 MB, 2100736 bytes
Show More
MD5: c7934d2714e25aa190e4d3955d8e8d12
SHA1: ea4db4370c1c1ad6535758126da739815461f17b
File Size: 2.41 MB, 2409472 bytes
MD5: dbc23e1e3617ed243d395524a7aadab0
SHA1: 7eb07e982109132c75d76901884afcd57694d536
File Size: 2.10 MB, 2100736 bytes
MD5: fb77c3107f2b216438adb407ecc5b03f
SHA1: 8cb28895451a419c9462338fbb3cebcfb0f73680
File Size: 2.41 MB, 2409472 bytes
MD5: 0af7843ea02d195fae8762a3c4748607
SHA1: 56a84a8043ad7da01401b667c0addf9b23e40f68
SHA256: D02012C40007D75847859E68A9EF212443FA130E88DAAA7949E66651DCB5A3D2
File Size: 2.41 MB, 2409472 bytes
MD5: 99bb70f134318f6149f25cc07a68f3a4
SHA1: 3ad408a896feb19d06b49ec3731f2251bb8acb34
SHA256: 1A75BFD9107CBFDF657385A678EBF70B1A018427D7B033D22227264DCAA1CD51
File Size: 2.10 MB, 2101248 bytes
MD5: aa5330a4847c13ad0d1aae53a9ee5d6d
SHA1: 535338fdf602c014524465d8e95dd8a6025fb857
SHA256: 7F1188C132774ECBDC43C8C11098D2D9AB40B11BB3AE7BDEB6A72EF40154D198
File Size: 2.41 MB, 2409472 bytes
MD5: 82ede709471f5a8f6904d56647f9fe2f
SHA1: 8f451c7037e95957bfae41175c34d6a8edea6a4e
SHA256: 86D541E025E61C69537526B0E2294BF65FD6FF1CF4C4975D586B1E442978CBD1
File Size: 2.41 MB, 2409472 bytes
MD5: 978682e282fff796b7c37481a562923b
SHA1: b5451f0459ec23f680033d6ba85abe9a721bf027
SHA256: BA9F6FD4CDB824B6546F92829B00A93705B25FD9F9BBF84A007D238FC70C8CA8
File Size: 2.10 MB, 2101248 bytes
MD5: e40ebb3f16277bfc174e3637fade85d1
SHA1: a3d0b946d87584af454b474b6a996a6503d2def6
SHA256: A20F7B0F264BB2CC7E65B1756E3DF48FBA2F0EB4151F8E1BD3ECB276E37BC7AB
File Size: 2.41 MB, 2409472 bytes
MD5: 0e3b83cb10f34d1f6d7cf87c8e97096e
SHA1: b80149d61b028e53ca5c462b4ce6b0890e6d4465
SHA256: BABAA40971C9D26449AF59F7EE7D4B7325F49C2D6AB953AA760EB84FCB800907
File Size: 2.41 MB, 2409984 bytes
MD5: 6bf981a752f3565ad87edc4b95316f92
SHA1: 3b77090eeb78fe6f8226b398991eb0c5c4738d66
SHA256: CB50A6AA30BF0AFE884C4D1F6E0DBB8CD5639F95CD45A91D3EEA9D84A50855CE
File Size: 2.41 MB, 2409984 bytes
MD5: 768beea668cdfa4a96aac3be9dc9c3b7
SHA1: 0f28b8257fb40ebe67acbec6cdb2368c1a4378bc
SHA256: F16A4F0CAF4D0A0B237EE74AD858F14AE8337FE48B90954013B50F1871719D5B
File Size: 2.13 MB, 2133504 bytes
MD5: 357e41d87e88b3f2ef812dd721a35735
SHA1: 397a24cd2d77a3a6ffde2ba6c5765fa2691d8b7d
SHA256: 41B0E5A54D1286724DEBC47251D241604C018E801EACAEE423A8E3F1B2E1A80B
File Size: 2.41 MB, 2406912 bytes
MD5: 31f000805ddb64f709159407d02bd208
SHA1: 479b4b52742a0b8f77176df0bd6f984cf063a4e0
SHA256: 5AC56278DF2EA4795BEF7E67BF7D1FE8D97BB022052BEBD9C5003943027FC3FF
File Size: 2.44 MB, 2442752 bytes
MD5: 04b4812b8dd1263faa777940424015ba
SHA1: d91fae59662ae39a5f8c57501b6ce956ed39c32e
SHA256: 0B110D3405A6970703FDD9A2CABD7B7DA32F658781DE10567C2DAF76DA06B91F
File Size: 2.44 MB, 2442752 bytes
MD5: 861d9233f7f67516491592f898b63a93
SHA1: 17431a96974a09f3f6b2ca74e524b07eab456c57
SHA256: BE1F9B229F1630CCF7121529770AB9D0A4BDC9DA453F63647CB9043FDA8BF842
File Size: 2.44 MB, 2443264 bytes
MD5: 28f7c8ec83a16b57a14705b93d6b9126
SHA1: 524763b995a87a71c7fc85fc4952f9272ceefa15
SHA256: A39A0BDD2BD9DA03E91891A11D5BBA91B66A8F00DF0B12AECAAB2F8AA5B3EFD8
File Size: 2.44 MB, 2442752 bytes
MD5: 275525f7fbad2e28cd722f881e59d66c
SHA1: 5f7ff895aa0cbe3909d8048de9e38973579b6799
SHA256: 869A1EBD9C785DCE3D48F69507F7A2F267F1651A6388EEEC7C0498C2305C1909
File Size: 2.44 MB, 2443264 bytes
MD5: 712165ef168d28c538fdb6365236e79e
SHA1: 0cd214aae2b07afdd538547e8e00183bcb0a19e7
SHA256: 3198317F262C18156A1A3169BB21ED8458CFAB3F8D93D04AC5EFE9874E1C980D
File Size: 2.10 MB, 2097152 bytes
MD5: 45524c0cd7496eef5b376f6ca1fc452d
SHA1: df7d9a93fab27067f58851763416270899e52ed3
SHA256: 823E63FDAA76C60E0889DCAE6D0D4EA8304EAF447FC8C78A5FCE5278E6D8E405
File Size: 2.44 MB, 2443264 bytes
MD5: 862a3f9797a6db1a9d6c44ca6b106a41
SHA1: e68ee14290da4af2258d98d54377298bb2c62ed2
SHA256: 20FA7F16397B9993455E59630A48001B96066251D00D3A6F58FCB5A92D9B1468
File Size: 2.44 MB, 2443264 bytes
MD5: ea47249b037d814049300eccdd8f55b0
SHA1: 799a998cd98ce8ca3e49beda3ae2c881b45e8c20
SHA256: DA81137E0C73328354B085F9A8D841D83AAC5746CAE3869436EF0BD45B74E3CB
File Size: 2.13 MB, 2134016 bytes
MD5: 231bbed63a5e2d0f8a7d5e563204edab
SHA1: b345a085fd54ab679d5f19868fe5a8d67cd19438
SHA256: 582AF0BB292E69F3A37881A0992AE59923F5B38DE219EF847E1CF39B6BA585E4
File Size: 2.44 MB, 2443264 bytes
MD5: afbe9a08c2f3276375789b84fb73d1b8
SHA1: 5e35565b54fca516f562d55c9a270cc6d4bcf908
SHA256: BDCB32C3973E8951CE385B6864B4241B19BCE1A8070CD365C544D47ACEEF9D27
File Size: 2.44 MB, 2443776 bytes
MD5: 30909891f2085b258389a6dea258db3e
SHA1: 38719d2c557ac0d0b6f4c13a12dfcb4165c8e3aa
SHA256: 966779C3AD16949423BC8C5B718929330EA61654A05DF5C689A6636ECD12A589
File Size: 2.10 MB, 2096640 bytes
MD5: fa429aaba4e198cc97f665acb912489c
SHA1: 84e8ad0a84e0168583c5884f47ddb64b0ee810cc
SHA256: 60735AC32E352787D3B50491CBAFE756406289D01F80AA77104665E495112D9E
File Size: 2.44 MB, 2443776 bytes
MD5: f31cffa7389fccd5d23e9006ab8858b8
SHA1: c6825b6219dcd4435d9b3eb21ace1e418782e431
SHA256: 84DE603BF639050CC262219F340A928AB6E2FFFB2D4BC00F0819A51450E1D59F
File Size: 2.13 MB, 2134528 bytes
MD5: d5c6fc403eefca15aef9450aa50b553d
SHA1: 3614e3ce6fa679b65268f2d10a2beff42f671b32
SHA256: 8064CEC4B4E795FE72CFBBBF806A2E21E79D4E1885EAC9289D85F6650FDF12DE
File Size: 2.44 MB, 2443776 bytes
MD5: 4e0454c6f7c22c762a5d647a3ecb2437
SHA1: 17c42e5240375036b5a5f41cbcc6e0804f3beb64
SHA256: 68E7A7AD6045762BE90C19360D4917F4F99185590FD9D43262D094292A2834B5
File Size: 2.44 MB, 2442752 bytes
MD5: f320361312f2c4ab81aeacf3f5bbdc45
SHA1: a37bf2b4a0ef8b89d75c1ea1070cdc2e14cac0d9
SHA256: FE38E1C7D7E623EC0C64EBCC05639845B99EE9B58B301CB9E0287BAF3A429B3D
File Size: 2.44 MB, 2442752 bytes
MD5: a84b1ed9aa736a8c86324379a825c417
SHA1: 4c9bff6ec0c499f5f550274db1bfee1f2ac52d68
SHA256: CD5547FFA8D0CA05512B70DC8AA5E587C44906E77A0AD972A699E50D62F1D16C
File Size: 2.13 MB, 2134016 bytes
MD5: 8539ae44bbc47a7720573cd6fd90889b
SHA1: c7790ec6975cd31244765d92160d03f56fa43eb7
SHA256: E9F721EA33AD3EE98B2C97B186599A4A1948352107EA3018C4D8B8FE7472FDA0
File Size: 2.44 MB, 2443264 bytes
MD5: 00fb7d8476b2f5cb75e8c6db6d43a850
SHA1: ce54063dbe53c6bc0468c594a1f2b6ce586c924f
SHA256: 9063BBE3DAA25788E9CC4DAF7719BEE9C656DAFC985B8ECCF1BE5572977FBD59
File Size: 2.44 MB, 2443264 bytes
MD5: 3f812ac3ce89b3d8d24e8b85df2e98e2
SHA1: 9db8ec985a52d4cc3fdd5fb2d12ad2f057b7e294
SHA256: 26963062E637DA97DE6F61FB3A6316283D7DB266B754907BDDB5D24DDF8DECCF
File Size: 2.13 MB, 2134528 bytes
MD5: 90dc18e5bce4082c47457c802d75609a
SHA1: c775a809687fcd9d986c3de32069140c65d0ccf3
SHA256: 2BA56A55FF048EFA30FE7652D3FB7B177404C8451B4D1380644757F1EB1AAF60
File Size: 2.45 MB, 2445312 bytes
MD5: 513ddb5692316e6e56e73efbae7b162d
SHA1: 5b3376e08f43b129df428c93e957fb2dfe63cd59
SHA256: 5F2F310DC4CE99CECD422CCFC14C5DDB69F0C634B5B979439D600F5379F4767E
File Size: 2.45 MB, 2445312 bytes
MD5: cef88bcf8670cca22bb427b0cec318cc
SHA1: f8c9eb7c6f2d873040ad6d819eb616049d2e96cc
SHA256: E89D69EB734859CDF1050711026E9621739304BA2DDADA7787A10BDD90CA1D10
File Size: 2.45 MB, 2445312 bytes
MD5: c684e98f863c2bdf62493617ba4f4caf
SHA1: 5a6313b2c03bf043a2dadc41c5315ecca2662dcb
SHA256: ADDFC6ABE036C5740DDC2699ED63BDB612E2E4E9B9CB9D5EE89D12C85D5D7CF4
File Size: 2.45 MB, 2446848 bytes
MD5: 24cc1414862d6fc1445de0f4cf8f6b35
SHA1: d9c40f107521164851038c7fc0911776e77403ea
SHA256: 17DEC8713F69AFB9B12C890F2A5ECD0341EBC9E25BC1292E658778ECABBE66FB
File Size: 2.45 MB, 2446848 bytes
MD5: b4b4ce7755e997334d5751eea4321f97
SHA1: 48830de48e9b8ab927df54402128a169319605ae
SHA256: 4BE47D5228900B47F80329BAEEE9176EF7B8D9E14D3869B6182F47101403096A
File Size: 2.45 MB, 2447360 bytes
MD5: 58f0ca0e16ad218d790f2fff68f79622
SHA1: daf70a596e516d6e3644b068b55e2b5a05a434b5
SHA256: 5AEB636D952981C8908ABA203057B1D24A6CF6C6F18C297D472CC583489DF7D7
File Size: 2.45 MB, 2446848 bytes
MD5: f64cb77e4da8cf660cac0dc0e4e6113c
SHA1: d20d40755b1c3517b9dc6b8ea689c265cadd2f3f
SHA256: 72D88223BADC1613F389402D974C70A95DB58F2DC5BD70F5E3974D8666D5291D
File Size: 2.45 MB, 2447360 bytes
MD5: 9f9747c40b0e5cb675f3082ea1d718b8
SHA1: 85ccaac15ebca08936848da83449e67a427dbece
SHA256: EB3BACEC70BF61F419642C9862BF7ACBB174E855D644CA4B7EDE4282C32EADE0
File Size: 2.44 MB, 2444800 bytes
MD5: 9fc1570e8e0a5284b1c9357c8947e3a7
SHA1: e65675d39fca34da8dbe23cf771d743dc1461254
SHA256: 3641529981CE15BEE887212517FB577F4F8B98DA1E15FC3E3250111585204B3B
File Size: 2.44 MB, 2444800 bytes
MD5: f96d9a778fbc061fa208e7fedd134d4d
SHA1: eea70f617f58442549b835bc8b4688d5b63f6f5f
SHA256: 9263F7B8448734EE1B68230AE96FF47931092B75FDAFBAD269D18F04176249BA
File Size: 2.45 MB, 2445312 bytes
MD5: 552edf9a15670911987aa32ca01dac50
SHA1: c225ac1833fd6c3acf5c381c9db7597e25ba7baa
SHA256: D7918F452AEFCA866C3110D3271899FC774784062D1C3B31A0FC03BF64FC23BB
File Size: 2.45 MB, 2445312 bytes
MD5: d0a5292939884934d82d2332650885d1
SHA1: 88db6c047d6c93ea26c00bdff0afa8c15b383d0b
SHA256: 82CB2A57AD2B8B0A0885F2417E46A9A913E66D815FB15559FDCA88EFDAFA2F1D
File Size: 2.45 MB, 2445312 bytes
MD5: 48c8bf11b6c51993f24ea54f80851065
SHA1: 856c465774009436b41bf46eb90850312ee4df18
SHA256: 565DE814A0A35B4DE929CFC2BE02540E1F15C0DCAF82AD42D2F1A2C366B1938F
File Size: 2.45 MB, 2445312 bytes
MD5: 6d5df882f5d0293ebcf085e4b33c0a19
SHA1: 545f961d92d370ae915fa1be0a7983836bea6a47
SHA256: A5C971E6C0FA366F2E692B585DBADA3DF69A967ABCEED3FC6A4FCA235F451E19
File Size: 2.14 MB, 2136064 bytes
MD5: 0697242463de962f470656aca8448b8e
SHA1: 459a7781aefee5cc0bdb51adc038a403b0125123
SHA256: E7D452BDF0392DFDE50AE27769F1EA7B66D32A80C3B48856D02FC7FA0A417A56
File Size: 2.45 MB, 2445824 bytes
MD5: 2caceb664b4eebed74e79fdedc62dbb1
SHA1: 67bd3f34d7c89d69f48139a40b81c58ae90cad0d
SHA256: BB8CDCC09160E2CE10B93946932764D5D6B3C8E7C65C2011EA84740912977D2F
File Size: 2.44 MB, 2444288 bytes
MD5: d0d70ab7b33d20386dd64f0ec33e6737
SHA1: 5135abce3bc6295147dc0a68c86a6ad6fd26e93a
SHA256: 9DAF2FB62A1CA66A927A6F33B853041FC7D4EBCCF325987992B54A5C3101B5EF
File Size: 2.45 MB, 2445824 bytes
MD5: b053686fa23e7a464e9a60cc30d02dcf
SHA1: 4d80d476b816178c4f4e835367aa1c6f1e14dc96
SHA256: E26144F39FF05BEABEDBDB058A0FFF3FBB46560E467B9452BD3BF85A814BC390
File Size: 2.45 MB, 2445312 bytes
MD5: eff86fb3eea892895b906922e75ae7c3
SHA1: f7e3972296cf90c7c5e2d8f51f483645c0defed8
SHA256: CB90DA23F5DC8E092BA69E01B175003AD3CFC01D794A265B7E5C82845EFD5F68
File Size: 2.45 MB, 2447360 bytes
MD5: 02332c44313f2abdf23caa9598978bc8
SHA1: 7a63b91cdbbfb48e2ad26a48f6f1adefc3c4b02f
SHA256: 3AED8018771A0B56CFA013CDCA8A21EF26C846BF0A3A356FDFB747A6DBB33029
File Size: 2.45 MB, 2445824 bytes
MD5: b7f870ff3e804d02694331d3f6a87fec
SHA1: 02c0c6bc4549291a542efa54b1690017dfa43858
SHA256: C75A94023EB4E874332EBD8B6E0F3CC0D6EF9C93CA570765A4AECBAD4DF05F4E
File Size: 2.45 MB, 2446336 bytes
MD5: 49becc1f8c431ef9c8bdedff24b8236b
SHA1: bd3c5b6ba16729ab087dc7ab09f6788b58e6c9d8
SHA256: E1C94D2692D033C628F35A454C9E29ACF6BF412BA58CD5E244BD3DAA4E850AAD
File Size: 2.13 MB, 2134016 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is 64-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments http://www.autoitscript.com/autoit3/
Company Name Farbar
File Description Farbar Recovery Scan Tool
File Version
  • 30.9.2025.0
  • 29.10.2025.0
  • 29.9.2025.0
  • 28.1.2026.3
  • 28.1.2026.2
  • 27.10.2025.0
  • 27.9.2025.0
  • 27.2.2026.0
  • 27.1.2026.0
  • 25.3.2026.0
Show More
  • 25.2.2025.0
  • 25.1.2026.0
  • 24.10.2025.0
  • 23.2.2026.0
  • 22.1.2026.0
  • 21.10.2025.0
  • 21.8.2025.0
  • 21.6.2025.0
  • 21.2.2026.0
  • 21.1.2026.0
  • 19.2.2026.1
  • 19.2.2026.0
  • 19.1.2026.0
  • 18.8.2025.0
  • 18.2.2026.0
  • 18.1.2026.1
  • 17.7.2025.0
  • 16.11.2025.0
  • 16.8.2025.0
  • 15.9.2025.0
  • 14.11.2025.0
  • 14.8.2025.0
  • 13.9.2025.0
  • 13.7.2025.0
  • 13.3.2026.1
  • 12.2.2026.0
  • 11.8.2025.0
  • 11.7.2025.1
  • 11.3.2026.0
  • 10.11.2025.0
  • 10.9.2025.0
  • 9.7.2025.0
  • 9.1.2025.0
  • 7.7.2025.0
  • 7.3.2026.0
  • 7.2.2026.0
  • 6.7.2025.0
  • 6.2.2026.0
  • 5.3.2026.0
  • 3.11.2025.0
  • 3.4.2026.0
  • 3.2.2026.1
  • 2.10.2025.0
  • 2.3.2026.0
Internal Name
  • FRST
  • FRST64
Legal Copyright ©Farbar
Original Filename
  • FRST.exe
  • FRST64.exe
Product Name
  • FRST
  • FRST64
Product Version
  • 30-09-2025
  • 29-10-2025
  • 29-09-2025
  • 28-01-2026 03
  • 28-01-2026 02
  • 27-10-2025
  • 27-09-2025
  • 27-02-2026
  • 27-01-2026
  • 25-03-2026
Show More
  • 25-02-2025
  • 25-01-2026
  • 24-10-2025
  • 23-02-2026
  • 22-01-2026
  • 21-10-2025
  • 21-08-2025
  • 21-06-2025
  • 21-02-2026
  • 21-01-2026
  • 19-02-2026 01
  • 19-02-2026
  • 19-01-2026
  • 18-08-2025
  • 18-02-2026
  • 18-01-2026 01
  • 17-07-2025
  • 16-11-2025
  • 16-08-2025
  • 15-09-2025
  • 14-11-2025
  • 14-08-2025
  • 13-09-2025
  • 13-07-2025
  • 13-03-2026 01
  • 12-02-2026
  • 11-08-2025
  • 11-07-2025 01
  • 11-03-2026
  • 10-11-2025
  • 10-09-2025
  • 09-07-2025
  • 09-01-2025
  • 07-07-2025
  • 07-03-2026
  • 07-02-2026
  • 06-07-2025
  • 06-02-2026
  • 05-03-2026
  • 03-11-2025
  • 03-04-2026
  • 03-02-2026 01
  • 02-10-2025
  • 02-03-2026

File Traits

  • Autoit
  • fptable
  • HighEntropy
  • WriteProcessMemory
  • x64
  • x86

Block Information

Total Blocks: 4,418
Potentially Malicious Blocks: 10
Whitelisted Blocks: 2,899
Unknown Blocks: 1,509

Visual Map

? 0 0 ? 0 ? ? 0 ? 0 0 0 0 ? 0 0 ? ? 0 0 0 0 0 0 0 ? 0 0 0 0 ? ? 0 0 ? ? 0 ? 0 0 ? 0 0 ? ? 0 0 0 ? ? ? ? 0 ? 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 0 0 ? ? 0 0 0 ? ? ? 0 ? ? 0 ? 0 0 0 0 ? 0 ? ? ? ? 0 0 ? ? ? 0 0 0 0 0 ? 0 0 0 0 0 0 ? 0 ? ? ? ? 0 0 ? ? ? ? ? ? ? ? 0 ? ? 0 0 0 ? 0 0 ? ? ? 0 ? 0 0 0 0 0 ? 0 ? 0 0 0 0 ? 0 0 0 0 ? ? 0 0 0 0 0 ? ? ? ? 0 0 0 0 ? 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 ? 0 0 ? 0 0 ? 0 ? 0 0 0 0 0 ? 0 0 0 ? 0 0 0 0 0 0 ? 0 0 ? ? ? 0 0 0 0 0 0 0 ? 0 ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? 0 0 ? 0 0 ? 0 ? 0 0 ? 0 0 0 ? ? ? 0 ? ? ? 0 0 ? 0 ? ? 0 0 ? ? ? ? 0 ? ? 0 ? ? ? 0 ? ? ? 0 ? 0 ? 0 ? 0 0 0 0 ? 0 0 ? ? 0 0 0 0 0 0 ? 0 ? ? ? ? 0 0 0 0 ? ? ? 0 ? ? 0 ? 0 ? ? 0 0 ? ? ? 0 0 ? ? 0 0 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? ? ? 0 0 ? ? 0 0 0 ? 0 ? 0 ? ? 0 0 0 0 0 ? 0 0 0 ? ? 0 0 ? 0 0 0 0 0 ? ? ? ? 0 0 0 0 0 ? 0 ? ? 0 0 0 ? ? 0 0 0 ? ? ? 0 0 ? 0 ? 0 0 0 0 0 0 ? 0 ? 0 0 0 ? 0 0 0 0 ? ? 0 ? ? ? 0 ? ? ? ? ? 0 ? 0 ? 0 0 ? ? 0 0 ? ? ? 0 ? ? ? 0 ? 0 ? ? 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? ? ? 0 0 ? 0 0 0 ? ? 0 0 ? 0 ? 0 0 ? 0 ? ? 0 0 ? ? 0 0 ? 0 ? 0 0 ? 0 0 0 ? 0 0 0 0 0 ? 0 0 ? ? 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 ? 0 0 0 0 0 ? 0 ? 0 0 0 ? ? 0 0 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? ? 0 0 0 0 0 ? ? ? ? 0 0 0 0 ? ? 0 ? ? ? ? 0 ? 0 ? ? ? ? 0 0 0 ? 0 ? ? ? 0 0 0 0 0 x 0 ? 0 ? ? x 0 ? 0 0 ? 0 0 0 ? ? 0 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? 0 ? 0 0 0 0 0 0 0 ? ? 0 ? 0 ? ? 0 0 ? 0 0 0 0 ? ? 0 0 ? ? ? ? ? ? 0 0 0 0 ? ? 0 ? 0 0 0 0 ? ? ? ? 0 ? 0 ? ? ? x ? ? ? ? ? ? ? ? 0 0 0 ? 0 ? 0 ? ? 0 0 ? ? ? 0 0 0 ? 0 ? ? 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? 0 0 0 0 0 ? 0 ? 0 0 ? 0 ? 0 ? ? ? 0 ? 0 ? 0 0 0 0 0 ? ? 0 0 0 ? 0 0 0 0 ? ? ? 0 0 0 ? ? 0 0 0 0 ? 0 0 0 0 ? 0 0 0 ? ? 0 ? ? ? 0 ? ? ? 0 ? 0 0 0 ? 0 0 0 0 ? 0 0 0 0 ? ? 0 0 0 0 0 ? ? ? ? 0 0 ? 0 0 ? 0 ? 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? ? ? ? 0 0 ? 0 ? 0 0 0 0 0 0 0 ? 0 ? 0 x ? 0 0 0 ? ? ? 0 ? 0 ? 0 ? 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 ? ? 0 0 0 0 0 ? 0 ? 0 0 0 0 0 0 ? ? ? 0 ? ? ? 0 ? 0 ? 0 0 ? ? ? ? 0 0 0 ? ? ? 0 ? ? ? ? ? 0 0 0 ? 0 0 ? ? ? ? ? ? ? 0 0 ? ? 0 0 ? ? ? ? ? 0 0 0 0 0 ? 0 0 0 0 ? ? 0 ? 0 0 0 ? ? 0 ? ? 0 0 ? ? ? 0 ? 0 ? 0 0 0 ? 0 0 ? ? ? 0 ? ? ? ? 0 0 0 0 0 ? 0 ? ? ? ? ? ? ? 0 0 0 0 ? 0 0 ? 0 0 0 0 ? 0 ? ? ? ? ? 0 0 ? 0 ? ? ? ? 0 ? ? ? ? ? ? 0 0 0 ? 0 0 0 ? 0 0 0 ? ? ? 0 ? 0 ? 0 ? ? ? ? 0 0 ? ? ? ? 0 ? 0 ? 0 ? ? ? ? ? 0 ? 0 0 ? 0 0 0 ? ? 0 ? ? ? 0 0 ? 0 0 0 ? ? ? 0 ? 0 ? ? 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? 0 ? 0 0 0 0 ? ? 0 ? 0 ? 0 ? ? 0 0 0 0 0 ? 0 ? 0 0 0 ? 0 0 0 0 ? ? 0 0 ? ? 0 0 0 ? 0 0 0 ? ? 0 0 0 ? ? 0 0 ? ? 0 ? 0 ? 0 ? ? ? 0 ? 0 0 ? 0 ? ? ? 0 ? ? ? ? 0 0 ? ? ? ? 0 0 0 0 ? ? ? ? ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 ? ? ? ? 0 0 ? 0 ? 0 ? 0 0 0 0 ? ? ? ? 0 ? 0 0 ? 0 0 0 0 0 0 ? 0 ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 2 x 0 0 1 0 0 0 0 1 0 0 0 0 0 2 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 2 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 2 2 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.KLB

Files Modified

File Attributes
\device\namedpipe Generic Read,Write Attributes
\device\namedpipe Generic Write,Read Attributes
c:\frst\bin\sqlite3_x64.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\bin\sqlite3_x64.dll Generic Write,Read Attributes
c:\frst\hives\components Generic Write
c:\frst\hives\default Generic Write
c:\frst\hives\sam Generic Write
c:\frst\hives\security Generic Write
c:\frst\hives\software Generic Write
c:\frst\hives\system Generic Write
Show More
c:\frst\logs\cmd11127.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd11192.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd11399.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd11555.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd11752.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd11791.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd11950.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd12189.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd12681.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd13019.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd13230.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd13435.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd13456.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd13463.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd13465.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd13487.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd13960.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd13978.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd14119.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd14565.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd14761.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd15453.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd15552.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd15717.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd15998.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd16022.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd16083.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd16379.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd16437.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd16770.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd16835.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd17026.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd17626.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd17627.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd18438.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd18478.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd18562.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd18618.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd18820.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd18940.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd18965.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd19223.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd19662.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd19729.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd19782.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\cmd19910.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\ct.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\logs\ct.ini Synchronize,Write Attributes
c:\frst\q9fl4qt9go0q Synchronize,Write Attributes
c:\users\user\appdata\local\temp\aut1157.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut1956.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut3758.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut3bf1.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut3f27.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut3f6f.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut466d.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut48fb.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut4a92.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut4dbd.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut4e16.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut4ec8.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut53b9.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut5682.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut571e.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut57fa.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut59d7.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut5f57.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut604b.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut661d.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut66e.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut78a5.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut860d.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut9763.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut98d2.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\auta524.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\auta562.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\auta850.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\auta95a.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autaa16.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autaaa2.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autab7b.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autabfa.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autbd88.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autbdbf.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autbe15.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autbf0f.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autbfda.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autc8d0.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autc915.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autd4da.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autd5ca.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aute0cd.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aute23f.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aute388.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aute3bb.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aute893.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autfc39.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autfee1.tmp Generic Write,Read Attributes
c:\users\user\downloads\winmgmts:{impersonationlevel=impersonate}!\root\cimv2 Generic Read,Write Attributes

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 䠉慎Ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 䠉慎Ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ퟖﮛǛ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ퟖﮛǛ RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::enablenegotiate  RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enablefiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableautofiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableconsoletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::consoletracingmask ￿ RegNtPreCreateKey
Show More
HKLM\software\microsoft\tracing\rasapi32::maxfilesize  RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filedirectory %windir%\tracing RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::migrateproxy  RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ⃝촬Ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 興촮Ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ⢙츷Ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ⢙츷Ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 珳樸Ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 홨樺Ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 豵欔Ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 欖Ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 㼨屴Ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ꉆ屶Ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 鿛仙Ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe Ƴ仜Ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 뗿倵Ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 䆆ज़寧Ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ோઊ寧Ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ோઊ寧Ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 琝퀷ମǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 픃퀹ମǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 伧톘ମǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 伧톘ମǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 쯗ꐅကǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ᩜꖛကǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe +Ńሴǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 쓣Ňሴǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 㴎˅ሴǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 㴎˅ሴǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 섘シᓿǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ⊉ソᓿǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 쒣Åᔀǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 覘Êᔀǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 쨂ᛁ⚶ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ⱼᛄ⚶ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ꩟៤⚶ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ꩟៤⚶ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 㿜圇⛥ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 孕堆⛥ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 봺堈⛥ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ᅷ贰⺥ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 牞贲⺥ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 跪踱⺥ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 跪踱⺥ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 鳄〖ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 鳄〖ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 㬿〖ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 鸡〖ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 「ዪ㇣ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 鄸ዬ㇣ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ᦧᒻ㇣ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 箺ᒽ㇣ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ꛣꀱ㊡ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ࢳꀴ㊡ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 夗ꇉ㊡ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ꇥ㊡ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 㴝暖㐍ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ꂮ栟㐍ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ᢃ贛䎡ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 竸贝䎡ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 堹蹟䎡ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 믘蹡䎡ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 岄ῼ䕻ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 뽨῾䕻ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ᗛ⃹䕻ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 硈⃻䕻ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 㱔䠵ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 쫨䠵ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 쫨䠵ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ꆈ䥒ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 埥ꆋ䥒ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ᱵꌗ䥒ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ᱵꌗ䥒ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ﺇቍ倔ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 慄ቐ倔ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 淜읕卉ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 읞卉ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 恆좋卉ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 恆좋卉ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 똌酴覊ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 䛃銉覊ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ୘銎覊ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 㙐᮲贚ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 靖᮶贚ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe Ᏽ᳕贚ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 尒赒ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 赒ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ⢪赒ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 谅赒ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ꬮ汆訾ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 溳汋訾ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 쐡浤訾ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 襍浩訾ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 쁆轐躸ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 藽轕躸ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 相邋躸ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 윉觥貴ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 挪訂貴ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 燶゚趇ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 푆゜趇ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ʇㆯ趇ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ʇㆯ趇ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 褏謓酚ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 꼖謚酚ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 偕貀酚ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 뉅貂酚ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 㙗⩱閗ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 鞇⪒閗ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ⮫閗ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ⮫閗ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe Ꙕ틌韞ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 鉇틘韞ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 渎푘韞ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 콜푚韞ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 㳴ⅽ飺ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 욈ↆ飺ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ⋵飺ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 劐⋸飺ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ṵ櫡餵ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ꝭ櫪餵ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 毰餵ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 꺪毵餵ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 挨믿ꈽǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 詯밆ꈽǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 쩽뵊ꈽǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ⶵ뵍ꈽǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 퉼价ꋍǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 宺企ꋍǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe Ḟ胿ꋗǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 埵脙ꋗǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 萨艩ꋗǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 䥍艮ꋗǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ⇃㠉Ꚏǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 阿㠞Ꚏǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ﮵㦈Ꚏǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ﮵㦈Ꚏǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ┏䖳ꔭǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 䖷ꔭǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 䜾ꔭǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 䜾ꔭǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 왼ㅗ곉ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 誋ㅜ곉ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 鎽㊥곉ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ㊧곉ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 瀃뫽굕ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 糧묆굕ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 嵊벐굕ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 벙굕ǜ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 毌鎰꺱ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 鏅꺱ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 뽕铨꺱ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ⇄铫꺱ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 덪タ끸ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 㷔ハ끸ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 羊끹ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 羊끹ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ờ⥧뉘ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 䜾⥮뉘ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 긝⪚뉘ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ွ⪝뉘ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 洙ꃈ뒮ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ꃑ뒮ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 璯ꇓ뒮ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 璯ꇓ뒮ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 玵卫맞ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 㢗印맞ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 婶吱맞ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 밆吳맞ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 䇖天뻀ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 찏夲뻀ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 坥媤뻀ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 媭뻀ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 皰𣏕쑗ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ■﫚쑗ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ﳩ쑗ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 䦵ﳬ쑗ǜ RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAccessCheckByType
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcAcceptConnectPort
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreatePort
  • ntdll.dll!NtAlpcCreateResourceReserve
  • ntdll.dll!NtAlpcCreateSecurityContext
Show More
  • ntdll.dll!NtAlpcDeleteSecurityContext
  • ntdll.dll!NtAlpcDisconnectPort
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcQueryInformationMessage
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtAlpcSetInformation
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCompareSigningLevels
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDelayExecution
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtGetCachedSigningLevel
  • ntdll.dll!NtGetCompleteWnfStateSubscription
  • ntdll.dll!NtImpersonateAnonymousToken
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtPowerInformation
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryEvent
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryObject
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryTimerResolution
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtQueueApcThread
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSaveKeyEx
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationObject
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2

170 additional items are not displayed above.

Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetComputerName
  • GetUserName
  • GetUserObjectInformation
Keyboard Access
  • GetAsyncKeyState
Process Shell Execute
  • CreateProcess
  • WriteConsole
Process Terminate
  • TerminateProcess
Network Wininet
  • HttpOpenRequest
  • HttpQueryInfo
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetQueryOption
  • InternetSetOption
Network Winhttp
  • WinHttpOpen
Service Control
  • OpenSCManager
  • OpenService
Other Suspicious
  • AdjustTokenPrivileges
Process Manipulation Evasion
  • NtUnmapViewOfSection

Shell Command Execution

C:\WINDOWS\system32\cmd.exe /u /c echo 2
C:\WINDOWS\system32\cmd.exe /c C:\WINDOWS\system32\bcdedit /export C:\FRST\Hives\BCD
C:\WINDOWS\system32\bcdedit.exe C:\WINDOWS\system32\bcdedit /export C:\FRST\Hives\BCD
WriteConsole: Access is denied

Trending

Most Viewed

Loading...