Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Bitcoinminer.B

Trojan.Bitcoinminer.B

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 990
Threat Level: 80 % (High)
Infected Computers: 35,499
First Seen: May 5, 2017
Last Seen: April 30, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Bitcoinminer.B
Signature status: No Signature

Known Samples

MD5: 0171b5498f8ca3db93f21c1b1ba91bc9
SHA1: 507d1580c61411611c11ea7de9edbbe36465fc42
File Size: 124.93 KB, 124928 bytes
MD5: b7ae37a358c3a60ba1216bb9538865ec
SHA1: 8596107d4f1776b03e7277d8576a559cfc94f215
File Size: 124.93 KB, 124928 bytes
MD5: 9e6d2c1b3d0f26980b0e87333c7efb48
SHA1: 9e7207f4fa704adbc256477a428e11d54a4535a4
File Size: 609.28 KB, 609280 bytes
MD5: 469cc1c3d8e0e41a8491f95a15cbb10f
SHA1: b952e3e942866e9f52812a081f186c9706a96d97
File Size: 2.47 MB, 2467520 bytes
MD5: a427cc83f59a88790d00d4310df2ea46
SHA1: b014e09a5ad09df8d3145bfb9eab576210ee6d25
File Size: 125.95 KB, 125952 bytes
Show More
MD5: 5d8c96dd4c12a7a663649eb49a9d4c27
SHA1: 867a6c07eb8f2cbed4c5daf4272e3e734ddf88a0
File Size: 6.98 MB, 6976440 bytes
MD5: 430edaa30d952811e4d500d8b517bc42
SHA1: d85e6682b867043c98a3b50bc7c6f631f4af28c6
SHA256: 69CFFC90C27A32446D287656558ADC770851F02DF70D76F5A9695FA529ADEFD3
File Size: 124.93 KB, 124928 bytes
MD5: d7302cc47b42450516cf42452fcb7c16
SHA1: 3c058c9230156f07cc5a350d5de92b973e8445ee
SHA256: E2E3D70D415DC0540AD9F375DE5ADE947BF218D2C1F67FAB1052AF7184A6AB2C
File Size: 124.93 KB, 124928 bytes
MD5: 893c36485bb9e426387f7aa865879cd5
SHA1: 3102c741775bc8e6dec49cbb9e3d96df4aebbeec
SHA256: 095AF546022D231972D926F4DE66F4CAFBC5067E5366AF6F2D8541261D993DC4
File Size: 56.32 KB, 56320 bytes
MD5: c06fbdc3f1fa7d44f5e7b5270b836640
SHA1: 4a33e63b6ea9e9b981e7e220311157b776fea7dd
SHA256: 1348D078473F79C3182A2487BFE7862D791E99576B05CF3D69F9D43A50FE0C81
File Size: 134.66 KB, 134656 bytes
MD5: 8c559d545b66a739028979be0c236bc8
SHA1: 3ce7c3041d81b8d3a69f32e4578f3d9e31c3c4c2
SHA256: 4972A1161C84599B4468276B4507F9E3F5589BBDCEE3ECC5DF10EB061AC9D8A5
File Size: 124.93 KB, 124928 bytes
MD5: 498b4408e0cd384aa8ca242d559239bc
SHA1: 7de3ad5b027fc402f66dc9c2df18fa561d92e440
SHA256: 660F1064A774D9E37890905AF58E7BCF51026D0E103336459EE51A3A6613F714
File Size: 166.91 KB, 166912 bytes
MD5: 35cad6c66a72e086726e3dd10d05c9e3
SHA1: 4035aff8535231b07d1ae4ed7ffa15b4a55d196a
SHA256: BE8A6F2B49710CB5AEBE4B1621D4D3CEA3AD7BC04274BAB796590BDB1F00AC98
File Size: 1.39 MB, 1389568 bytes
MD5: 644ead0ac6aaec6743a9ed27716aaeb8
SHA1: 60d177d3166eaf84be0e21799f78666e9c5a653c
SHA256: 1547CBE02299B12C636438DCBCBBC6BE61BA7676DDF63451D0D481F8180B7086
File Size: 124.93 KB, 124928 bytes
MD5: e7a3e05a6ea13984630c0aa507096a54
SHA1: 9ce6248026c45a63eb57030e770e1ea5d3124aad
SHA256: 3227BE8A84B5E17134D2C08287A6417AC8DC41AA556CA18EF58DE7B942EE6300
File Size: 192.51 KB, 192512 bytes
MD5: 5a588fba2011169ca8d9df10de6b6aae
SHA1: 67ac61678a39a8c55f97347e47950ee3c7e88240
SHA256: D55F42243D611488AD21458B0ED8816D131ADE20825A3CF50AAA9AD0AB3B20DF
File Size: 125.44 KB, 125440 bytes
MD5: e476bf3252bd46ec718dba6fbc49311e
SHA1: ff648a3122ff41b9e04899a326a3e395360db339
SHA256: CB83A2F489C6531BF27F38DAD2C29D25A19809739CDA69C7DC4AFA18D9E3B3F4
File Size: 125.44 KB, 125440 bytes
MD5: 8997ff29ca0165fb6cc238d4bbfdf775
SHA1: e07aad8b31132bc60b9203ca02ec66a2bb2f4ebb
SHA256: 434DF5344FF7AAA712AA8D8CB8F05717338986CB90E966B5E34E35D840B2ED9B
File Size: 124.93 KB, 124928 bytes
MD5: e6eb6db201477af87faf0fb238c42a23
SHA1: 3e87e99f58d22ca9598ee42adcde03c61dea770e
SHA256: 9D19423AE86EB17EB80E44554ED6E8506A659FE31A6B23D1844863C3ED651886
File Size: 200.19 KB, 200192 bytes
MD5: 4ce05c3f77dc6a3ddc6f24621fc51f93
SHA1: c83084ab0583706cdedbeebb1038e23139a4863e
SHA256: CE396B36E025023C6ECF7239D880A82D3C145E08348436A8797133F71F17D6F2
File Size: 420.35 KB, 420352 bytes
MD5: 035b272a47146deb662d877bcbdc59f5
SHA1: fbaa97af9a099060096964cbe3442f586c23b99b
SHA256: 48B272B8F6C619E3962C4CBBA12468CF101BB20828F27762070EFB7F432A1575
File Size: 124.93 KB, 124928 bytes
MD5: dda4f41241984e313f63e722a4753163
SHA1: b0940de7906cfba46451fe26b3876b14a840a942
SHA256: 20502858584CC6C462F296D07C2B734978E9EA83892FA4AA0C2B8C66D59406E5
File Size: 124.93 KB, 124928 bytes
MD5: 7f8319eca42b296cb50621a16d2fea12
SHA1: 577eb647625b1a17cad61087a3ab556bc9c8c14c
SHA256: 683A76DAF6F90BB1626214309E05030758786DBD5483F61342E2909C502C9A8D
File Size: 2.34 MB, 2335936 bytes
MD5: 284c3768613510cd448c799a3066c5aa
SHA1: 3d52f331733b08fe9df8f4baa2fb472dc1b6edf3
SHA256: 17706E231887B272B0F7C4D620169DC926442C709DB37C013BD784E6D38782B3
File Size: 124.93 KB, 124928 bytes
MD5: cf4090c5aabe5bb88535ff9b1f44182c
SHA1: 3618038f48cf6b58e84e410b2c67662f00c71b94
SHA256: F5467A0B93FC62B7F55040A88A892D4D12B752D14B9AE8CDAFC86F240CBF33E7
File Size: 124.93 KB, 124928 bytes
MD5: 630200aaa5db40590d1538179098f064
SHA1: 46226928d9aa1cede2150a7fc9552c4bc0500b72
SHA256: B571455552D418591286754601B23D1144E9DD773D9551DF1FB2E1DA75048228
File Size: 124.93 KB, 124928 bytes
MD5: 4bc448b069026bd3199c9c0869f685fd
SHA1: 33c101a7edd4663d6b95b37f272c0c642f5580f1
SHA256: 6BA2543E5E49F54A5F964F34DB6052E9B94976B19CC48C152D033CCBFB3B8C0B
File Size: 302.59 KB, 302592 bytes
MD5: 10c606789c7a2550c40247923de12f83
SHA1: 76836ee9f95bac71718b7b695184295f260c7eff
SHA256: 62AF482DBEF3FC5789BE153EAD2296E3BB92BD1F83B812BFE568893E12525174
File Size: 1.38 MB, 1381376 bytes
MD5: b1f0fb116246bb84d1ce55f4968da30a
SHA1: d0e56bbe2685b97367da74174e9fcf2e7dc52019
SHA256: 1C0E0375F9BDE6486BB89A247B154E2CA33587F53C18717D4F7DB6B33C408531
File Size: 131.07 KB, 131072 bytes
MD5: a4f32ae070b7b0081c11cc5ed97f6c78
SHA1: c580c8abc543b00c13c60b281d70745592823983
SHA256: AF4723A105E42A6B431913EE6CF21D1CDC7349D4E7BD78F15FB1F13EC561DC21
File Size: 156.16 KB, 156160 bytes
MD5: 5df5298dc4fbeb88625bbe75a98ba792
SHA1: a97230e90386a3e555a5fb4488c53851e6ae3c0b
SHA256: 60DD1D773FA3E4538D3A8256590BE919242FD4C2DB88B0D70D1C1859C67D2D2A
File Size: 439.83 KB, 439832 bytes
MD5: f3d2a8f80ca8d01cd3e32d3a0421286d
SHA1: e4fff92b8d85d21ca37d174371af63fc8c1efd28
SHA256: E719C6FC1C9F7FC29F29DE48EF41863B648B9B21A8F7AB9C3894FEB5343BFFC2
File Size: 124.93 KB, 124928 bytes
MD5: 4bd60912c68e5508c201d2ad1ec3eafe
SHA1: 509be0d1dbda3363805abf15b586ea664670e6f4
SHA256: 6A9D323F5E90D167046CD1A2F23075A2634341CDCDE1826C3385B30F7C2DAAFE
File Size: 2.38 MB, 2383040 bytes
MD5: 03eb56c6ab758cb73cf912216657c3f7
SHA1: be13f704da48d07083a63650b42b052f69e00583
SHA256: CB7461CB7AC6B7C2DE3B7CFD27813025F76C993059865C36889FBD0C459E6AB2
File Size: 1.39 MB, 1391104 bytes
MD5: 1fa00a9802dd211bdfb91a2f790a8264
SHA1: 60538c664930bdfd48451fdac81cf2f3863da526
SHA256: A2F3CB92936099767AF3DAA339618990D7965AC90147AB6901BD49B4515A02A6
File Size: 124.93 KB, 124928 bytes
MD5: d0f5ab6e58b5fce326604c110c1fc61e
SHA1: 8422d5f27eb6bb840f12f14dcde6abd6023e50c2
SHA256: 12EB8218BFCC89FBBC7232D52679946E1F754AD9AB9E8CC89E44550FEB0D9070
File Size: 124.93 KB, 124928 bytes
MD5: df90651a898181f3aa886f504452f4ef
SHA1: 4a894e2ff26e6743a46ff53acd37c4f3936fec49
SHA256: F90706D64A70B23B7B4164DB12696F380AA8FD7CDC735D1F68568F38BF079F1C
File Size: 124.93 KB, 124928 bytes
MD5: 62a63cd6c3a1ba345bb2eeac110ec349
SHA1: e0a3ea609447e97c51b076f7944d55571de71d02
SHA256: 82187B61DC580FDE426F5B7CFEFBFB47BA8DF54BADE4C8DAC04C01AFFA1F3CF0
File Size: 1.99 MB, 1994240 bytes
MD5: 384127998fde63ee18d1c07cc5914ec8
SHA1: 69ee6161d1c63e7cb71579e62700951ad4700072
SHA256: D613BCFC3ADEF343F42083BBB15EDA302A70700975FD5E7F3BF2073609DD1C02
File Size: 202.75 KB, 202752 bytes
MD5: 8436f20f5d08714d1480c718fdc5f788
SHA1: 289871f8b56bf515585affc9a283e7a8d5e342d1
SHA256: B4A05F5895F93C7047EDF4D7853395C74B5188958B504896C15BDBAF2D9D4621
File Size: 395.78 KB, 395776 bytes
MD5: 742a090bcb62cdebe5e15219d06132db
SHA1: 1719bbb1f4907a8fbd0217171be8fc216e6bc45f
SHA256: 7F483FF290CE0EEB86DDD80B0250F7046BCD46CB99102D8E6E6CB0CB0E7F8A52
File Size: 2.37 MB, 2373848 bytes
MD5: 30c410e3da0be5f6b537c07834082d94
SHA1: 29a4f4d67c53501088a963792ee779a3c942169b
SHA256: 08A95B44009ED5060F2E4D6E3FB7CEBEBF598213C5D0C95E3B1218827436A082
File Size: 171.52 KB, 171520 bytes
MD5: 7478c7a335034589bd89bbf4c64c6cfd
SHA1: a8954440ddb5a1c8ec5dfa0e55e3be9b856689a0
SHA256: AFDDE6BBA9E397CC7FD20E8F008D4A5BAF181D71174200BBC7794BDBFCB15BAE
File Size: 122.37 KB, 122368 bytes
MD5: 72b8521c7a4c3da3c4190fa7dacd1985
SHA1: 2081dc1969dc4ba0518f4e810aa6c27f67a8c501
SHA256: 51C46C3881C30063B6514C73D0AF4DC69EE514D7588C44F089FF6512C46ECE1B
File Size: 313.34 KB, 313344 bytes
MD5: b8ace74ad1dfe4fdcf07d50472173876
SHA1: 4e1fa9be96e6ccee2ac7ab32682275972e932d15
SHA256: 98FEE43A4ED7CB19779AFAF528A99D799F50A67C51A8D97DC43F2F72C2822F0C
File Size: 124.93 KB, 124928 bytes
MD5: cc6eec268744366263def66f84e74872
SHA1: 584e337c3a2fbc6997df041f59607a69b13d2c31
SHA256: 1E6D72C6CA09C056AC84D97DB2FD480228D4229DB91D6F0E453F1EE60BE8143A
File Size: 733.18 KB, 733184 bytes
MD5: 902869f65f5f0ec1dbe6a7b0757e66e3
SHA1: ae48dbe95f226204cf7e73b416cf9e9578e26b4a
SHA256: 135B59A4A04FC604D8DD651E3CF5991CCC169DE0E36578B3009EEAA3B6E4B582
File Size: 2.89 MB, 2885632 bytes
MD5: b562aa6803d987e489cafcc170501c30
SHA1: 1193ef7e0d9f6e49f6ab447208207ec5c452a99b
SHA256: 4936EA624A03858293DF125778439F3816679237F6666A5C22FB7FF275E025D3
File Size: 2.31 MB, 2305728 bytes
MD5: f9fa7eef64ab403b69991a6b4d194281
SHA1: 5d87ae8a2dba7184f9faae5b0cc8fc22e8273ea8
SHA256: FA3C807F1B5D94139063CA0A0C326D54B861F3C0DAB426C51E778C579B04EEDC
File Size: 131.58 KB, 131584 bytes
MD5: 16684e3cb551e30b957b5a6227b29708
SHA1: e87934e3e66b65dad588cc80a895393a9bceab71
SHA256: 1187E89C7BB89D0DBC73B4587AC1BA9C670EA1AFC5B7CF7FBE6D0EC10F170C24
File Size: 124.93 KB, 124928 bytes
MD5: c292113ff3322d56571b38638a15e9a7
SHA1: 12c6361366a9bc9c96d2dac90c4ed970c5003761
SHA256: 199A9CAF9C83DB5999A37CDFF32FC206E1F13ED2BED69557FE980689A3393348
File Size: 230.40 KB, 230400 bytes
MD5: c7708f078d36803e8a8c0df8a5784f72
SHA1: 953426f50c4362d14cb1c805b81e54408eb94193
SHA256: AA6B5777B63953EE8EF262194C7567FCE541F9FE5DADE2AC88CF8F051C4DBF38
File Size: 390.81 KB, 390812 bytes
MD5: 829e38373c140fedbb680e28b0b30396
SHA1: 8924940d92de0f33362d92bad6a90ab56b7270dc
SHA256: 6C4964B6909DCE623E8DE2894AE8A6303642603E2C9F7B9F8DE16657BAA0A912
File Size: 124.93 KB, 124928 bytes
MD5: eb2ccb4b482433e81cd75b5c9d30a1c8
SHA1: fdaa92d6b8b52113553f0e04eb4502912c81ad32
SHA256: 583FBAAB9004EAE15F4D7411417B1466E0F7D278263054C2185054D716A8E12E
File Size: 253.95 KB, 253952 bytes
MD5: 7b05828dc1a6a923e6721825a99240a2
SHA1: 8d3230fc6f6e1182f6bfabeb14afe94952f9d087
SHA256: FD14480F7E0511A665493B4B6D45E225A4917764ABF31D1215DCCA6C2A469800
File Size: 124.93 KB, 124928 bytes
MD5: c4505268206d8ad6a2b1980b1dad746e
SHA1: acde9d7658f6bd186ed7cef138898968f448e2f5
SHA256: F65CFB39615824CD5172344087F4A4402CC06AF6C214F5EEB6E92998EE2105B1
File Size: 2.38 MB, 2383040 bytes
MD5: 857ca8948bbfa6939b6986b187458016
SHA1: fa1ac40ba69062af76b634bc761a7cd0dd25e35f
SHA256: A6E87DCE058897322E53005E0B0D8933AB37F677AFBE440AC46A9D4734E4480A
File Size: 189.44 KB, 189440 bytes
MD5: 3a7998d1be8383d93fe2ee6bccc3c5da
SHA1: beca274c0ea4965a4de9a3117e3724225fa8d6cb
SHA256: F2C2F9B82F4B6184987A264B840C01A04D65585F7AE120E81A3656D5553D20BB
File Size: 124.93 KB, 124928 bytes
MD5: c795bf78150e18bb7017cf3140370f97
SHA1: 343bf94d8981d1fac31c6e969a9cffd55489601a
SHA256: 058039B49574A6354B08B4628597AD2125DBE74F64ED960C9B4F54AA5D90B066
File Size: 124.93 KB, 124928 bytes
MD5: ec8d8a44ab49241286fe272bb8ec2c8f
SHA1: 2e3c05edb1816e17479254ea2a0ebb490195f36e
SHA256: 1B4BA54B5BAEF177A2334B80B4836546A72DAFCD2131381EF0B8EECEDCD8AFF8
File Size: 124.93 KB, 124928 bytes
MD5: 3e1aa22c5a7d1a3dfbdde6741e17eb76
SHA1: eb6ab94de94f6ff27cb511a457e03a4d0e1f277d
SHA256: 0AA8D504D6FA3C62CAC02DC4E2974074F5AD2514E17D523F0C38976E4D06B330
File Size: 124.93 KB, 124928 bytes
MD5: 1d7d36b88c26d63648b17a5382526a69
SHA1: 3eb21cf3d45f126df1fd864909f65ad48e00766c
SHA256: D4DD3F3B2C88D954E9100B47891075214DF02D8B214C404C0596BD4309067605
File Size: 145.41 KB, 145408 bytes
MD5: 7875538140b9f21fc821e48d8c528346
SHA1: 08767b6e2beb85829ea5019e9175f9a76bdc1bca
SHA256: CDCD7E4E1942CA092A0EFA45E719B9AFB56E82CC4EEFA28A4E86B267D0EF4C9F
File Size: 428.03 KB, 428032 bytes
MD5: 175f742694260788aa074136ec025433
SHA1: 4ba18a9c6315a9c5bfe91077fc4b21a864c2157c
SHA256: F8CD1BC3E8F897878999C3AAEA95C27A6F064197C1F0CCA35EF743C89D700C3F
File Size: 93.70 KB, 93696 bytes
MD5: d457745f770b003574311f7fbd79c6e9
SHA1: c8df69a06f09877c166540187d439fb56929e509
SHA256: B3366FAC6DAF9B16F9B251694C9A493DBE5335EED668F0889187D7A1B1301B21
File Size: 253.95 KB, 253952 bytes
MD5: 1000909d45c627973f4c0f89f1a5b9a1
SHA1: 3829d175cf0eb89144ada6e958a7be6c62237f23
SHA256: EDBA730535B62A18F2138F3BD85856D605DF4EEFA41190E0B98E57D818B88492
File Size: 92.16 KB, 92160 bytes
MD5: 1eab79fac8035921b926ba86d6f841a3
SHA1: b9e75ce15361eba036ee792dcf0dc01d19125d9a
SHA256: 88DF039AF3542D10A175902E55962DBE4F773AB3D0BDAFAE833CC6FDFE030473
File Size: 124.93 KB, 124928 bytes
MD5: 2d5e5b93e25c6c173b400c556118f82a
SHA1: ef4c8a5689d192c330906c02ae3f2fe79033bfe7
SHA256: 8CA1C01B5785D0645B94E61C9FF5EEC911E359C282D9FCF352D94DD6EF185F7F
File Size: 124.93 KB, 124928 bytes
MD5: 671ffb7f36705469eed9a3d8fb8c5595
SHA1: ed765735450d2b17a08e6dc971091cab48a158b1
SHA256: F0AD0C6FD560EC88A1BCC2F8DE9558B5E85772690552295DE1E01569BB65B485
File Size: 425.47 KB, 425472 bytes
MD5: 63cebc23cd53dc798d2194abbcd56a36
SHA1: 5744da77d9609a8246e46caf54b5fc92c5b0a405
SHA256: 52FDA16798C4307A5E20AD2E2CD0586D3168CC677FC4A2F6EFB16AA2E06AD86A
File Size: 2.37 MB, 2366976 bytes
MD5: 5bb09ca47acb2071bd85fd62d115fc5d
SHA1: 464a6c8a1f67251fe958919a2e9a5cfd3c33ceff
SHA256: 3D1531604A94DA2E2782C80BE4C2C283441F308969C795F4A1C04B1ACD275891
File Size: 5.74 MB, 5735856 bytes
MD5: c67638f5b804064d0796dab59ab52c53
SHA1: 1bd5e22f23fae4ec0aa53d413048316374076f9e
SHA256: 1349D45AFD18B43E5E5DBCE99A246B89E2536EF562E7EDFF8AAF101C78001F9D
File Size: 325.63 KB, 325632 bytes
MD5: adbdd5e4f378d96a75bed17dc52ca505
SHA1: ba09ff652749815b99accb951a262cf529f16b9a
SHA256: 622B442CA74C849CE5E1E4D5155F0704BCE2956ED20899A913B7B4F45ACB0934
File Size: 124.93 KB, 124928 bytes
MD5: a916a65f13ab56b93f38f4d96f4115bf
SHA1: 69f27cc4a105c3e1f5a48a00089b7fd26212b186
SHA256: 769AFEBFC3B4F0F6033B3DDD4B61DAFADFFB191FE58C25C2396A8CB7C55BD891
File Size: 127.49 KB, 127488 bytes
MD5: cdcf6d8782c460849c6504c878e64c91
SHA1: 6007bcd32f98d54e911dbaf0276324fd119525a7
SHA256: 6D18001EA27C55A24B8A47850B70B3261CA58086B72E5A1C9B10F6CE3DFAED8E
File Size: 926.21 KB, 926208 bytes
MD5: 9f1edf4056792d0ae1d35e6b4a72351a
SHA1: a944746f39122e701a87b0c8ec84895e31932487
SHA256: C48F7654C68961E2D937CA3C87A97807775D8F288F041B1BE5FD96F841F8D617
File Size: 2.18 MB, 2183680 bytes
MD5: bc8f75163b27e0a7c0c80d75500319f6
SHA1: 4adf8c2a40aab5126a48abc265b9df0862bd4654
SHA256: A9F2382A3BBA4FDB91FDEF6393738FB0BAA5408D2C96509D46243F9283AF82A8
File Size: 124.93 KB, 124928 bytes
MD5: 44a4901aa1f252a616c04acf45a21338
SHA1: 0a34e8b4664360105b9665df7cd3a04459eba5fe
SHA256: F797644030E596655876EEBADD8E9B9DDF499F7D297428D5FF26212F5446C469
File Size: 124.93 KB, 124928 bytes
MD5: b5c3933e9a59f4461ed47deed8987659
SHA1: eeaa78b007f61dce6778c77d9ff2f1332201d49f
SHA256: 809977E8D241735BC4BF9EFCEDD139CD661E2F2879D11AC5E84B0BD337B38E24
File Size: 75.26 KB, 75264 bytes
MD5: 87b15868769051900ed048ca617b9969
SHA1: 4d8c418120802c6a53dad8410eb437a6d6c09ab8
SHA256: C1F92C92B244C79CA4ADC849606ABF78B8308C394C2D109B5CE4256759E20C3C
File Size: 173.57 KB, 173568 bytes
MD5: d4b831b8f4161ebb0a328b8dc13b4a65
SHA1: 8e5c8c3c57af2b39411e9f3a34d9590182493908
SHA256: 2A9DF2B6E7B20C5BD5732C4F5A00E6C278105A8084329A1B68B958A3C3DA6597
File Size: 124.93 KB, 124928 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has TLS information
  • File is 32-bit executable
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
Show More
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

38 additional icons are not displayed above.

Windows PE Version Information

Name Value
Builder Admin 15:39:32 14/05/2024
Comments
  • BY:Mohamed El Assiouty
  • Bypass Windows Password
  • Created with InstallForge 1.4.4
  • Thanh Phan
  • This installation was built with Inno Setup.
Company Name
  • AZJIO
  • BY:Mohamed El Assiouty
  • Cheathappens
  • CryptoNick Soft
  • CryptoNick Soft™
  • DIGITAL STORM
  • Elite Tec - Informática
  • Ipiranga Agroindustrial
  • Jgc7
  • Microsoft Corporation
Show More
  • Nikzzzz Soft
  • RIA-TEC
  • Team AntiLag
  • TeraByte Unlimited
  • www.schote.biz
Created 7z SFX Constructor v4.6.0.0 (http://usbtor.ru/viewtopic.php?t=798)
Email
  • CryptoNickSoft@gmail.com
  • info@dirsync.de
File Description
  • Atualizador de apps
  • Bypass Windows Password
  • ChkDskGui
  • Convierte archivos .html a ejecutables portables para Windows (x64).
  • DIGITAL STORM OA3 INJECTION
  • DirSync sichert Daten - einfach und schnell
  • TeraByte Program Launcher for WinPE
  • The Wolf Among Us [1.21] Sprachpatch
  • Timer windows
  • Windows Login Unlocker
Show More
  • Windows Update Client
  • www.facebook.com/MohamedHassanAbdElMawgoud/
  • Распаковщик\упаковщик прошивок и образов разделов
File Version
  • v0.1
  • 2019.4.1.3
  • 10.0.19041.1
  • 5.0.0.1
  • 4.3.0.3107
  • 4.0.0.0
  • 3.0.1
  • 2.3.0.6404
  • 1.31.0.0
  • 1.21
Show More
  • 1.19.5.01
  • 1.5.0.0
  • 1.4.0.0
  • 1.1.3
  • 1.0004
  • 1.0001
  • 1.0000
  • 1.00
  • 1.0.22
  • 1.0.0.5
  • 1.0.0.0
  • 1,0,0,0
  • 0.0.0.1
Internal Name
  • 1.03
  • 09-08-2018
  • 12-15-2018
  • Atualizador de apps
  • BY:Mohamed El Assiouty
  • DIGITAL STORM
  • DirSync
  • MIK64.exe
  • REALESRGAN超分辨率工具
  • TBLauncher.exe
Show More
  • TEAM Fix 1.1.3 Installer
  • TJprojMain
  • WLU_x64.exe
  • WTS
  • wuauclt
Legal Copyright
  • (c)Nikzzzz
  • AZJIO
  • Copyright (C) 2012-2023 TeraByte, Inc. All Rights Reserved.
  • Copyright 2018-2024 © CryptoNickSoft™
  • CryptoNickSoft@gmail.com
  • Elite Tec - Informática
  • Jonas.marinho@ipirangaagro.com.br
  • MartyFiles
  • Stephen Kalisch
  • Thanh Phan-DIGITAL STORM 2019
Show More
  • ©2022
  • © Microsoft Corporation. All rights reserved.
  • © Mohamed Hassan
  • 哔哩哔哩 @ 上nm网课呢
Legal Trademarks
  • +201003592115
  • DIGITAL STORM
  • Microsoft® Windows® Operating System
Original Filename
  • BY:Mohamed El Assiouty
  • DirSync.exe
  • legendware
  • MIK64.exe
  • NCP
  • OA3 INJECTION
  • TBLauncher.exe
  • TEAM Fix 1.1.3 Installer.exe
  • TJprojMain.exe
  • Windows Timer Shutdown
Show More
  • WLU_x64.exe
  • wuauclt.exe
Private Build
  • .12.21.21.
  • BY:Mohamed El Assiouty
Product Name
  • Atualizador de apps
  • ChkDskGui
  • Darksiders 3
  • DirSync
  • HTML2EXE
  • Immortal Unchained
  • legendware
  • Multi Image Kitchen
  • NoControlPainel
  • OA3 INJECTION
Show More
  • Project1
  • qBittorrent OneClick
  • REALESRGAN超分辨率工具
  • Roblox
  • TBLauncher
  • TEAM Fix Setup
  • The Wolf Among Us by goldenboy
  • TimerWTS
  • Valkyria Chronicles 4
  • Win10herramienta
  • Windows Login Unlocker
  • Windows Update
  • 一件翻墙
Product Version
  • 139430
  • 70199
  • 65248
  • 2019.4.1
  • 10.0.19041.1
  • 5.0.0.0
  • 4.3.0.3107
  • 4.3.0
  • 4.0.0.0
  • 3.0.1
Show More
  • 2.3.0.6404
  • 1.31.0.0
  • 1.21
  • 1.19.5.01.10.4
  • 1.5.0.0
  • 1.4.0.0
  • 1.1.3
  • 1.1
  • 1.00
  • 1.0.0.5
  • 1.0.0.0
  • 0.22
Special Build
  • BY:Mohamed El Assiouty
  • Para Cerec
Website www.DirSync.de

File Traits

  • 2+ executable sections
  • HighEntropy
  • No Version Info
  • packed
  • VirtualQueryEx
  • WriteProcessMemory
  • x64

Block Information

Total Blocks: 270
Potentially Malicious Blocks: 3
Whitelisted Blocks: 267
Unknown Blocks: 0

Visual Map

x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.OCD
  • Autoit
  • Bitcoinminer.B
  • Bitcoinminer.BB
  • Bitcoinminer.BBG
Show More
  • Delf.Q
  • Gamehack.BQ
  • Gamehack.PA
  • HackKMS.C
  • PShell.A
  • PShell.B
  • Philadelphia.A
  • Philadelphia.B

Files Modified

File Attributes
\device\namedpipe Generic Read,Write Attributes
\device\namedpipe Generic Write,Read Attributes
\device\namedpipe\dav rpc service Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c: Read Attributes,Synchronize,Write Attributes
c:\1053.tmp\1063.tmp\1064.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\1559.tmp\155a.tmp\155b.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\16da.tmp\16db.tmp\16eb.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\19d3.tmp\19e3.tmp\19e4.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\1a2e.tmp\1a2f.tmp\1a30.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\1d86.tmp\1d87.tmp\1d88.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\1e6b.tmp\1e6c.tmp\1e7d.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\1f13.tmp\1f14.tmp\1f15.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\20de.tmp\attapps.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\21ab.tmp\samkwang-guest.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\2924.tmp\2925.tmp\2926.ps1 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\2be7.tmp\2be8.tmp\2be9.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\2e06.tmp\2e17.tmp\2e18.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\3010.tmp\3011.tmp\3022.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\309e.tmp\309f.tmp\30a0.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\3d05.tmp\3d15.tmp\3d16.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\3def.tmp\3df0.tmp\3df1.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\3f8a.tmp\3f8b.tmp\3f8c.ps1 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\44b6.tmp\44b7.tmp\44b8.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\46e8.tmp\46e9.tmp\46f9.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\48ed.tmp\48fe.tmp\48ff.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4949.tmp\494a.tmp\495b.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\49d6.tmp\49e7.tmp\49e8.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\4efe.tmp\4eff.tmp\4f00.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\5257.tmp\5267.tmp\5268.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\554e.tmp\554f.tmp\5550.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\5744.tmp\5754.tmp\5755.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\5799.tmp\579a.tmp\579b.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\5864.tmp\5865.tmp\5866.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\5be.tmp\5bf.tmp\5c0.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\60d3.tmp\60e4.tmp\60e5.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\6bf.tmp\6c0.tmp\6c1.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\7782.tmp\7792.tmp\7793.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\793c.tmp\793d.tmp\793e.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\95ae.tmp\95bf.tmp\95c0.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a207.tmp\a218.tmp\a219.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a226.tmp\a227.tmp\a228.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a246.tmp\a256.tmp\a257.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a60e.tmp\a60f.tmp\a610.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a62e.tmp\a62f.tmp\a63f.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a69f.tmp\a6a0.tmp\a6b1.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a6ab.tmp\a6ac.tmp\a6ad.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a6ba.tmp\a6bb.tmp\a6cc.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a6e9.tmp\a6ea.tmp\a6fb.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a718.tmp\2016.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a728.tmp\a738.tmp\a739.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\a737.tmp\a748.tmp\a749.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\af92.tmp\launcher.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\b6b2.tmp\user.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\b6e1.tmp\b6e2.tmp\b6e3.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\b72f.tmp\b730.tmp\b731.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\bbf2.tmp\bbf3.tmp\bbf4.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\cc7d.tmp\cc7e.tmp\cc7f.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\d247.tmp\d258.tmp\d259.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\de19.tmp\de1a.tmp\de1b.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\e1c2.tmp\e1c3.tmp\e1c4.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\f17b.tmp\f17c.tmp\f17d.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\f222.tmp\f223.tmp\f224.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\f7fa.tmp\f80b.tmp\f80c.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\soft\launcher64\cdboot.f35 Generic Write,Read Attributes
c:\soft\launcher64\cdboot.f35 Synchronize,Write Attributes
c:\soft\launcher64\cdboot.ifd Generic Write,Read Attributes
c:\soft\launcher64\cdboot.ifd Synchronize,Write Attributes
c:\soft\launcher64\cdboot.ifl Generic Write,Read Attributes
c:\soft\launcher64\cdboot.ifl Synchronize,Write Attributes
c:\soft\launcher64\exclude_list_help.txt Generic Write,Read Attributes
c:\soft\launcher64\exclude_list_help.txt Synchronize,Write Attributes
c:\soft\launcher64\findlbaf.exe Generic Write,Read Attributes
c:\soft\launcher64\findlbaf.exe Synchronize,Write Attributes
c:\soft\launcher64\findlbaf.txt Generic Write,Read Attributes
c:\soft\launcher64\findlbaf.txt Synchronize,Write Attributes
c:\soft\launcher64\findlbaf64.exe Generic Write,Read Attributes
c:\soft\launcher64\findlbaf64.exe Synchronize,Write Attributes
c:\soft\launcher64\ifw.ini Generic Write,Read Attributes
c:\soft\launcher64\ifw.ini Synchronize,Write Attributes
c:\soft\launcher64\ifwhelp.chm Generic Write,Read Attributes
c:\soft\launcher64\ifwhelp.chm Synchronize,Write Attributes
c:\soft\launcher64\ifwlang.dll Generic Write,Read Attributes
c:\soft\launcher64\ifwlang.dll Synchronize,Write Attributes
c:\soft\launcher64\ifwlang64.dll Generic Write,Read Attributes
c:\soft\launcher64\ifwlang64.dll Synchronize,Write Attributes
c:\soft\launcher64\imagew.exe Generic Write,Read Attributes
c:\soft\launcher64\imagew.exe Synchronize,Write Attributes
c:\soft\launcher64\imagew64.exe Generic Write,Read Attributes
c:\soft\launcher64\imagew64.exe Synchronize,Write Attributes
c:\soft\launcher64\keyhh.exe Generic Write,Read Attributes
c:\soft\launcher64\keyhh.exe Synchronize,Write Attributes
c:\soft\launcher64\launcher-sample.ini Generic Write,Read Attributes
c:\soft\launcher64\launcher-sample.ini Synchronize,Write Attributes
c:\soft\launcher64\launcher.exe Generic Write,Read Attributes
c:\soft\launcher64\launcher.exe Synchronize,Write Attributes
c:\soft\launcher64\launcher64.exe Generic Write,Read Attributes
c:\soft\launcher64\launcher64.exe Synchronize,Write Attributes
c:\soft\launcher64\launcher64_lang.dll Generic Write,Read Attributes
c:\soft\launcher64\launcher64_lang.dll Synchronize,Write Attributes
c:\soft\launcher64\launcher_lang.dll Generic Write,Read Attributes
c:\soft\launcher64\launcher_lang.dll Synchronize,Write Attributes
c:\soft\launcher64\multicastsender.exe Generic Write,Read Attributes
c:\soft\launcher64\multicastsender.exe Synchronize,Write Attributes
c:\soft\launcher64\multicastsender64.exe Generic Write,Read Attributes
c:\soft\launcher64\multicastsender64.exe Synchronize,Write Attributes
c:\soft\launcher64\partinfg.exe Generic Write,Read Attributes
c:\soft\launcher64\partinfg.exe Synchronize,Write Attributes
c:\soft\launcher64\partinfg64.exe Generic Write,Read Attributes
c:\soft\launcher64\partinfg64.exe Synchronize,Write Attributes
c:\soft\launcher64\phylock Synchronize,Write Attributes
c:\soft\launcher64\phylock\phylock.2k.sys Generic Write,Read Attributes
c:\soft\launcher64\phylock\phylock.2k.sys Synchronize,Write Attributes
c:\soft\launcher64\phylock\phylock.nt.sys Generic Write,Read Attributes
c:\soft\launcher64\phylock\phylock.nt.sys Synchronize,Write Attributes
c:\soft\launcher64\phylock\phylock.w10.sys Generic Write,Read Attributes
c:\soft\launcher64\phylock\phylock.w10.sys Synchronize,Write Attributes
c:\soft\launcher64\phylock\phylock.w10.x64.sys Generic Write,Read Attributes
c:\soft\launcher64\phylock\phylock.w10.x64.sys Synchronize,Write Attributes
c:\soft\launcher64\phylock\phylock.w7.sys Generic Write,Read Attributes
c:\soft\launcher64\phylock\phylock.w7.sys Synchronize,Write Attributes
c:\soft\launcher64\phylock\phylock.w7.x64.sys Generic Write,Read Attributes
c:\soft\launcher64\phylock\phylock.w7.x64.sys Synchronize,Write Attributes
c:\soft\launcher64\phylock\phylock.x64.sys Generic Write,Read Attributes
c:\soft\launcher64\phylock\phylock.x64.sys Synchronize,Write Attributes
c:\soft\launcher64\phylock\phylock.xp.sys Generic Write,Read Attributes
c:\soft\launcher64\phylock\phylock.xp.sys Synchronize,Write Attributes
c:\soft\launcher64\phylock\readme.txt Generic Write,Read Attributes
c:\soft\launcher64\phylock\readme.txt Synchronize,Write Attributes
c:\soft\launcher64\phylock\setup.exe Generic Write,Read Attributes
c:\soft\launcher64\phylock\setup.exe Synchronize,Write Attributes
c:\soft\launcher64\protectit.inf Generic Write,Read Attributes
c:\soft\launcher64\protectit.inf Synchronize,Write Attributes
c:\soft\launcher64\tbicd2hd.exe Generic Write,Read Attributes
c:\soft\launcher64\tbicd2hd.exe Synchronize,Write Attributes
c:\soft\launcher64\tbinotify.exe Generic Write,Read Attributes
c:\soft\launcher64\tbinotify.exe Synchronize,Write Attributes
c:\soft\launcher64\tbiview Synchronize,Write Attributes
c:\soft\launcher64\tbiview.exe Generic Write,Read Attributes
c:\soft\launcher64\tbiview.exe Synchronize,Write Attributes
c:\soft\launcher64\tbiview64.exe Generic Write,Read Attributes
c:\soft\launcher64\tbiview64.exe Synchronize,Write Attributes
c:\soft\launcher64\tbiview64_lang.dll Generic Write,Read Attributes
c:\soft\launcher64\tbiview64_lang.dll Synchronize,Write Attributes
c:\soft\launcher64\tbiview\keyhh.exe Generic Write,Read Attributes
c:\soft\launcher64\tbiview\keyhh.exe Synchronize,Write Attributes
c:\soft\launcher64\tbiview\setupdrv.exe Generic Write,Read Attributes
c:\soft\launcher64\tbiview\setupdrv.exe Synchronize,Write Attributes
c:\soft\launcher64\tbiview\tbihd Synchronize,Write Attributes
c:\soft\launcher64\tbiview\tbihd\setup.exe Generic Write,Read Attributes
c:\soft\launcher64\tbiview\tbihd\setup.exe Synchronize,Write Attributes
c:\soft\launcher64\tbiview\tbihd\setupx64.exe Generic Write,Read Attributes
c:\soft\launcher64\tbiview\tbihd\setupx64.exe Synchronize,Write Attributes
c:\soft\launcher64\tbiview\tbihd\tbihd.exe Generic Write,Read Attributes
c:\soft\launcher64\tbiview\tbihd\tbihd.exe Synchronize,Write Attributes
c:\soft\launcher64\tbiview\tbihd\tbihd64.exe Generic Write,Read Attributes
c:\soft\launcher64\tbiview\tbihd\tbihd64.exe Synchronize,Write Attributes
c:\soft\launcher64\tbiview\tbihd\tbihd_w10.cat Generic Write,Read Attributes
c:\soft\launcher64\tbiview\tbihd\tbihd_w10.cat Synchronize,Write Attributes
c:\soft\launcher64\tbiview\tbihd\tbihd_w10.inf Generic Write,Read Attributes
c:\soft\launcher64\tbiview\tbihd\tbihd_w10.inf Synchronize,Write Attributes
c:\soft\launcher64\tbiview\tbihd\tbihd_w6.cat Generic Write,Read Attributes
c:\soft\launcher64\tbiview\tbihd\tbihd_w6.cat Synchronize,Write Attributes
c:\soft\launcher64\tbiview\tbihd\tbihd_w6.inf Generic Write,Read Attributes
c:\soft\launcher64\tbiview\tbihd\tbihd_w6.inf Synchronize,Write Attributes
c:\soft\launcher64\tbiview\tbihd\x64 Synchronize,Write Attributes
c:\soft\launcher64\tbiview\tbihd\x64\tbihd_w10.sys Generic Write,Read Attributes
c:\soft\launcher64\tbiview\tbihd\x64\tbihd_w10.sys Synchronize,Write Attributes
c:\soft\launcher64\tbiview\tbihd\x64\tbihd_w6.sys Generic Write,Read Attributes
c:\soft\launcher64\tbiview\tbihd\x64\tbihd_w6.sys Synchronize,Write Attributes
c:\soft\launcher64\tbiview\tbihd\x86 Synchronize,Write Attributes
c:\soft\launcher64\tbiview\tbihd\x86\tbihd_w10.sys Generic Write,Read Attributes
c:\soft\launcher64\tbiview\tbihd\x86\tbihd_w10.sys Synchronize,Write Attributes
c:\soft\launcher64\tbiview\tbihd\x86\tbihd_w6.sys Generic Write,Read Attributes
c:\soft\launcher64\tbiview\tbihd\x86\tbihd_w6.sys Synchronize,Write Attributes
c:\soft\launcher64\tbiview\tbimount.2k.sys Generic Write,Read Attributes
c:\soft\launcher64\tbiview\tbimount.2k.sys Synchronize,Write Attributes
c:\soft\launcher64\tbiview\tbimount.exe Generic Write,Read Attributes
c:\soft\launcher64\tbiview\tbimount.exe Synchronize,Write Attributes
c:\soft\launcher64\tbiview\tbimount.nt.sys Generic Write,Read Attributes
c:\soft\launcher64\tbiview\tbimount.nt.sys Synchronize,Write Attributes
c:\soft\launcher64\tbiview\tbimount.w10.sys Generic Write,Read Attributes
c:\soft\launcher64\tbiview\tbimount.w10.sys Synchronize,Write Attributes
c:\soft\launcher64\tbiview\tbimount.w10.x64.sys Generic Write,Read Attributes
c:\soft\launcher64\tbiview\tbimount.w10.x64.sys Synchronize,Write Attributes
c:\soft\launcher64\tbiview\tbimount.x64.sys Generic Write,Read Attributes
c:\soft\launcher64\tbiview\tbimount.x64.sys Synchronize,Write Attributes
c:\soft\launcher64\tbiview\tbimount.xp.sys Generic Write,Read Attributes
c:\soft\launcher64\tbiview\tbimount.xp.sys Synchronize,Write Attributes
c:\soft\launcher64\tbiview\tbimount64.exe Generic Write,Read Attributes
c:\soft\launcher64\tbiview\tbimount64.exe Synchronize,Write Attributes
c:\soft\launcher64\tbiview\tbimount64_lang.dll Generic Write,Read Attributes
c:\soft\launcher64\tbiview\tbimount64_lang.dll Synchronize,Write Attributes
c:\soft\launcher64\tbiview\tbimount_lang.dll Generic Write,Read Attributes
c:\soft\launcher64\tbiview\tbimount_lang.dll Synchronize,Write Attributes
c:\soft\launcher64\tbiview\tbimount_readme.txt Generic Write,Read Attributes
c:\soft\launcher64\tbiview\tbimount_readme.txt Synchronize,Write Attributes
c:\soft\launcher64\tbiview\tbimsc.exe Generic Write,Read Attributes
c:\soft\launcher64\tbiview\tbimsc.exe Synchronize,Write Attributes
c:\soft\launcher64\tbiview\tbiview.chm Generic Write,Read Attributes

192 additional files are not displayed above.

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe Ԟ؁Ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ㌖Ǜ RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 쿘Ⱪ᛫ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 旽䄶♈ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 통䂽♖ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 陞䃂♖ǜ RegNtPreCreateKey
Show More
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 쬸壔⚔ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ⿃䟼⚸ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ⚎⛢ǜ RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\##10.200.31.10#amas::_labelfromdesktopini RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 쬃컥✒ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 쇻굞⦣ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 䛟⦵ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 吹⹉ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 罸튝㕏ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 㝏㚶ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 㚶ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 솣㚶ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 溒㚶ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 쁦왇䷛ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 룅᥵专ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 삊溕俞ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ハ쫦分ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ౺剹ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 앿苎嗠ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ꨩ귵壕ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ߖ藜孭ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ⾾蘵孭ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 뾶㿪椂ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 毤泇ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 듃渧ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 뵞‚産ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 홁ᙳ筎ǜ RegNtPreCreateKey
HKCU\software\microsoft\windows script\settings\telemetry\mshta.exe::vbscriptsetscriptstatestarted RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 믽酊簉ǜ RegNtPreCreateKey
HKLM\software\classes\.torrent:: qBittorrent.torrent RegNtPreCreateKey
HKLM\software\classes\qbittorrent.torrent:: qBittorrent RegNtPreCreateKey
HKLM\software\classes\qbittorrent.torrent\defaulticon:: c:\Users\user\downloads\App\qBittorrent\QBicon.ico RegNtPreCreateKey
HKLM\software\classes\qbittorrent.torrent\shell\open::multiselectmodel Player RegNtPreCreateKey
HKLM\software\classes\qbittorrent.torrent\shell\open\command:: "c:\Users\user\downloads\qBittorrentPortable.exe" "%1" RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 㢔検紷ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 怮椣紷ǜ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 厯읥肳ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 㮃萁ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 㼘蓮ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 蓮ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 냯ഘ藊ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 酓豵ǜ RegNtPreCreateKey
HKCU\local settings\muicache\1b\52c64b7e::@c:\windows\system32\ndfapi.dll,-40001 Windows Network Diagnostics RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 管訛ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 朥貔ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ꩘渓邸ǜ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 잿∷銭ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 楯ዱ鯀ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 콜鸝ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 枯髣ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ꒰ꡗꈉǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ≆ėꈑǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ᶿ院ꈥǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 陧ꈥǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 료韚ꈥǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 敻颳ꈥǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 䅅ᇟꗘǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 퍌婇ꮝǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 㕃鷥꼎ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 鷯꼎ǜ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 릖둋ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 裐둋ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 養빊ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ㆅ쉦ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 耺㙥앝ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 쑄㙬앝ǜ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 捡鹤옕ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 닙黋옕ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 횅艿쑹ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ŏ椿쪩ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ٯ朿켧ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\explorer.exe Ṑ杹켧ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 巭虀휦ǜ RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAccessCheckByType
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcAcceptConnectPort
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreatePort
  • ntdll.dll!NtAlpcCreatePortSection
  • ntdll.dll!NtAlpcCreateResourceReserve
Show More
  • ntdll.dll!NtAlpcCreateSectionView
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcDeleteSecurityContext
  • ntdll.dll!NtAlpcDisconnectPort
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcQueryInformationMessage
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtAlpcSetInformation
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtCancelIoFileEx
  • ntdll.dll!NtCancelTimer2
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCompareSigningLevels
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateNamedPipeFile
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateUserProcess
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDelayExecution
  • ntdll.dll!NtDeleteAtom
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFindAtom
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtFsControlFile
  • ntdll.dll!NtGetCachedSigningLevel
  • ntdll.dll!NtGetCompleteWnfStateSubscription
  • ntdll.dll!NtGetContextThread
  • ntdll.dll!NtImpersonateAnonymousToken
  • ntdll.dll!NtLockVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenSymbolicLinkObject
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtPowerInformation
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFile
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryEvent
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryObject
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySecurityPolicy
  • ntdll.dll!NtQuerySymbolicLinkObject
  • ntdll.dll!NtQuerySystemEnvironmentValueEx
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryTimerResolution
  • ntdll.dll!NtQueryValueKey

228 additional items are not displayed above.

Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
  • WriteConsole
Network Winsock2
  • WSARecv
  • WSAStartup
  • WSAttemptAutodialName
Keyboard Access
  • GetAsyncKeyState
  • GetKeyState
User Data Access
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Network Winsock
  • accept
  • bind
  • closesocket
  • connect
  • freeaddrinfo
  • getaddrinfo
  • gethostbyname
  • getpeername
  • getsockname
  • inet_addr
Show More
  • recv
  • send
  • setsockopt
  • socket
Process Terminate
  • TerminateProcess
Anti Debug
  • IsDebuggerPresent
  • OutputDebugString
Other Suspicious
  • AdjustTokenPrivileges
  • SetWindowsHookEx
Process Manipulation Evasion
  • NtUnmapViewOfSection
Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext
Network Icmp
  • IcmpCreateFile
  • IcmpSendEcho2Ex
Network Wininet
  • HttpOpenRequest
  • HttpQueryInfo
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetSetOption
Network Winhttp
  • WinHttpOpen

Shell Command Execution

"C:\WINDOWS\system32\cmd" /c "\E1C2.tmp\E1C3.tmp\E1C4.bat c:\users\user\downloads\507d1580c61411611c11ea7de9edbbe36465fc42_0000124928.exe"
C:\WINDOWS\system32\timeout.exe timeout /t 300
"C:\WINDOWS\system32\cmd" /c "\309E.tmp\309F.tmp\30A0.bat c:\users\user\downloads\8596107d4f1776b03e7277d8576a559cfc94f215_0000124928.exe"
"C:\WINDOWS\system32\cmd" /c "\49D6.tmp\49E7.tmp\49E8.bat c:\users\user\downloads\d85e6682b867043c98a3b50bc7c6f631f4af28c6_0000124928"
C:\WINDOWS\system32\takeown.exe takeown /f /r /d y
Show More
C:\WINDOWS\system32\takeown.exe takeown /f
"C:\WINDOWS\system32\cmd" /c "\5257.tmp\5267.tmp\5268.bat c:\users\user\downloads\3c058c9230156f07cc5a350d5de92b973e8445ee_0000124928"
open C:\WINDOWS\system32\cmd /c "\3D05.tmp\3D15.tmp\3D16.bat c:\users\user\downloads\3102c741775bc8e6dec49cbb9e3d96df4aebbeec_0000056320"
C:\WINDOWS\system32\tasklist.exe tasklist /NH /FI "imagename eq Pcmflash.exe"
C:\WINDOWS\system32\find.exe find /i "Pcmflash.exe"
"C:\WINDOWS\system32\cmd" /c "\4949.tmp\494A.tmp\495B.bat c:\users\user\downloads\4a33e63b6ea9e9b981e7e220311157b776fea7dd_0000134656"
"C:\WINDOWS\system32\cmd" /c "\44B6.tmp\44B7.tmp\44B8.bat c:\users\user\downloads\3ce7c3041d81b8d3a69f32e4578f3d9e31c3c4c2_0000124928"
"C:\WINDOWS\system32\cmd" /c "\3DEF.tmp\3DF0.tmp\3DF1.bat c:\users\user\downloads\7de3ad5b027fc402f66dc9c2df18fa561d92e440_0000166912"
"C:\WINDOWS\system32\cmd" /c "\DE19.tmp\DE1A.tmp\DE1B.bat c:\users\user\downloads\60d177d3166eaf84be0e21799f78666e9c5a653c_0000124928"
"C:\WINDOWS\system32\cmd" /c "\7782.tmp\7792.tmp\7793.bat c:\users\user\downloads\9ce6248026c45a63eb57030e770e1ea5d3124aad_0000192512"
C:\WINDOWS\system32\taskkill.exe taskkill /im svchost.exe /f
"C:\WINDOWS\system32\cmd" /c "\16DA.tmp\16DB.tmp\16EB.bat c:\users\user\downloads\67ac61678a39a8c55f97347e47950ee3c7e88240_0000125440"
"C:\WINDOWS\system32\cmd" /c "\D247.tmp\D258.tmp\D259.bat c:\users\user\downloads\e07aad8b31132bc60b9203ca02ec66a2bb2f4ebb_0000124928"
"C:\WINDOWS\system32\cmd" /c "\19D3.tmp\19E3.tmp\19E4.bat c:\users\user\downloads\3e87e99f58d22ca9598ee42adcde03c61dea770e_0000200192"
C:\WINDOWS\system32\cacls.exe "C:\WINDOWS\system32\cacls.exe" "C:\WINDOWS\system32\config\system"
"C:\WINDOWS\system32\cmd" /c "\5744.tmp\5754.tmp\5755.bat c:\users\user\downloads\c83084ab0583706cdedbeebb1038e23139a4863e_0000420352"
C:\WINDOWS\system32\fsutil.exe fsutil dirty query C:
C:\WINDOWS\System32\Wbem\WMIC.exe wmic cpu get NumberOfCores /value
C:\WINDOWS\System32\Wbem\WMIC.exe wmic cpu get Name /value
C:\WINDOWS\System32\Wbem\WMIC.exe wmic computersystem get TotalPhysicalMemory /value
C:\WINDOWS\System32\Wbem\WMIC.exe wmic baseboard get manufacturer /value
C:\WINDOWS\System32\Wbem\WMIC.exe wmic baseboard get product /value
C:\WINDOWS\System32\Wbem\WMIC.exe wmic OS get Caption /value
C:\WINDOWS\System32\Wbem\WMIC.exe wmic path softwarelicensingservice get OA3xOriginalProductKey /value
C:\WINDOWS\System32\Wbem\WMIC.exe WMIC path Win32_VideoController get Name
C:\WINDOWS\system32\systeminfo.exe systeminfo
C:\WINDOWS\system32\findstr.exe findstr Physical
"C:\WINDOWS\system32\cmd" /c "\554E.tmp\554F.tmp\5550.bat c:\users\user\downloads\fbaa97af9a099060096964cbe3442f586c23b99b_0000124928"
"C:\WINDOWS\system32\cmd" /c "\6BF.tmp\6C0.tmp\6C1.bat c:\users\user\downloads\b0940de7906cfba46451fe26b3876b14a840a942_0000124928"
"C:\WINDOWS\system32\cmd" /c "\1053.tmp\1063.tmp\1064.bat c:\users\user\downloads\3d52f331733b08fe9df8f4baa2fb472dc1b6edf3_0000124928"
"C:\WINDOWS\system32\cmd" /c "\F7FA.tmp\F80B.tmp\F80C.bat c:\users\user\downloads\3618038f48cf6b58e84e410b2c67662f00c71b94_0000124928"
"C:\WINDOWS\system32\cmd" /c "\1A2E.tmp\1A2F.tmp\1A30.bat c:\users\user\downloads\46226928d9aa1cede2150a7fc9552c4bc0500b72_0000124928"
open powershell –NoProfile -ExecutionPolicy Bypass -File \2924.tmp\2925.tmp\2926.ps1
"C:\WINDOWS\system32\cmd" /c "\95AE.tmp\95BF.tmp\95C0.bat c:\users\user\downloads\d0e56bbe2685b97367da74174e9fcf2e7dc52019_0000131072"
C:\WINDOWS\system32\sc.exe sc delete "vmickvpexchange"
C:\WINDOWS\system32\sc.exe sc delete "vmicguestinterface"
C:\WINDOWS\system32\sc.exe sc delete "vmicshutdown"
C:\WINDOWS\system32\sc.exe sc delete "vmicheartbeat"
C:\WINDOWS\system32\sc.exe sc delete "vmicrdv"
C:\WINDOWS\system32\sc.exe sc delete "storflt"
C:\WINDOWS\system32\sc.exe sc delete "vmictimesync"
C:\WINDOWS\system32\sc.exe sc delete "vmicvss"
"\20DE.tmp\ATTAPPS.bat" "c:\users\user\downloads\c580c8abc543b00c13c60b281d70745592823983_0000156160"
C:\WINDOWS\system32\PING.EXE ping -n 4 8.8.8.8
C:\WINDOWS\system32\find.exe find /i "Resposta de"
"C:\WINDOWS\system32\cmd" /c "\4EFE.tmp\4EFF.tmp\4F00.bat c:\users\user\downloads\e4fff92b8d85d21ca37d174371af63fc8c1efd28_0000124928"
"C:\WINDOWS\system32\cmd" /c "\5864.tmp\5865.tmp\5866.bat c:\users\user\downloads\60538c664930bdfd48451fdac81cf2f3863da526_0000124928"
"C:\WINDOWS\system32\cmd" /c "\5799.tmp\579A.tmp\579B.bat c:\users\user\downloads\8422d5f27eb6bb840f12f14dcde6abd6023e50c2_0000124928"
"C:\WINDOWS\system32\cmd" /c "\3010.tmp\3011.tmp\3022.bat c:\users\user\downloads\4a894e2ff26e6743a46ff53acd37c4f3936fec49_0000124928"
"C:\WINDOWS\system32\cmd" /c "\48ED.tmp\48FE.tmp\48FF.bat c:\users\user\downloads\69ee6161d1c63e7cb71579e62700951ad4700072_0000202752"
C:\WINDOWS\system32\chcp.com chcp 65001
C:\WINDOWS\system32\timeout.exe timeout /t 2 /nobreak
"C:\WINDOWS\system32\cmd" /c "\B6E1.tmp\B6E2.tmp\B6E3.bat c:\users\user\downloads\289871f8b56bf515585affc9a283e7a8d5e342d1_0000395776"
C:\WINDOWS\system32\mshta.exe mshta vbscript:createobject("shell.application").shellexecute("""c:\users\user\downloads\289871f8b56bf515585affc9a283e7a8d5e342d1_0000395776""","::",,"runas",1)(window.close)
"powershell" –NoProfile -ExecutionPolicy Bypass -File \3F8A.tmp\3F8B.tmp\3F8C.ps1
"C:\WINDOWS\system32\cmd" /c "\1F13.tmp\1F14.tmp\1F15.bat c:\users\user\downloads\a8954440ddb5a1c8ec5dfa0e55e3be9b856689a0_0000122368"
C:\WINDOWS\system32\chcp.com chcp 65001
C:\WINDOWS\system32\reg.exe reg query "HKLM\Software\Clients\Media\qBittorrent.torrent"
C:\WINDOWS\system32\reg.exe reg add "HKLM\Software\Classes\.torrent" /ve /t REG_SZ /d "qBittorrent.torrent" /f
C:\WINDOWS\system32\reg.exe reg add "HKLM\Software\Classes\qBittorrent.torrent" /ve /t REG_SZ /d "qBittorrent" /f
C:\WINDOWS\system32\reg.exe reg add "HKLM\Software\Classes\qBittorrent.torrent\DefaultIcon" /ve /t REG_SZ /d "c:\Users\user\downloads\App\qBittorrent\QBicon.ico" /f
C:\WINDOWS\system32\reg.exe reg add "HKLM\Software\Classes\qBittorrent.torrent\shell\open" /v "MultiSelectModel" /t REG_SZ /d "Player" /f
C:\WINDOWS\system32\reg.exe reg add "HKLM\Software\Classes\qBittorrent.torrent\shell\open\command" /ve /t REG_SZ /d "\"c:\Users\user\downloads\qBittorrentPortable.exe\" \"%1\"" /f
C:\WINDOWS\system32\reg.exe reg add "HKLM\Software\Clients\Media\qBittorrent.torrent\Capabilities\FileAssociations" /v ".torrent" /t REG_SZ /d "qBittorrent.torrent" /f
open C:\WINDOWS\system32\cmd /c "\A62E.tmp\A62F.tmp\A63F.bat c:\users\user\downloads\2081dc1969dc4ba0518f4e810aa6c27f67a8c501_0000313344"
WriteConsole:
WriteConsole: c:\users\user\do
WriteConsole: RPCS3.exe
WriteConsole: "games\BLUS3040
WriteConsole: 'RPCS3.exe' is n
"C:\WINDOWS\system32\cmd" /c "\60D3.tmp\60E4.tmp\60E5.bat c:\users\user\downloads\4e1fa9be96e6ccee2ac7ab32682275972e932d15_0000124928"
"C:\WINDOWS\system32\cmd" /c "\2BE7.tmp\2BE8.tmp\2BE9.bat c:\users\user\downloads\ae48dbe95f226204cf7e73b416cf9e9578e26b4a_0002885632"
C:\WINDOWS\system32\findstr.exe findstr /C:"127.0.0.1 backup.lumion3d.net" "C:\WINDOWS\System32\drivers\etc\hosts"
c:\users\user\downloads\lumion_2024_4_2_download.exe Lumion_2024_4_2_download.exe -o
"C:\WINDOWS\system32\cmd" /c "\1559.tmp\155A.tmp\155B.bat c:\users\user\downloads\5d87ae8a2dba7184f9faae5b0cc8fc22e8273ea8_0000131584"
C:\WINDOWS\system32\reg.exe REG QUERY "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable
C:\WINDOWS\system32\find.exe find /i "ProxyEnable"
"C:\WINDOWS\system32\cmd" /c "\F17B.tmp\F17C.tmp\F17D.bat c:\users\user\downloads\e87934e3e66b65dad588cc80a895393a9bceab71_0000124928"
"C:\WINDOWS\system32\cmd" /c "\BBF2.tmp\BBF3.tmp\BBF4.bat c:\users\user\downloads\12c6361366a9bc9c96d2dac90c4ed970c5003761_0000230400"
"C:\WINDOWS\system32\cmd" /c "\A728.tmp\A738.tmp\A739.bat c:\users\user\downloads\8924940d92de0f33362d92bad6a90ab56b7270dc_0000124928"
"C:\WINDOWS\system32\cmd" /c "\2E06.tmp\2E17.tmp\2E18.bat c:\users\user\downloads\8d3230fc6f6e1182f6bfabeb14afe94952f9d087_0000124928"
"C:\WINDOWS\system32\cmd" /c "\CC7D.tmp\CC7E.tmp\CC7F.bat c:\users\user\downloads\fa1ac40ba69062af76b634bc761a7cd0dd25e35f_0000189440"
C:\WINDOWS\system32\attrib.exe attrib -R -S -H "c:\Users\user\downloads\steam_api64.dll"
"C:\WINDOWS\system32\cmd" /c "\A60E.tmp\A60F.tmp\A610.bat c:\users\user\downloads\beca274c0ea4965a4de9a3117e3724225fa8d6cb_0000124928"
"C:\WINDOWS\system32\cmd" /c "\793C.tmp\793D.tmp\793E.bat c:\users\user\downloads\343bf94d8981d1fac31c6e969a9cffd55489601a_0000124928"
"C:\WINDOWS\system32\cmd" /c "\46E8.tmp\46E9.tmp\46F9.bat c:\users\user\downloads\2e3c05edb1816e17479254ea2a0ebb490195f36e_0000124928"
"C:\WINDOWS\system32\cmd" /c "\A207.tmp\A218.tmp\A219.bat c:\users\user\downloads\eb6ab94de94f6ff27cb511a457e03a4d0e1f277d_0000124928"
"C:\WINDOWS\system32\cmd" /c "\A6AB.tmp\A6AC.tmp\A6AD.bat c:\users\user\downloads\3eb21cf3d45f126df1fd864909f65ad48e00766c_0000145408"
C:\WINDOWS\system32\bcdedit.exe bcdedit /timeout 0
"C:\WINDOWS\system32\cmd" /c "\A6BA.tmp\A6BB.tmp\A6CC.bat c:\users\user\downloads\08767b6e2beb85829ea5019e9175f9a76bdc1bca_0000428032"
C:\WINDOWS\system32\mode.com mode con cols=70 lines=15
open C:\WINDOWS\system32\cmd /c "\A718.tmp\2016.bat c:\users\user\downloads\4ba18a9c6315a9c5bfe91077fc4b21a864c2157c_0000093696"
WriteConsole: color
WriteConsole: 1F
WriteConsole: ================
WriteConsole: #Project: Activa
WriteConsole: #Supported produ
WriteConsole: - Microsoft Offi
WriteConsole: The system canno
WriteConsole: Activating your
C:\WINDOWS\system32\cscript.exe cscript //nologo ospp.vbs /unpkey:WFG99
"\B6B2.tmp\user.bat" "c:\users\user\downloads\3829d175cf0eb89144ada6e958a7be6c62237f23_0000092160"
C:\WINDOWS\system32\net.exe net use \\srvcarmoadv /user:usuario Novatiolegis
"C:\WINDOWS\system32\cmd" /c "\B72F.tmp\B730.tmp\B731.bat c:\users\user\downloads\b9e75ce15361eba036ee792dcf0dc01d19125d9a_0000124928"
"C:\WINDOWS\system32\cmd" /c "\A226.tmp\A227.tmp\A228.bat c:\users\user\downloads\ef4c8a5689d192c330906c02ae3f2fe79033bfe7_0000124928"
open C:\WINDOWS\system32\cmd /c "\5BE.tmp\5BF.tmp\5C0.bat c:\users\user\downloads\ed765735450d2b17a08e6dc971091cab48a158b1_0000425472"
WriteConsole: rpcs3.exe
WriteConsole: "dev_hdd0\game\
WriteConsole: 'rpcs3.exe' is n
"C:\Users\Ggwjgjpa\AppData\Local\Temp\is-QS0DG.tmp\464a6c8a1f67251fe958919a2e9a5cfd3c33ceff_0005735856.tmp" /SL5="$40354,5174899,323072,c:\users\user\downloads\464a6c8a1f67251fe958919a2e9a5cfd3c33ceff_0005735856"
open C:\WINDOWS\system32\cmd /c "\A6E9.tmp\A6EA.tmp\A6FB.bat c:\users\user\downloads\1bd5e22f23fae4ec0aa53d413048316374076f9e_0000325632"
"C:\WINDOWS\system32\cmd" /c "\A246.tmp\A256.tmp\A257.bat c:\users\user\downloads\ba09ff652749815b99accb951a262cf529f16b9a_0000124928"
"C:\WINDOWS\system32\cmd" /c "\1E6B.tmp\1E6C.tmp\1E7D.bat c:\users\user\downloads\69f27cc4a105c3e1f5a48a00089b7fd26212b186_0000127488"
C:\WINDOWS\system32\net.exe net session
C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Start-Process 'c:\Users\user\downloads\69f27cc4a105c3e1f5a48a00089b7fd26212b186_0000127488' -Verb RunAs"
open \AF92.tmp\launcher.bat "c:\users\user\downloads\6007bcd32f98d54e911dbaf0276324fd119525a7_0000926208"
WriteConsole: "horizonchase2\b
WriteConsole: -auth_login=unu
WriteConsole: exit
"C:\WINDOWS\system32\cmd" /c "\A69F.tmp\A6A0.tmp\A6B1.bat c:\users\user\downloads\a944746f39122e701a87b0c8ec84895e31932487_0002183680"
"C:\WINDOWS\system32\cmd" /c "\A737.tmp\A748.tmp\A749.bat c:\users\user\downloads\4adf8c2a40aab5126a48abc265b9df0862bd4654_0000124928"
"C:\WINDOWS\system32\cmd" /c "\1D86.tmp\1D87.tmp\1D88.bat c:\users\user\downloads\0a34e8b4664360105b9665df7cd3a04459eba5fe_0000124928"
"\21AB.tmp\samkwang-guest.bat" "c:\users\user\downloads\eeaa78b007f61dce6778c77d9ff2f1332201d49f_0000075264"
C:\WINDOWS\explorer.exe explorer ftp://anonymous:qkdansror-!!@samkwang.nfile.net
"C:\WINDOWS\system32\cmd" /c "\F222.tmp\F223.tmp\F224.bat c:\users\user\downloads\8e5c8c3c57af2b39411e9f3a34d9590182493908_0000124928"

Related Posts

Trending

Most Viewed

Loading...