Trojan.Siggen32.27462

Technical Information

To ensure autorun and distribution

Modifies the following registry keys

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run] 'PrankVirus' = '<Full path to file>'
[HKCU\Environment] 'UserInitMprLogonScript' = '<Full path to file>'
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe,<Full path to file>,%ALLUSERSPROFILE%\1fvh3bn1jjfdi12\8ebs354e.exe,%ALLUSERSPROFILE%\1fvh3bn1jjfdi12\8y7n3bs...
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe] 'Debugger' = '<Full path to file>'
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe] 'Debugger' = '<Full path to file>'

Malicious functions

To complicate detection of its presence in the operating system,

forces the system hide from view:

hidden files

blocks execution of the following system utilities:

Windows Task Manager (Taskmgr)

blocks the following features:

User Account Control (UAC)
Windows Recovery Environment (WinRE)

modifies the following system settings:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFind' = '00000001'
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoViewOnDrive' = '03FFFFFF'
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoDrives' = '03FFFFFF'
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoLogoff' = '00000001'
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoClose' = '00000001'

Executes the following

'<SYSTEM32>\net.exe' user fsociety_0 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_1 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_2 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_3 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_4 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_5 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_6 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_7 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_8 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_9 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_10 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_11 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_12 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_13 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_14 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_15 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_16 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_17 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_18 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_19 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_20 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_21 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_22 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_23 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_24 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_25 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_26 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_27 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_28 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_29 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_30 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_31 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_32 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_33 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_34 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_35 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_36 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_37 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_38 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_39 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_40 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_41 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_42 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_43 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_44 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_45 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_46 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_47 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_48 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_49 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_50 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_51 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_52 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_53 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_54 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_55 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_56 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_57 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_58 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_59 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_60 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_61 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_62 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_63 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_64 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_65 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_66 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_67 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_68 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_69 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_70 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_71 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_72 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_73 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_74 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_75 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_76 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_77 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_78 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_79 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_80 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_81 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_82 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_83 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_84 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_85 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_86 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_87 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_88 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_89 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_90 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_91 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_92 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_93 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_94 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_95 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_96 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_97 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_98 fsociety123 /add
'<SYSTEM32>\net.exe' user fsociety_99 fsociety123 /add

Launches a large number of processes

Modifies file system

Creates the following files

%ALLUSERSPROFILE%\1fvh3bn1jjfdi12\bsod1.gif
%ALLUSERSPROFILE%\1fvh3bn1jjfdi12\zloi_smeh.mp3
%ALLUSERSPROFILE%\1fvh3bn1jjfdi12\music.mp3
%ALLUSERSPROFILE%\1fvh3bn1jjfdi12\pizda_gromko.mp3
%ALLUSERSPROFILE%\1fvh3bn1jjfdi12\img.jpg
%ALLUSERSPROFILE%\1fvh3bn1jjfdi12\scream.mp4
%ALLUSERSPROFILE%\1fvh3bn1jjfdi12\bsod.hta
%ALLUSERSPROFILE%\1fvh3bn1jjfdi12\h6biblg5.exe
%ALLUSERSPROFILE%\1fvh3bn1jjfdi12\jg8432t7.exe
%ALLUSERSPROFILE%\1fvh3bn1jjfdi12\zyk39gpq.exe
%ALLUSERSPROFILE%\1fvh3bn1jjfdi12\8ebs354e.exe
%ALLUSERSPROFILE%\1fvh3bn1jjfdi12\8y7n3bsx.exe
%ALLUSERSPROFILE%\microsoft\windows\wer\1q7ygg9f.exe
%ALLUSERSPROFILE%\microsoft\windows\wer\pqo0ncm9.exe
%ALLUSERSPROFILE%\microsoft\windows\wer\uif3kjaq.exe
%ALLUSERSPROFILE%\microsoft\windows\wer\j3gvbcz9.exe
%LOCALAPPDATA%\microsoft\windows\actioncentercache\windows-systemtoast-securityandmaintenance_10_0.png
%ALLUSERSPROFILE%\microsoft\windows\wer\wlzszrqp.exe
%ALLUSERSPROFILE%\microsoft\diagnosis\2f1cu4dj.exe
%ALLUSERSPROFILE%\microsoft\diagnosis\tt7ynyg8.exe
%ALLUSERSPROFILE%\microsoft\diagnosis\c7s1r498.exe
%ALLUSERSPROFILE%\microsoft\diagnosis\9ry7h4gc.exe
%ALLUSERSPROFILE%\microsoft\diagnosis\27dbprj9.exe
C:\users\public\libraries\55vblijv.exe
C:\users\public\libraries\lxdyzspb.exe
C:\users\public\libraries\3ytj4li5.exe
C:\users\public\libraries\ip2o1x03.exe
C:\users\public\libraries\nkzolybo.exe
nul

Sets the 'hidden' attribute to the following files

<Full path to file>
%ALLUSERSPROFILE%\1fvh3bn1jjfdi12\h6biblg5.exe
%ALLUSERSPROFILE%\1fvh3bn1jjfdi12\jg8432t7.exe
%ALLUSERSPROFILE%\1fvh3bn1jjfdi12\zyk39gpq.exe
%ALLUSERSPROFILE%\1fvh3bn1jjfdi12\8ebs354e.exe
%ALLUSERSPROFILE%\1fvh3bn1jjfdi12\8y7n3bsx.exe
%ALLUSERSPROFILE%\microsoft\windows\wer\1q7ygg9f.exe
%ALLUSERSPROFILE%\microsoft\windows\wer\pqo0ncm9.exe
%ALLUSERSPROFILE%\microsoft\windows\wer\uif3kjaq.exe
%ALLUSERSPROFILE%\microsoft\windows\wer\j3gvbcz9.exe
%ALLUSERSPROFILE%\microsoft\windows\wer\wlzszrqp.exe
%ALLUSERSPROFILE%\microsoft\diagnosis\2f1cu4dj.exe
%ALLUSERSPROFILE%\microsoft\diagnosis\tt7ynyg8.exe
%ALLUSERSPROFILE%\microsoft\diagnosis\c7s1r498.exe
%ALLUSERSPROFILE%\microsoft\diagnosis\9ry7h4gc.exe
%ALLUSERSPROFILE%\microsoft\diagnosis\27dbprj9.exe
C:\users\public\libraries\55vblijv.exe
C:\users\public\libraries\lxdyzspb.exe
C:\users\public\libraries\3ytj4li5.exe
C:\users\public\libraries\ip2o1x03.exe
C:\users\public\libraries\nkzolybo.exe

Miscellaneous

Executes the following

'<SYSTEM32>\cmd.exe' /c net user fsociety_0 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_0 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_1 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_1 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_2 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_2 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_3 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_3 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_4 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_4 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_5 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_5 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_6 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_6 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_7 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_7 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_8 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_8 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_9 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_9 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_10 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_10 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_11 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_11 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_12 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_12 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_13 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_13 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_14 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_14 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_15 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_15 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_16 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_16 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_17 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_17 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_18 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_18 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_19 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_19 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_20 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_20 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_21 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_21 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_22 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_22 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_23 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_23 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_24 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_24 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_25 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_25 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_26 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_26 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_27 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_27 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_28 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_28 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_29 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_29 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_30 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_30 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_31 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_31 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_32 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_32 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_33 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_33 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_34 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_34 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_35 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_35 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_36 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_36 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_37 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_37 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_38 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_38 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_39 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_39 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_40 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_40 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_41 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_41 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_42 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_42 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_43 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_43 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_44 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_44 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_45 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_45 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_46 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_46 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_47 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_47 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_48 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_48 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_49 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_49 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_50 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_50 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_51 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_51 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_52 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_52 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_53 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_53 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_54 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_54 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_55 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_55 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_56 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_56 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_57 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_57 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_58 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_58 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_59 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_59 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_60 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_60 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_61 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_61 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_62 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_62 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_63 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_63 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_64 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_64 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_65 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_65 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_66 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_66 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_67 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_67 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_68 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_68 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_69 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_69 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_70 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_70 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_71 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_71 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_72 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_72 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_73 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_73 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_74 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_74 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_75 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_75 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_76 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_76 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_77 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_77 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_78 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_78 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_79 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_79 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_80 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_80 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_81 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_81 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_82 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_82 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_83 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_83 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_84 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_84 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_85 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_85 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_86 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_86 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_87 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_87 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_88 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_88 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_89 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_89 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_90 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_90 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_91 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_91 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_92 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_92 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_93 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_93 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_94 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_94 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_95 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_95 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_96 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_96 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_97 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_97 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_98 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_98 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user fsociety_99 fsociety123 /add >nul 2>&1
'<SYSTEM32>\net1.exe' user fsociety_99 fsociety123 /add
'<SYSTEM32>\cmd.exe' /c net user "user" "" >nul 2>&1
'<SYSTEM32>\net.exe' user "user" ""
'<SYSTEM32>\net1.exe' user "user" ""
'<SYSTEM32>\cmd.exe' /c sc stop WSearch >nul 2>&1
'<SYSTEM32>\sc.exe' stop WSearch
'<SYSTEM32>\cmd.exe' /c sc config WSearch start= disabled >nul 2>&1
'<SYSTEM32>\sc.exe' config WSearch start= disabled
'<SYSTEM32>\cmd.exe' /c powershell -Command "$list = Get-WinUserLanguageList; $list = $list | Where-Object {$_.LanguageTag -ne 'en-US'}; Set-WinUserLanguageList $list -Force" >nul 2>&1
'<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "$list = Get-WinUserLanguageList; $list = $list | Where-Object {$_.LanguageTag -ne 'en-US'}; Set-WinUserLanguageList $list -Force"
'<SYSTEM32>\cmd.exe' /c reagentc /disable >nul 2>&1
'<SYSTEM32>\reagentc.exe' /disable
'<SYSTEM32>\cmd.exe' /c bcdedit /deletevalue {default} safeboot >nul 2>&1
'<SYSTEM32>\bcdedit.exe' /deletevalue {default} safeboot
'<SYSTEM32>\cmd.exe' /c bcdedit /set {default} bootmenupolicy Standard >nul 2>&1
'<SYSTEM32>\bcdedit.exe' /set {default} bootmenupolicy Standard
'<SYSTEM32>\cmd.exe' /c bcdedit /set {bootmgr} displaybootmenu no >nul 2>&1
'<SYSTEM32>\bcdedit.exe' /set {bootmgr} displaybootmenu no
'<SYSTEM32>\mshta.exe' %ALLUSERSPROFILE%\1fvh3bn1jjfdi12\bsod.hta

Attempts to shut down the Windows operating system.

技术

术语

教育培训

误区

Technical Information

Curing recommendations

Free trial