Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Bitcoinminer.BB

Trojan.Bitcoinminer.BB

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 877
Threat Level: 80 % (High)
Infected Computers: 42,854
First Seen: July 24, 2009
Last Seen: April 21, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Bitcoinminer.BB
Signature status: No Signature

Known Samples

MD5: 8740d7493073053a98ef11c75a140e31
SHA1: b9fd774b8390ebd6f0e2c3431248b84108bd9580
File Size: 192.51 KB, 192512 bytes
MD5: 2780bd407e95fe13c6db62aa28b8b08b
SHA1: 0ef7776f6c69b0e7243d6df1e9329acf15fdf5d8
File Size: 124.93 KB, 124928 bytes
MD5: 2d65a432932cb239624be11c925260b5
SHA1: c9818a0b029fee54cedf74badb99a578bad4ce6a
SHA256: 32F085AB2556A617EA8907CA6EF07B40A1A6C404950934ED7D009332F759E96F
File Size: 282.44 KB, 282443 bytes
MD5: f8db5710f2ddf8bc4528ff7dfe40b2c1
SHA1: 8fb06cdd9dcd833647839ae420e95276d4c5eb6c
SHA256: 5DA9F9BECAEB86F055C41021D1972CC22A6417F0D7FE137E0F143E411118CC8E
File Size: 425.47 KB, 425472 bytes
MD5: 5f98eb2eec2c8fdf8994f0cc8c96c7d0
SHA1: 9c38714c0c2e34428d6a1cc6696f713ea5632357
SHA256: 17309266E1284B175C67AB49F0ACFBFF778B05D9B46240B1D15DCB6F45BF113A
File Size: 386.56 KB, 386560 bytes
Show More
MD5: 3a586e507a2b237d3caa9796ebdf82ad
SHA1: 4a164e8dbe73b2da6257d2bf1009df07b80a2f17
SHA256: 1C76DB9FE162C788CFEAE6E6CC0D3BADF42418A04B6EBAFA85BB90B410C93FFD
File Size: 130.05 KB, 130048 bytes
MD5: 0f6d72d89a520523c4fe22050307fee3
SHA1: 236749837977f3175008054826e83e3d8875deac
SHA256: 9D3DAE6D074FEBB01DC1A88451FEC27D27F1154782E4F21AC79077C130D99C0C
File Size: 288.26 KB, 288256 bytes
MD5: d34f21affc929230e897bebd998a297e
SHA1: f42b0593f7028c29207e271b147fa5530a8a8924
SHA256: DA6E0C436D6E9E94F4F5942588FBA4BF151606C3C50A405548E9D1C13E33DCEA
File Size: 391.68 KB, 391680 bytes
MD5: af90f5110a9840c179140a410d8e158e
SHA1: 09a1abd67422e002aa9b53f89f983da69dcb7f7d
SHA256: FAC53E698739B90C2981DB950A3A238C03F228D7E646D0FCE6F014EE2821DC3F
File Size: 2.57 MB, 2568192 bytes
MD5: 22fd87a00d6bd298c0b75557b1aa4801
SHA1: 54d3e601f0362f0260dc63ffb0383b4c16acc88a
SHA256: 46BA79919192ABC0E22DC8927DC54F35CC5F20FCE74AB9782A178EE24DEEB37C
File Size: 197.63 KB, 197632 bytes
MD5: 6a5fb4a5f63bb817c7cbe406488856ef
SHA1: 4a384fd363d71913ffcd1ff32d5177bf4cfd01d5
SHA256: F60C3072EA30067608B279FAA869D14184CEE14FFF7896B4E20F7626C2DD0E7B
File Size: 124.93 KB, 124928 bytes
MD5: ec723f46ba27c46be0704bcd836ec209
SHA1: 7c42c5412b11d3d96210fc00321dadd5cdea4f52
SHA256: FBF0BE8CCD150EE5FF9E16452117C2FBFFB1D5F6C98BB22FC53D756D3CA705BB
File Size: 207.36 KB, 207360 bytes
MD5: fda5184570e5552941946ff36874d7a9
SHA1: 1b931bd11f9e199ffa56c51c9b6c07a66ccda9b2
SHA256: 6DB2F31ECFD1309F2CDEFB8DDC420C6CA6AF21CB61421D26A07BA42723F20460
File Size: 498.69 KB, 498688 bytes
MD5: 81d7838bac1d0db3a0f007253caea9a5
SHA1: e13d4b1ba84c28d29f02a0e2f3b6dff659c98162
SHA256: E2D10406EB701D6FC79CBA1D10FBE1BD1DD41277EA062B3213DD4AB60D693999
File Size: 164.86 KB, 164864 bytes
MD5: acf5d12e84e163e73f309ae7beefa236
SHA1: 68c16c0aeeec62811343f01e4630a3e44bde223b
SHA256: 7B6F3EF97E6D2D4973A3BE95AE8814B64DDD178E049AD8F99BC4AEBBADF3FFC7
File Size: 124.93 KB, 124928 bytes
MD5: 888ad6b3f91a2be8b4272824c0b12f12
SHA1: a4c024144ed0426501eff263512dfcee08522e1f
SHA256: 659F28642F22996156086A27DDC209B1341E0CBA9FE291DF442CDC1A68984F78
File Size: 124.93 KB, 124928 bytes
MD5: c067919eeb0b006e1664a457c1727336
SHA1: ec49c9c764b4480383549531a1cfe6525f8ea195
SHA256: 4091209181CF41050781709DA3D575838DCBEC2B831137DCB485FF973ABDF79D
File Size: 124.93 KB, 124928 bytes
MD5: 414898fe4f9376bc0a94c7d6462fdfa4
SHA1: 252dbf03d926b7136c67bfb3de05eafbe65355d8
SHA256: EF7DAB12C5EF07ECA91B9ECA7406AFAE7EF75D51339E5339AE29903F4D5D8052
File Size: 124.93 KB, 124928 bytes
MD5: cd712f3428ca2b398aea9ad2c957d31a
SHA1: 27b07ccc46b9b4c945571e0a1161884eb020d17c
SHA256: 67B5597CF8AEC47B3AA244C4E4C8AB0FA65D183FCA7E004345A0C723B8D67EF3
File Size: 124.93 KB, 124928 bytes
MD5: 88c2b893cfdf5f63fa5bf89ff2902bde
SHA1: 8f7afdfe373bf754270caff338177fbb3f89708c
SHA256: FBEDD4AEBBA30B36C6882F8308D733D7174B1169A727C71C765590945C3FF604
File Size: 390.14 KB, 390144 bytes
MD5: b43fd7fd79fb76c69c4158e587564b6b
SHA1: 14f3214508c418558f0b4fd08f6868a0a7f0f001
SHA256: F005F7810C7BB3F4849F4E71833BE9EDCA70571851BB8A818FF9F34B8D22BA40
File Size: 485.89 KB, 485888 bytes
MD5: 24ad78a7a7a39e3f001699f5037d0e02
SHA1: 87e696db924e184bc0196d0e41de697fb9775756
SHA256: 41BAFFDC8F1CC22BAC364CDE9470C526C3CB09C0B3DDB766617612270DDFDF2E
File Size: 124.93 KB, 124928 bytes
MD5: 4110a428b5ada30988657d1b9405f348
SHA1: 6fceb2b243ad2891bdb5f83a4a5265295f7a1a91
SHA256: 87385CCD1123EA868F6EA07C3683388BF2CAE12366E0642AFAABEE2D8F610D08
File Size: 124.93 KB, 124928 bytes
MD5: b1717bda7c76bb7a3cf20d3b9c2b09b8
SHA1: 6f86cd072a396c7b6abb3806d2905b780ff8d6a5
SHA256: 3AA83A08D942206C4BAB6F0ADF17D251B9838DD228B813A4E0E5F66D1077A634
File Size: 140.29 KB, 140288 bytes
MD5: 9a1e921dde5db958f19eb0df4c40b6d9
SHA1: 0b3ed40c3254bdaea0248ccee0e08bee95d87768
SHA256: 98C218393594092FC2E30CDB8F9D182115DDB08AC17956AAA151D8F49BD54D10
File Size: 194.56 KB, 194560 bytes
MD5: 4a87fb48442efade79a9069b195ca086
SHA1: 1e0cb684e4942ecab68bef187528d3ecb97428c9
SHA256: CFF96F1765EF71C09FEA4058C9BE13F71DF323FE5BF5F32835561A5374C7D352
File Size: 124.93 KB, 124928 bytes
MD5: e35c18a563d7c9f7ffa0291fecdd4f18
SHA1: cc70fd6a175f62c802ae58e29cae0f23161e1419
SHA256: 1886EBED97FD31C498319CDB92C31CD4E71EA86A784391132DD1484CFDED1CA8
File Size: 346.11 KB, 346112 bytes
MD5: 38fc5ee6df0b4f0130036e5491d4e1a2
SHA1: 3cd15a87446ecc65f7973927ace1580d6583e76e
SHA256: DCC01BCAE9C2BFA9E82DA5731AE207C17C37C3763EA89553AE7B76D543D24083
File Size: 396.80 KB, 396800 bytes
MD5: 67540809a56e5b4fad6f9c9eadcad5df
SHA1: 273421244d56d006027a6f79d9f78e2425b071bf
SHA256: BB9DCB20E4B70F7B71AB33F2D9FD56E334C2BCF85529D5998897B493165233B8
File Size: 124.93 KB, 124928 bytes
MD5: 84b234beaaebd9a19aff9167a6928da1
SHA1: 11f5ebd1c47bc933e2e7d367ea10d85493c0dd62
SHA256: 86B514F9BFE86EDBEFA4A24B85D3011837D51A469385A921E0CFF57F8E855B71
File Size: 124.93 KB, 124928 bytes
MD5: eb4abb846a6dfe1920daff2b70f9a0eb
SHA1: 920d8083eac7051339505ce511cbc1a0c8a69661
SHA256: 4D9BBFB407283ABEAF387CE6DB633C0DF49ABD676A5FFCFC747F8805B25D6F05
File Size: 124.93 KB, 124928 bytes
MD5: 763d7bede625c29dfff931a0130a79a0
SHA1: 171b5435ddedef67ef01974659487a153bd9d68b
SHA256: 36E0294ADCAEF25C9DC31C7B102DAC6085A178F758F4423454A2C060F101CAFA
File Size: 70.14 KB, 70144 bytes
MD5: 0fb3f3c122df9e2350f6e7158e27818a
SHA1: 089f6dd6ccadf11626453eff2a81587a1ebeca43
SHA256: 5986FE6680D5B228FC2E9B6FAA9BC80CD329A3DC3AF2FEACC5BCD4FF98D39406
File Size: 124.93 KB, 124928 bytes
MD5: 9e955893d76a94e0dd4e28030f5c84bd
SHA1: 260b9fbf8856cea37a9d473e4f831330f2870e8b
SHA256: 06810BD68E0DF8471B0FC4B9826BC5FA45DE689A5167B0AEC367D4179094B732
File Size: 541.18 KB, 541184 bytes
MD5: 202ea0e2a628e205aa2f7b61c712bbc1
SHA1: dc8dd7f2ae7a4720ce9da482fc1e18e391dc94af
SHA256: 9B8A00351438DE903411AC34E5C47356D10B02F29FA69906228E87D41073DC8B
File Size: 124.93 KB, 124928 bytes
MD5: 8f70900a1d02cfa59d942e81f46af6c4
SHA1: 4799380b2c8e621561a4de087cf1fcf427246400
SHA256: D8E794322C14B97F38956D2BFFE7698C707BC443F362830B8510F0B6A0FD3F78
File Size: 124.93 KB, 124928 bytes
MD5: f41a81643e25f831164458b27792166b
SHA1: 4b96c15657b4e58f10f0b9370bb5bc46ec6f5f92
SHA256: A9983818EB98BE8F6276DFBB940E0B263E30B79640460D99610A51AE0FE94E75
File Size: 124.93 KB, 124928 bytes
MD5: bdb606f2285a073d8b4f7c00a4987242
SHA1: 75ed077c5dee2ed48a8ae0ac3f34245e9a9059a9
SHA256: CB1BC0801AFEC3A8E57B00489E6C0FB4599075C5605CA856C464EFEE7671DC4D
File Size: 124.93 KB, 124928 bytes
MD5: 6827cdb72b2308a88e825671b20e512b
SHA1: 2c3ee8c54a7dbbad4c4dec51153e894ddc754f26
SHA256: CF69A6A82B5FE817450FD7469F698D10035DEFD7CEE91A0DB436374AB6D2557F
File Size: 124.93 KB, 124928 bytes
MD5: 0c21915260806c08d2ba11f70f2bb1e5
SHA1: 9af23c4b4ce5fbd0424d0dad1e1c5345eee5520b
SHA256: 75ECCB2F583A26DC3987FC75C8B5E1855FB14D6FC76B9A29DDE69AD68DEF1BB8
File Size: 124.93 KB, 124928 bytes
MD5: ed3352414e72f1aa363d40dc0ccfc31b
SHA1: 299759b755109af6bec5dd18e3e7f97b77574085
SHA256: E47905CADF2919675CD4644FEA991596CA3D395BD914010663D96D44AAE4355E
File Size: 157.70 KB, 157696 bytes
MD5: 1844218353ccae5dd9332ce7b77dbac9
SHA1: 62c2466b5a960e98f66c5c012aaddacbe9f6f821
SHA256: D156DBD762EC2E743F43160F7B0D0B69BC0AAC50597E57EE01A6F1F52CC1223B
File Size: 124.93 KB, 124928 bytes
MD5: 2c0604e736d40e2ae8f8adcd9e53d27c
SHA1: 17b6f58d83ecaf1584747ec03dab6db8273cbb16
SHA256: A2DBFB3BE756BE7F1EDB56B6D01BBF3E74584036F048AAE32776FD23D599E202
File Size: 124.93 KB, 124928 bytes
MD5: aadae57dcde18ba843858cdd9236c8db
SHA1: e3ff040d59b02724f53aa50720bc19fafd781881
SHA256: E022A67BFB460BB57205E88536B81FF753678D557C83348284C46EB1048DAE96
File Size: 124.93 KB, 124928 bytes
MD5: b2f8230e615cea0af418f45c6e99c69d
SHA1: 46cd563ddbe1194a7ed362279628a41464f36082
SHA256: EB2D2474311D84FC7B06D49A5C1F7B34850BC0B4878E2D8F0AF79B98EF7A82B7
File Size: 416.77 KB, 416768 bytes
MD5: 66439298c54548936ec9ff455baf1a3b
SHA1: 4ddefef57c50124713cc427c9f1cc1460185fb3d
SHA256: 0FBF5B4210C144424585287EE72DDAEEE20C6694E1A0CB84A5C370C09B77D73F
File Size: 195.07 KB, 195072 bytes
MD5: 26aae15d492f0583a4044b4050369e9e
SHA1: a00e37a28d8bec694d871078e43531e9a1915386
SHA256: E77B5CE17C357E5C9772CA1E431126820BABFD799028713C99373F30FF175BFC
File Size: 124.93 KB, 124928 bytes
MD5: 7607246a7548d33cdd55437eef55effa
SHA1: 7c7ff3e33dafe5b2e03104ad1ffcf026162b3780
SHA256: 49F32991342CA6B5C244E13627F147BBFFA4D25B02AF14641DFBCCF5877C8A63
File Size: 165.89 KB, 165888 bytes
MD5: 2b7235e3a0934275ee07a7dba4b80851
SHA1: a571c5d07679ba1d1e041d70f403a3f8b1590b4f
SHA256: 20AA2F19BD9C989B76A2C51E7CC0180AE2FDD13DFB3EF69035E1D45A0234BD0A
File Size: 124.93 KB, 124928 bytes
MD5: a35510e44123c2dc95eb5d76243d2a6a
SHA1: 60197b35de8f237c3d0b56c767ef990bf871c807
SHA256: 26C6BFEE9B9086EE888B1FA3B70D7DEED1926DE830147FD837735257140A02CA
File Size: 124.93 KB, 124928 bytes
MD5: cd97720066806a851b8715dd65fcb809
SHA1: f5e9fb891a8134ca96f9bc6a6e01a71a96b6279e
SHA256: 2CB8E5E04103F8A4B240E64C59FFB2C8CB8FA21E0F1E698ED69311EE7D18F0D9
File Size: 124.93 KB, 124928 bytes
MD5: 88d53b39b04de4a21a82d1620c8a5d33
SHA1: 578f62ce90020694653e65b7bf04ed2aff638c2b
SHA256: FE7642EE65812CB4EDAEA6B5635872542F75B03881541F3A811F15343323ABF1
File Size: 124.93 KB, 124928 bytes
MD5: 4f6487c757499722f8ddffa57f0b8286
SHA1: c61399e940956263eb34985bd9234aaa66fb843b
SHA256: D817C36FC61F644ECBBB39D8803201ECA0486BD449C0888B3B433E7873CE0C46
File Size: 154.11 KB, 154112 bytes
MD5: f22dbeab886881dc1900374e230b4e1e
SHA1: d1e2f4ef271e0245431b9cf7560b1e95126956df
SHA256: 4368E65205082AE14E0EF1A3C45716CFEED6F75840AFE5DBF2D8643D0E4CCD03
File Size: 124.93 KB, 124928 bytes
MD5: 4f27692bfcc834584ec4f10a3281a71a
SHA1: cdd0d4f819f6aa837e0db1aa7c68b003917cf30a
SHA256: FA0D254EB01C13254BA6840374CEF3B96B11958F37DCDA259779D0C7D8296A1A
File Size: 124.93 KB, 124928 bytes
MD5: 6e4da05e1f01d1a29110d51b08f96332
SHA1: e1f9a2144f6cc01e0f7bd1c8bc219b54b42873bf
SHA256: E4DB3902E1C1C79900EA9065A10DDC846B45BAD301928FF093A341CE2FEE05F8
File Size: 124.93 KB, 124928 bytes
MD5: dc8012c860070d04e6f6e3e83debdbd8
SHA1: 50d0db6ebf4e68de69cb1989dd1843c836877907
SHA256: B4DD44A50255E65B7B16DA3B8AD5A5675150A44771947AAC1075FAE3FFF7E3BE
File Size: 124.93 KB, 124928 bytes
MD5: a82888338c54f78d97e9061126cac2ba
SHA1: 60cdde159dd21cf13eaf11b1520a51c8ff52e74c
SHA256: 195DCA4852E8B4906B2E19819D372614108741D248B290BA1D05ABC433885A8A
File Size: 130.56 KB, 130560 bytes
MD5: e002fd484d381230bc5d44d86baa9e55
SHA1: 00c1d671b8cb560df3f20323e4a522c0a2cec045
SHA256: 310EFFAFEC1BF4594946D19265FC7C2D5C0811381474C2F2F0FD064BE09F840E
File Size: 124.93 KB, 124928 bytes
MD5: 4bcc8d756f2c4bee111636a14c830429
SHA1: d8ec5a0168ed5485baebcc9427f6bb7e54f4e461
SHA256: 9DA6051E8170DA2E340395FEE6871ED2C483C8ADD356EEE426B1A431AA104096
File Size: 647.17 KB, 647168 bytes
MD5: 722ba030aa71fb480bf7d473ab0d5ad1
SHA1: 40598e2e9adbb2bd0c705d8d419d93cd0f64bef3
SHA256: C59B89D5588CCEC7576FEEFD9FDACFE18C4B53CE5550188DC80E1C2F22FF7456
File Size: 124.93 KB, 124928 bytes
MD5: cddbced1978deb101f7c78e0d3d7a61b
SHA1: 0a964f506babcce5341b1ed2b36e3db1fdda6712
SHA256: DBA1726A0BD9548714E310F956A76B4DB00D73571DE9EA82A036109CDDB081FB
File Size: 193.02 KB, 193024 bytes
MD5: c559546464a240855cc67ddf97f65a6a
SHA1: dff1783daa3bf8c304cd055b53171aa2ad9572b3
SHA256: 18A1969DA914AA97B48A55DE0A2FDE0E0D6192FCA1D1D15F9DBCE28808069192
File Size: 124.93 KB, 124928 bytes
MD5: 131f8ee9144b09d33f99177cb9c04f8b
SHA1: 7a18440b22befae7db600233825a0cf7b6044076
SHA256: 30D034A1C49C542DC8A7338B54F10F6AFCAF505F65F4C2211CB8F6E12F3310E5
File Size: 124.93 KB, 124928 bytes
MD5: 30b01e9532b77d799150a08b452a0a66
SHA1: a6aed10e54b422d803ba5105e02a9312c07cdaaf
SHA256: 2073BEEF64F1C1527578B67FAFC85F479727DE27BD174B38D0ED9BCE4D7A0BD7
File Size: 124.93 KB, 124928 bytes
MD5: 8fce1c624821c38a334fc142e8acac43
SHA1: 4062dc9618704c8e5ef26418acffa1175bb3260e
SHA256: 5A1B152E42A1FCA18C3E57DF437D2A646786A7816F230645ECC668507AFA2B68
File Size: 124.93 KB, 124928 bytes
MD5: b2a3a4f72abdddd1113f7527af738994
SHA1: 517e50772835c0c9bd85d32be8e336b105fbfac5
SHA256: 30C990B2B64F4556CA88780C1B21ABF2BAB9CBFC2612F7A70784656C0597D180
File Size: 168.96 KB, 168960 bytes
MD5: 4ea320f88f12c2b387a0ab66bcffefb7
SHA1: 766d563bf38d9d46b1de128d20abcfb82e6060d0
SHA256: 62309EFC4C9944DCB0A4102AA39D887B5D34B1C92FFEC603F822B72D3A1D9697
File Size: 124.93 KB, 124928 bytes
MD5: 25d72249d747a2eec21854eb1bd09241
SHA1: 2bd7f0f9d85e7134cde5ca99dbb0bd9b4c417b3e
SHA256: B8E96F2FEED3EBDA31BA1BE5F26F580EF9ABA6E3840E4136374346BE1BFBC022
File Size: 124.93 KB, 124928 bytes
MD5: 948f26ed41128ef145cfafa5883c3fcb
SHA1: 1bcf2cf2e28f676f6c4685592e08a24a68e237c0
SHA256: 209D38B51B51768C756289BB2F7F89654E7C9E0195033EE0A1A72A2815EACEE7
File Size: 124.93 KB, 124928 bytes
MD5: ab49d042ee2c4dc6a720cdce22c12a86
SHA1: 2625286fc117d1d65421634f571712275fa4a286
SHA256: E253CBBB38255B43CF995B6B75977C1370279DC354C1E6FA044C18AFAAD296DE
File Size: 135.10 KB, 135096 bytes
MD5: 30ca9d6edca8c29f2739882e74ab9545
SHA1: 227355f3eacf09d1e228d227ba26946b4a33b129
SHA256: 25A308CB9E187EA22CAA644B07986439D346787728CE6CD7F2983ABAF2DCB26C
File Size: 124.93 KB, 124928 bytes
MD5: 75c7a25754ab3995038e501cfb8c9da1
SHA1: 6eb9d51cafc5c5e9e57e06d130a01b695c784552
SHA256: FB4299A445DB640D6BC2070B354B4B693414FEE76283BCD8E7E54FA00FD614A1
File Size: 124.93 KB, 124928 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File is .NET application
  • File is 32-bit executable
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
Show More
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

7 additional icons are not displayed above.

Windows PE Version Information

Name Value
Assembly Version
  • 2.8.181.1
  • 1.0.0.0
Comments
  • .....
  • Developer tool Plus +967777808915
Company Name
  • Agente Inventário GLPI
  • AhmedAboelleef
  • By Vycer
  • Len Cooperations
  • Pro Tech
  • TDR DADDY
  • VOLVO PROGRAMMER
  • 잡다한지식
File Description
  • Developer Plus 0.7 | VOLVO PROGRAMMER
  • Give credit to TDR DADDY
  • Link Para canal
  • LumeTri V3
  • Made by Len
  • Tool to enable or disable mods
File Version
  • Comentários:
  • 3.0.0.0
  • 2.8.181.1
  • 1.7
  • 1.1.1.1
  • 1.0.0.1
  • 1.0.0.0
  • 1.0.0
  • 1.0
Internal Name
  • GLPI Agent
  • Goojara
  • Link Para canal
  • TTDB7Parametrs.exe
  • VgaPatcher.exe
Legal Copyright
  • copyright 2025
  • Copyright VOLVO PROGRAMMER © 2023
  • Copyright © 2023
  • © 2026 AhmedAboelleef
  • ⓒGoaway
Legal Trademarks
  • copyright 2025
  • Montreal Informática - MIBH
  • VOLVO PROGRAMMER
Original Filename
  • +967777808915
  • Canal MAtheus
  • GLPI Agent
  • Goojara
  • P2_8TAffinity
  • Shell32.dll 교체기
  • VgaPatchV3.exe
Product Name
  • 1.7.1
  • Call of Duty Modern Warfare
  • Canal Matheus
  • DarkCleaner
  • DevTool
  • fps booster by tdr daddy
  • Goojara
  • LumeTriV3
  • Mod Ebabler/Disabler
  • P2_8TAffinity
Show More
  • Shell32.dll 교체기
Product Version
  • 2.8.181.1
  • 2.0
  • 1.7
  • 1.1.1.1
  • 1.0.0.1
  • 1.0.0.0
  • 1.0

Digital Signatures

Signer Root Status
CRYPTAUTH LLC CRYPTAUTH LLC Self Signed

File Traits

  • 2+ executable sections
  • HighEntropy
  • No Version Info
  • packed
  • x64

Block Information

Total Blocks: 270
Potentially Malicious Blocks: 3
Whitelisted Blocks: 267
Unknown Blocks: 0

Visual Map

x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Bitcoinminer.BB
  • MSIL.BadJoke.XF
  • MSIL.Krypt.FRA
  • MSIL.Krypt.JUB
  • MSIL.Krypt.MBCAG
Show More
  • MSIL.Kryptik.XB
  • MSIL.RunescapeHack.D

Files Modified

File Attributes
\device\namedpipe Generic Read,Write Attributes
\device\namedpipe Generic Write,Read Attributes
c:\1153.tmp\1154.tmp\1165.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\1d18.tmp\1d19.tmp\1d2a.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\1e8b.tmp\1e8c.tmp\1e8d.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\243d.tmp\243e.tmp\243f.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\2a60.tmp\2a61.tmp\2a71.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\2b2e.tmp\2b2f.tmp\2b30.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\2ef7.tmp\2ef8.tmp\2ef9.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\2f83.tmp\2f84.tmp\2f85.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\3548.tmp\3549.tmp\354a.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\3a84.tmp\3a95.tmp\3a96.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\3bad.tmp\3bbe.tmp\3bbf.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\3e13.tmp\3e14.tmp\3e15.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\40ff.tmp\4110.tmp\4111.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\44f4.tmp\44f5.tmp\44f6.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\494e.tmp\494f.tmp\4950.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4bfa.tmp\4bfb.tmp\4bfc.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\529.tmp\52a.tmp\53a.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\55c2.tmp\55c3.tmp\55d3.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\5787.tmp\5797.tmp\5798.vbs Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\5af5.tmp\5af6.tmp\5af7.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\5cbc.tmp\5cbd.tmp\5cbe.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\6943.tmp\6944.tmp\6945.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\6ceb.tmp\6cec.tmp\6ced.vbs Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\7510.tmp\7521.tmp\7522.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\7833.tmp\7834.tmp\7835.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\792a.tmp\792b.tmp\792c.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\82ea.tmp\82eb.tmp\82ec.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\8665.tmp\8666.tmp\8677.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\8f39.tmp\8f4a.tmp\8f4b.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\92cc.tmp\92cd.tmp\92ce.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\98c6.tmp\98d7.tmp\98e7.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\9ba7.tmp\9ba8.tmp\9ba9.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a217.tmp\a227.tmp\a228.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a236.tmp\a237.tmp\a238.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a255.tmp\a256.tmp\a267.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a2a3.tmp\a2a4.tmp\a2a5.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a320.tmp\a321.tmp\a322.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a320.tmp\a331.tmp\a332.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a5ff.tmp\a60f.tmp\a610.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a61e.tmp\a61f.tmp\a620.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a61e.tmp\a62f.tmp\a630.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a66c.tmp\a66d.tmp\a66e.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a67c.tmp\a67d.tmp\a67e.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a69b.tmp\a69c.tmp\a69d.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a69b.tmp\a69c.tmp\a6ad.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a6ca.tmp\a6cb.tmp\a6db.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a8e1.tmp\a8e2.tmp\a8e3.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\aaf0.tmp\aaf1.tmp\aaf2.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\ad41.tmp\ad51.tmp\ad52.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\b147.tmp\b148.tmp\b149.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\ba8b.tmp\ba8c.tmp\ba8d.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\baba.tmp\babb.tmp\babc.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\bac9.tmp\baca.tmp\bacb.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\bb08.tmp\bb09.tmp\bb0a.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\bb08.tmp\bb18.tmp\bb19.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\bb37.tmp\bb38.tmp\bb39.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\bba4.tmp\bba5.tmp\bba6.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\bbd3.tmp\bbd4.tmp\bbd5.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\bcf5.tmp\bcf6.tmp\bcf7.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\bd34.tmp\bd35.tmp\bd36.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\bf7c.tmp\bf7d.tmp\bf8e.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\d638.tmp\d639.tmp\d63a.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\e2c0.tmp\e2c1.tmp\e2c2.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\f278.tmp\f279.tmp\f289.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\f9d3.tmp\f9d4.tmp\f9d5.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\diagnosticsnet\cache.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\diagnosticsnet\configuration.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\diagnosticsnet\update.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\diagnosticsnet\updater.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\features\x\_locales\en\messages.json Generic Write,Read Attributes
c:\users\user\appdata\local\features\x\icon.png Generic Write,Read Attributes
c:\users\user\appdata\local\features\x\interface.html Generic Write,Read Attributes
c:\users\user\appdata\local\features\x\interface.js Generic Write,Read Attributes
c:\users\user\appdata\local\features\x\manifest.json Generic Write,Read Attributes
c:\users\user\appdata\local\features\x\pdf_handler.js Generic Write,Read Attributes
c:\users\user\appdata\local\features\x\script.js Generic Write,Read Attributes
c:\users\user\appdata\local\features\x\security.js Generic Write,Read Attributes
c:\users\user\appdata\local\features\x\style_01.css Generic Write,Read Attributes
c:\users\user\appdata\local\features\x\web_accessible_resource.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_a04r2sd3.s1j.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_tuboheca.x14.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\c9818a0b029fee54cedf74badb99a578bad4ce6a_000028_patch-run.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\nsef7ff.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsxf511.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsxf9b6.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsxf9b6.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsxf9b6.tmp\system.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\temp_cleanup.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tidy.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~lvecdkp.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~lvecdkp.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\updateswin\update.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\updateswin\updater.tmp Generic Write,Read Attributes
c:\users\user\downloads\ca131100001.cer Generic Write,Read Attributes
c:\users\user\downloads\ca131100002.cer Generic Write,Read Attributes
c:\users\user\downloads\gpkirootca1.cer Generic Write,Read Attributes
c:\users\user\downloads\sh1.exe Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 쓽㞾Ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 紼뮑難Ǜ RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ♮赤ࠞǜ RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Aunvsbun\AppData\Local\Temp\nsxF9B6.tmp\ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
Show More
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 虾超ࠞǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 굴趌ࠞǜ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 䊀⌃࣮ǜ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 垄鳺Ⴌǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::failed_count RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state  RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes (NULL) RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes  RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state  RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ッ♚ǜ RegNtPreCreateKey
HKCU\console::virtualterminallevel  RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ᓥ♚ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 柶䞛ǜ RegNtPreCreateKey
HKCU\software\topaz labs llc\topaz photo ai:: RegNtPreCreateKey
HKCU\software\topaz labs llc\topaz photo ai::token null RegNtPreCreateKey
HKCU\software\topaz labs llc\topaz photo ai::refreshtoken null RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 證亅仇ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 媪솗怓ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 率绡圪ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 㽧朩揹ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ʗ짦晣ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ⾮㕻漆ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ቙힚漗ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 瑩濌ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 知潸灌ǜ RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKCU\software\microsoft\edge\elfbeacon::version 143.0.3650.80 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 㹔Ⴡ濷ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 鄿㽸濵ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ⼼쌧猖ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 醦쌩猖ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 湻訝璙ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 榨瑦ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe RegNtPreCreateKey
HKLM\software\activision\call of duty 4::codkey LJ8D2DUSPJYGUWDW76B1 RegNtPreCreateKey
HKLM\software\wow6432node\activision\call of duty 4::codkey LJ8D2DUSPJYGUWDW76B1 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ȴ몾知ǜ RegNtPreCreateKey
HKCU\local settings\muicache\1b\52c64b7e::@c:\windows\system32\ndfapi.dll,-40001 Windows Network Diagnostics RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 閚탨簪ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 孰쉻総ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ὼ쌖縔ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 腫ퟆ繖ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ꠓퟍ繖ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ᑟ终ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\driversearching::searchorderconfig RegNtPreCreateKey
HKLM\system\controlset001\control\power\powerthrottling::powerthrottlingoff  RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\multimedia\systemprofile::systemresponsiveness RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\multimedia\systemprofile::networkthrottlingindex ￿￿ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\multimedia\systemprofile::schedulerresolution  RegNtPreCreateKey
HKCU\system\gameconfigstore::gamedvr_enabled RegNtPreCreateKey
HKCU\system\gameconfigstore::gamedvr_fsebehaviormode  RegNtPreCreateKey
HKCU\system\gameconfigstore::gamedvr_fsebehavior  RegNtPreCreateKey
HKCU\system\gameconfigstore::gamedvr_honoruserfsebehaviormode  RegNtPreCreateKey
HKCU\system\gameconfigstore::gamedvr_escape RegNtPreCreateKey
HKCU\system\gameconfigstore::gamemodeenabled  RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 㛨㙤羃ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 衯츦荺ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 侵覕ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 攰㚄覤ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 쒉탅赠ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 䨚譳趰ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 싹덌詪ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 䳷덒詪ǜ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ⚊잇跔ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 謡鿯遏ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 嬓銧ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 㥺﹍逺ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 柼뒬鋶ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ߁綥頬ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ኿쯍頄ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 扻颳ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 櫸糈鳣ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ৩꘵ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ꇬ꘵ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ⳤ欹Ꜣǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 鮺䬽꡹ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 䝘⭤ꪷǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 겿ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 閯곊ǜ RegNtPreCreateKey
HKLM\software\microsoft\cryptography\oid\encodingtype 0\cryptdllfindoidinfo\1.3.6.1.4.1.311.60.3.1!7::name szOID_ROOT_PROGRAM_AUTO_UPDATE_CA_REVOCATION RegNtPreCreateKey
HKLM\software\microsoft\cryptography\oid\encodingtype 0\cryptdllfindoidinfo\1.3.6.1.4.1.311.60.3.2!7::name szOID_ROOT_PROGRAM_AUTO_UPDATE_END_REVOCATION RegNtPreCreateKey
HKLM\software\microsoft\cryptography\oid\encodingtype 0\cryptdllfindoidinfo\1.3.6.1.4.1.311.60.3.3!7::name szOID_ROOT_PROGRAM_NO_OCSP_FAILOVER_TO_CRL RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ≑곩ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 辬뎗ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 꺶耜땵ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 狹艃렻ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 皢뤖ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 敚킂뮨ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 䮈ࣼ윢ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 夢㊗죿ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 柤쨾ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe Ẓ켄ǜ RegNtPreCreateKey
HKLM\software\microsoft\tracing\mprapi::enablefiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\mprapi::enableautofiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\mprapi::enableconsoletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\mprapi::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\mprapi::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\mprapi::maxfilesize  RegNtPreCreateKey
HKLM\software\microsoft\tracing\mprapi::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 沍솜쾳ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 䑥朹텦ǜ RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAccessCheckByType
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcAcceptConnectPort
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreatePort
  • ntdll.dll!NtAlpcCreatePortSection
  • ntdll.dll!NtAlpcCreateResourceReserve
Show More
  • ntdll.dll!NtAlpcCreateSectionView
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcDeleteSecurityContext
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcQueryInformationMessage
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtAlpcSetInformation
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtCancelIoFileEx
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCompareSigningLevels
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateNamedPipeFile
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateTransaction
  • ntdll.dll!NtCreateUserProcess
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDelayExecution
  • ntdll.dll!NtDeleteValueKey
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFlushProcessWriteBuffers
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtFsControlFile
  • ntdll.dll!NtGetCachedSigningLevel
  • ntdll.dll!NtGetCompleteWnfStateSubscription
  • ntdll.dll!NtImpersonateAnonymousToken
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenKeyTransactedEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenSymbolicLinkObject
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtPowerInformation
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFile
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryEvent
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryObject
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySymbolicLinkObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryTimerResolution
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtQueueApcThread

201 additional items are not displayed above.

Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
  • WriteConsole
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetComputerName
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
Process Terminate
  • TerminateProcess
Encryption Used
  • BCryptOpenAlgorithmProvider
Other Suspicious
  • AdjustTokenPrivileges
Network Winsock2
  • WSAStartup
Service Control
  • OpenSCManager
  • OpenService

Shell Command Execution

"C:\WINDOWS\system32\cmd" /c "\5AF5.tmp\5AF6.tmp\5AF7.bat c:\users\user\downloads\b9fd774b8390ebd6f0e2c3431248b84108bd9580_0000192512.exe"
"C:\WINDOWS\system32\cmd" /c "\3A84.tmp\3A95.tmp\3A96.bat c:\users\user\downloads\0ef7776f6c69b0e7243d6df1e9329acf15fdf5d8_0000124928.exe"
C:\WINDOWS\system32\timeout.exe timeout /t 300
(NULL) C:\Users\Aunvsbun\AppData\Local\Temp\c9818a0b029fee54cedf74badb99a578bad4ce6a_000028_patch-run.exe c:\users\user\downloads
(NULL) c:\users\user\downloads\SH1.exe
Show More
open C:\Users\Aunvsbun\AppData\Local\Temp\tidy.bat "C:\Users\Aunvsbun\AppData\Local\Temp\c9818a0b029fee54cedf74badb99a578bad4ce6a_000028_patch-run.exe" "DefaultSearchProvider" "HKEY_LOCAL_MACHINE\SOFTWARE\\" "GRPZWW" "S13SPB2Z_2025-08" "c9818a0b029fee54cedf74badb99a578bad4ce6a_000028_patch-run.exe" "Windows Registry Editor"
open C:\WINDOWS\system32\cmd /c "\F9D3.tmp\F9D4.tmp\F9D5.bat C:\Users\user\Downloads\SH1.exe"
WriteConsole: '"C:\Users\Aunvs
WriteConsole:
WriteConsole: c:\users\user\do
WriteConsole: duckstation-qt-x
WriteConsole: "SH1\Silent Hil
WriteConsole: 'duckstation-qt-
open C:\WINDOWS\system32\cmd /c "\8665.tmp\8666.tmp\8677.bat c:\users\user\downloads\8fb06cdd9dcd833647839ae420e95276d4c5eb6c_0000425472"
WriteConsole: rpcs3.exe
WriteConsole: "dev_hdd0\disc\
WriteConsole: 'rpcs3.exe' is n
"C:\WINDOWS\system32\cmd" /c "\55C2.tmp\55C3.tmp\55D3.bat c:\users\user\downloads\9c38714c0c2e34428d6a1cc6696f713ea5632357_0000386560"
"C:\WINDOWS\system32\cmd" /c "\3BAD.tmp\3BBE.tmp\3BBF.bat c:\users\user\downloads\4a164e8dbe73b2da6257d2bf1009df07b80a2f17_0000130048"
"C:\WINDOWS\system32\cmd" /c "\44F4.tmp\44F5.tmp\44F6.bat c:\users\user\downloads\236749837977f3175008054826e83e3d8875deac_0000288256"
C:\WINDOWS\system32\reg.exe Reg.exe add "HKCU\CONSOLE" /v "VirtualTerminalLevel" /t REG_DWORD /d "1" /f
C:\WINDOWS\System32\Wbem\WMIC.exe wmic path Win32_UserAccount where name="Wefmtfgw" get sid
C:\WINDOWS\system32\chcp.com chcp 65001
C:\WINDOWS\system32\timeout.exe timeout /t 1 /nobreak
C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe powershell -NoProfile Enable-ComputerRestore -Drive 'C:\'
"C:\WINDOWS\system32\cscript" \5787.tmp\5797.tmp\5798.vbs //Nologo
"C:\WINDOWS\system32\cmd" /c "\7510.tmp\7521.tmp\7522.bat c:\users\user\downloads\54d3e601f0362f0260dc63ffb0383b4c16acc88a_0000197632"
C:\WINDOWS\system32\tasklist.exe tasklist
C:\WINDOWS\system32\find.exe find /i "Topaz Photo AI.exe"
C:\WINDOWS\system32\reg.exe reg add "HKCU\SOFTWARE\Topaz Labs LLC\Topaz Photo AI" /ve /t "REG_SZ" /d "" /f
C:\WINDOWS\system32\reg.exe reg add "HKCU\SOFTWARE\Topaz Labs LLC\Topaz Photo AI" /v "token" /t "REG_SZ" /d "null" /f
C:\WINDOWS\system32\reg.exe reg add "HKCU\SOFTWARE\Topaz Labs LLC\Topaz Photo AI" /v "refreshToken" /t "REG_SZ" /d "null" /f
"C:\WINDOWS\system32\cmd" /c "\1E8B.tmp\1E8C.tmp\1E8D.bat c:\users\user\downloads\4a384fd363d71913ffcd1ff32d5177bf4cfd01d5_0000124928"
"C:\WINDOWS\system32\cmd" /c "\F278.tmp\F279.tmp\F289.bat c:\users\user\downloads\7c42c5412b11d3d96210fc00321dadd5cdea4f52_0000207360"
C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -File "ModEnablerGUI.ps1"
"C:\WINDOWS\system32\cmd" /c "\3E13.tmp\3E14.tmp\3E15.bat c:\users\user\downloads\1b931bd11f9e199ffa56c51c9b6c07a66ccda9b2_0000498688"
C:\WINDOWS\system32\timeout.exe Timeout /t 3 /nobreak
"C:\WINDOWS\system32\cmd" /c "\6943.tmp\6944.tmp\6945.bat c:\users\user\downloads\e13d4b1ba84c28d29f02a0e2f3b6dff659c98162_0000164864"
C:\WINDOWS\system32\mode.com mode 58,20
C:\WINDOWS\system32\PING.EXE ping -n 3 ServerDmi
C:\WINDOWS\system32\find.exe find /I /C "maxim"
"C:\WINDOWS\system32\cmd" /c "\D638.tmp\D639.tmp\D63A.bat c:\users\user\downloads\68c16c0aeeec62811343f01e4630a3e44bde223b_0000124928"
"C:\WINDOWS\system32\cmd" /c "\7833.tmp\7834.tmp\7835.bat c:\users\user\downloads\a4c024144ed0426501eff263512dfcee08522e1f_0000124928"
"C:\WINDOWS\system32\cmd" /c "\2F83.tmp\2F84.tmp\2F85.bat c:\users\user\downloads\ec49c9c764b4480383549531a1cfe6525f8ea195_0000124928"
"C:\WINDOWS\system32\cmd" /c "\2B2E.tmp\2B2F.tmp\2B30.bat c:\users\user\downloads\252dbf03d926b7136c67bfb3de05eafbe65355d8_0000124928"
"C:\WINDOWS\system32\cmd" /c "\2EF7.tmp\2EF8.tmp\2EF9.bat c:\users\user\downloads\27b07ccc46b9b4c945571e0a1161884eb020d17c_0000124928"
"C:\WINDOWS\system32\cmd" /c "\92CC.tmp\92CD.tmp\92CE.bat c:\users\user\downloads\8f7afdfe373bf754270caff338177fbb3f89708c_0000390144"
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument https://ww1.goojara.to/
"C:\WINDOWS\system32\cmd" /c "\2A60.tmp\2A61.tmp\2A71.bat c:\users\user\downloads\87e696db924e184bc0196d0e41de697fb9775756_0000124928"
"C:\WINDOWS\system32\cmd" /c "\40FF.tmp\4110.tmp\4111.bat c:\users\user\downloads\6fceb2b243ad2891bdb5f83a4a5265295f7a1a91_0000124928"
"C:\WINDOWS\system32\cscript" \6CEB.tmp\6CEC.tmp\6CED.vbs //Nologo
open C:\WINDOWS\system32\cmd /c "\529.tmp\52A.tmp\53A.bat c:\users\user\downloads\0b3ed40c3254bdaea0248ccee0e08bee95d87768_0000194560"
"C:\WINDOWS\system32\cmd" /c "\243D.tmp\243E.tmp\243F.bat c:\users\user\downloads\1e0cb684e4942ecab68bef187528d3ecb97428c9_0000124928"
open C:\WINDOWS\system32\cmd /c "\A67C.tmp\A67D.tmp\A67E.bat c:\users\user\downloads\cc70fd6a175f62c802ae58e29cae0f23161e1419_0000346112"
C:\WINDOWS\regedit.exe C:\WINDOWS\Regedit.exe /S "C:\Users\Afbmviii\AppData\Local\Temp\~lvecdkp.tmp"
"C:\WINDOWS\system32\cmd" /c "\A61E.tmp\A62F.tmp\A630.bat c:\users\user\downloads\3cd15a87446ecc65f7973927ace1580d6583e76e_0000396800"
C:\WINDOWS\system32\timeout.exe timeout /t 5 /nobreak
"C:\WINDOWS\system32\cmd" /c "\5CBC.tmp\5CBD.tmp\5CBE.bat c:\users\user\downloads\273421244d56d006027a6f79d9f78e2425b071bf_0000124928"
"C:\WINDOWS\system32\cmd" /c "\A66C.tmp\A66D.tmp\A66E.bat c:\users\user\downloads\11f5ebd1c47bc933e2e7d367ea10d85493c0dd62_0000124928"
"C:\WINDOWS\system32\cmd" /c "\A2A3.tmp\A2A4.tmp\A2A5.bat c:\users\user\downloads\920d8083eac7051339505ce511cbc1a0c8a69661_0000124928"
open C:\WINDOWS\system32\cmd /c "\A69B.tmp\A69C.tmp\A6AD.bat c:\users\user\downloads\171b5435ddedef67ef01974659487a153bd9d68b_0000070144"
C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-Type -AssemblyName PresentationFramework
"C:\WINDOWS\system32\cmd" /c "\A5FF.tmp\A60F.tmp\A610.bat c:\users\user\downloads\089f6dd6ccadf11626453eff2a81587a1ebeca43_0000124928"
"C:\WINDOWS\system32\cmd" /c "\1D18.tmp\1D19.tmp\1D2A.bat c:\users\user\downloads\260b9fbf8856cea37a9d473e4f831330f2870e8b_0000541184"
C:\WINDOWS\system32\mode.com mode con: cols=80 lines=25
C:\WINDOWS\system32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching" /v "SearchOrderConfig" /t REG_DWORD /d 0 /f
C:\WINDOWS\system32\reg.exe reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerThrottling" /v "PowerThrottlingOff" /t REG_DWORD /d 1 /f
C:\WINDOWS\system32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile" /v "SystemResponsiveness" /t REG_DWORD /d 0 /f
C:\WINDOWS\system32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile" /v "NetworkThrottlingIndex" /t REG_DWORD /d 4294967295 /f
C:\WINDOWS\system32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile" /v "SchedulerResolution" /t REG_DWORD /d 1 /f
C:\WINDOWS\system32\reg.exe reg add "HKCU\System\GameConfigStore" /v "GameDVR_Enabled" /t REG_DWORD /d 0 /f
C:\WINDOWS\system32\reg.exe reg add "HKCU\System\GameConfigStore" /v "GameDVR_FSEBehaviorMode" /t REG_DWORD /d 2 /f
C:\WINDOWS\system32\reg.exe reg add "HKCU\System\GameConfigStore" /v "GameDVR_FSEBehavior" /t REG_DWORD /d 2 /f
C:\WINDOWS\system32\reg.exe reg add "HKCU\System\GameConfigStore" /v "GameDVR_HonorUserFSEBehaviorMode" /t REG_DWORD /d 1 /f
C:\WINDOWS\system32\reg.exe reg add "HKCU\System\GameConfigStore" /v "GameDVR_Escape" /t REG_DWORD /d 0 /f
C:\WINDOWS\system32\reg.exe reg add "HKCU\System\GameConfigStore" /v "GameModeEnabled" /t REG_DWORD /d 1 /f
C:\WINDOWS\system32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games" /v "Scheduling Category" /t REG_SZ /d "High" /f
"C:\WINDOWS\system32\cmd" /c "\A6CA.tmp\A6CB.tmp\A6DB.bat c:\users\user\downloads\dc8dd7f2ae7a4720ce9da482fc1e18e391dc94af_0000124928"
"C:\WINDOWS\system32\cmd" /c "\BF7C.tmp\BF7D.tmp\BF8E.bat c:\users\user\downloads\4799380b2c8e621561a4de087cf1fcf427246400_0000124928"
"C:\WINDOWS\system32\cmd" /c "\AAF0.tmp\AAF1.tmp\AAF2.bat c:\users\user\downloads\4b96c15657b4e58f10f0b9370bb5bc46ec6f5f92_0000124928"
"C:\WINDOWS\system32\cmd" /c "\A320.tmp\A321.tmp\A322.bat c:\users\user\downloads\75ed077c5dee2ed48a8ae0ac3f34245e9a9059a9_0000124928"
"C:\WINDOWS\system32\cmd" /c "\BA8B.tmp\BA8C.tmp\BA8D.bat c:\users\user\downloads\2c3ee8c54a7dbbad4c4dec51153e894ddc754f26_0000124928"
"C:\WINDOWS\system32\cmd" /c "\BBD3.tmp\BBD4.tmp\BBD5.bat c:\users\user\downloads\9af23c4b4ce5fbd0424d0dad1e1c5345eee5520b_0000124928"
open C:\WINDOWS\system32\cmd /c "\A69B.tmp\A69C.tmp\A69D.bat c:\users\user\downloads\299759b755109af6bec5dd18e3e7f97b77574085_0000157696"
WriteConsole: SET
WriteConsole: _JAVA_OPTIONS=
WriteConsole: PZ_CLASSPATH=is
WriteConsole: ".\jre64\bin\jav
WriteConsole: -Djava.awt.head
WriteConsole: The system canno
WriteConsole: PAUSE
WriteConsole: Press any key to
"C:\WINDOWS\system32\cmd" /c "\BBA4.tmp\BBA5.tmp\BBA6.bat c:\users\user\downloads\62c2466b5a960e98f66c5c012aaddacbe9f6f821_0000124928"
"C:\WINDOWS\system32\cmd" /c "\BA8B.tmp\BA8C.tmp\BA8D.bat c:\users\user\downloads\17b6f58d83ecaf1584747ec03dab6db8273cbb16_0000124928"
"C:\WINDOWS\system32\cmd" /c "\BB08.tmp\BB18.tmp\BB19.bat c:\users\user\downloads\e3ff040d59b02724f53aa50720bc19fafd781881_0000124928"
"C:\WINDOWS\system32\cmd" /c "\A236.tmp\A237.tmp\A238.bat c:\users\user\downloads\46cd563ddbe1194a7ed362279628a41464f36082_0000416768"
"C:\WINDOWS\system32\cmd" /c "\A217.tmp\A227.tmp\A228.bat c:\users\user\downloads\4ddefef57c50124713cc427c9f1cc1460185fb3d_0000195072"
C:\WINDOWS\system32\mode.com mode con: cols=100 lines=40
"C:\WINDOWS\system32\cmd" /c "\A8E1.tmp\A8E2.tmp\A8E3.bat c:\users\user\downloads\a00e37a28d8bec694d871078e43531e9a1915386_0000124928"
"C:\WINDOWS\system32\cmd" /c "\A255.tmp\A256.tmp\A267.bat c:\users\user\downloads\a571c5d07679ba1d1e041d70f403a3f8b1590b4f_0000124928"
"C:\WINDOWS\system32\cmd" /c "\A61E.tmp\A61F.tmp\A620.bat c:\users\user\downloads\60197b35de8f237c3d0b56c767ef990bf871c807_0000124928"
"C:\WINDOWS\system32\cmd" /c "\494E.tmp\494F.tmp\4950.bat c:\users\user\downloads\f5e9fb891a8134ca96f9bc6a6e01a71a96b6279e_0000124928"
"C:\WINDOWS\system32\cmd" /c "\8F39.tmp\8F4A.tmp\8F4B.bat c:\users\user\downloads\578f62ce90020694653e65b7bf04ed2aff638c2b_0000124928"
"C:\WINDOWS\system32\cmd" /c "\BB08.tmp\BB09.tmp\BB0A.bat c:\users\user\downloads\c61399e940956263eb34985bd9234aaa66fb843b_0000154112"
C:\WINDOWS\system32\cacls.exe "C:\WINDOWS\system32\cacls.exe" "C:\WINDOWS\system32\config\system"
C:\WINDOWS\system32\mode.com mode con: cols=120 lines=45
"C:\WINDOWS\system32\cmd" /c "\BB37.tmp\BB38.tmp\BB39.bat c:\users\user\downloads\d1e2f4ef271e0245431b9cf7560b1e95126956df_0000124928"
"C:\WINDOWS\system32\cmd" /c "\3548.tmp\3549.tmp\354A.bat c:\users\user\downloads\cdd0d4f819f6aa837e0db1aa7c68b003917cf30a_0000124928"
"C:\WINDOWS\system32\cmd" /c "\82EA.tmp\82EB.tmp\82EC.bat c:\users\user\downloads\e1f9a2144f6cc01e0f7bd1c8bc219b54b42873bf_0000124928"
"C:\WINDOWS\system32\cmd" /c "\1153.tmp\1154.tmp\1165.bat c:\users\user\downloads\50d0db6ebf4e68de69cb1989dd1843c836877907_0000124928"
"C:\WINDOWS\system32\cmd" /c "\B147.tmp\B148.tmp\B149.bat c:\users\user\downloads\60cdde159dd21cf13eaf11b1520a51c8ff52e74c_0000130560"
C:\WINDOWS\system32\certutil.exe certutil -f -delstore root CA131100001
C:\WINDOWS\system32\certutil.exe certutil -f -delstore root CA131100002
C:\WINDOWS\system32\certutil.exe certutil -f -delstore root GPKIRootCA1
"C:\WINDOWS\system32\cmd" /c "\9BA7.tmp\9BA8.tmp\9BA9.bat c:\users\user\downloads\00c1d671b8cb560df3f20323e4a522c0a2cec045_0000124928"
"C:\WINDOWS\system32\cmd" /c "\98C6.tmp\98D7.tmp\98E7.bat c:\users\user\downloads\40598e2e9adbb2bd0c705d8d419d93cd0f64bef3_0000124928"
"C:\WINDOWS\system32\cmd" /c "\BABA.tmp\BABB.tmp\BABC.bat c:\users\user\downloads\0a964f506babcce5341b1ed2b36e3db1fdda6712_0000193024"
C:\Users\Nudhknac\AppData\Local\Microsoft\WindowsApps\python.exe python sun_times.py
"C:\WINDOWS\system32\cmd" /c "\E2C0.tmp\E2C1.tmp\E2C2.bat c:\users\user\downloads\dff1783daa3bf8c304cd055b53171aa2ad9572b3_0000124928"
"C:\WINDOWS\system32\cmd" /c "\BAC9.tmp\BACA.tmp\BACB.bat c:\users\user\downloads\7a18440b22befae7db600233825a0cf7b6044076_0000124928"
"C:\WINDOWS\system32\cmd" /c "\AD41.tmp\AD51.tmp\AD52.bat c:\users\user\downloads\4062dc9618704c8e5ef26418acffa1175bb3260e_0000124928"
"C:\WINDOWS\system32\cmd" /c "\4BFA.tmp\4BFB.tmp\4BFC.bat c:\users\user\downloads\766d563bf38d9d46b1de128d20abcfb82e6060d0_0000124928"
"C:\WINDOWS\system32\cmd" /c "\BAC9.tmp\BACA.tmp\BACB.bat c:\users\user\downloads\2bd7f0f9d85e7134cde5ca99dbb0bd9b4c417b3e_0000124928"
"C:\WINDOWS\system32\cmd" /c "\A320.tmp\A331.tmp\A332.bat c:\users\user\downloads\1bcf2cf2e28f676f6c4685592e08a24a68e237c0_0000124928"
"C:\WINDOWS\system32\cmd" /c "\BCF5.tmp\BCF6.tmp\BCF7.bat c:\users\user\downloads\2625286fc117d1d65421634f571712275fa4a286_0000135096"
C:\WINDOWS\system32\netsh.exe netsh interface ipv6 uninstall
C:\WINDOWS\system32\netsh.exe netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=no
"C:\WINDOWS\system32\cmd" /c "\BD34.tmp\BD35.tmp\BD36.bat c:\users\user\downloads\227355f3eacf09d1e228d227ba26946b4a33b129_0000124928"
"C:\WINDOWS\system32\cmd" /c "\792A.tmp\792B.tmp\792C.bat c:\users\user\downloads\6eb9d51cafc5c5e9e57e06d130a01b695c784552_0000124928"

Trending

Most Viewed

Loading...