| Name | 38d181fa41f6cf0a_RemoveWindowsWebThreat.reg |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RarSFX0\Remove_defender\RemoveWindowsWebThreat.reg |
| Size | 963.0B |
| Processes | 2540 (%E4%B8%80%E9%94%AE%E5%85%B3%E9%97%ADWD.exe) |
| Type | ASCII text |
| MD5 | 6d2f7f8292d0709defc7dc41aca2e19c |
| SHA1 | 79775ac57e01a099bfd38c0734cb9145cfcc0399 |
| SHA256 | 38d181fa41f6cf0a8125620801d745db9f0d479e2ecc130cd136e9190b9de52d |
| CRC32 | B3B8389B |
| ssdeep | 24:jBJtRbOlWaRlWUUOlIVqOF2hIVqOFwIVqOFKMIVqOFG:9JEHBNIhEhIhCIhAMIho |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | eb28aadecbafc660_destroyDefender.exe |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RarSFX0\destroyDefender.exe |
| Size | 159.0KB |
| Processes | 2540 (%E4%B8%80%E9%94%AE%E5%85%B3%E9%97%ADWD.exe) |
| Type | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 09528b8935960d74b0bc38e9170467b6 |
| SHA1 | 006fdd0c889145d75bf59e41afcdc099a4e625be |
| SHA256 | eb28aadecbafc6604e0d4fae9925c89ee607b8e42b37d476334d00c3f799d48d |
| CRC32 | 08DE9022 |
| ssdeep | 768:lYlcLOETB7JQspS5oSAyG9DB27dStPsQ+TxuKOgMBBQdzwYcEgu:2UxJQi0pFuZdQdMu |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | db98caad25f1e2d1_DisableMaintenanceTaskreportinginSecurityHealthUI.reg |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RarSFX0\Remove_SecurityComp\DisableMaintenanceTaskreportinginSecurityHealthUI.reg |
| Size | 1.6KB |
| Processes | 2540 (%E4%B8%80%E9%94%AE%E5%85%B3%E9%97%ADWD.exe) |
| Type | ASCII text |
| MD5 | 1c6b6863c4de362a306659601247ae86 |
| SHA1 | f1c1d7b95c2b82f0e176fbeb0be72b5a5492bde6 |
| SHA256 | db98caad25f1e2d1b486432e759ac4ca1222600688778c60d705ec37d122c7d7 |
| CRC32 | ACE243A4 |
| ssdeep | 48:9JNsMIbw5OI3ThIkBOIkMOIkhOIkxOIkjOIkOOIkAslOIkdOIk4C:P+jbwD3m0RoAw5KnqQ |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 31ba179b08e80d07_RemoveServices.reg |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RarSFX0\Remove_defender\RemoveServices.reg |
| Size | 1.0KB |
| Processes | 2540 (%E4%B8%80%E9%94%AE%E5%85%B3%E9%97%ADWD.exe) |
| Type | ASCII text |
| MD5 | 484e19aa06662da630a2fea2c34a9db6 |
| SHA1 | 09a7c6356df74fbf3e3754725b8e5f4009aabff0 |
| SHA256 | 31ba179b08e80d07e8bfad5c7eb4e1a68a7ccfe81735e4807257c847b5478d6d |
| CRC32 | BF13DB7C |
| ssdeep | 24:jBJt8H2+m2C52+2c2K2s2Zs2sq2sBu2k+VKLn2W2m:9JI01LdnxqsDqD8B+AjT7 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 315bb4e894fc1064_MitigationofFaultTorelantHeap.reg |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RarSFX0\Remove_SecurityComp\MitigationofFaultTorelantHeap.reg |
| Size | 106.0B |
| Processes | 2540 (%E4%B8%80%E9%94%AE%E5%85%B3%E9%97%ADWD.exe) |
| Type | ASCII text |
| MD5 | 675ffd8e08247637839586cfd806c803 |
| SHA1 | c8084f74710f550eb4894f521fdebed875ec157e |
| SHA256 | 315bb4e894fc10642514693e365e7a5f6df0e0c12b21c392aa983da5c8c49974 |
| CRC32 | E9E50170 |
| ssdeep | 3:jBJ0nMWXZ6RKZFNKugLxqrZfjsIa3BSKLV/X:jBJ0nMhRKLNK9LxiLs35LVv |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | f67a3d9c0c161cb2_DisableSpyNetTelemetry.reg |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RarSFX0\Remove_SecurityComp\DisableSpyNetTelemetry.reg |
| Size | 440.0B |
| Processes | 2540 (%E4%B8%80%E9%94%AE%E5%85%B3%E9%97%ADWD.exe) |
| Type | ASCII text |
| MD5 | ce9565b58cd6fde94f6399991839e669 |
| SHA1 | 3b9825dd8f8feb2f652af90e96361186a4e60d03 |
| SHA256 | f67a3d9c0c161cb273819ff6fe64f8aa45195590d8f46e7dd91433a461c4dba3 |
| CRC32 | DDB2849E |
| ssdeep | 12:jBJ0SK09Lh8zVkARAZgdxdzomHFLh8zLRvOdVmdv:jBJt9+VbmGD1J+LR2fm1 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 910c0a93a65b356c_DisableMicrosoftVulnerabileDriverBlocklist.reg |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RarSFX0\Remove_SecurityComp\DisableMicrosoftVulnerabileDriverBlocklist.reg |
| Size | 151.0B |
| Processes | 2540 (%E4%B8%80%E9%94%AE%E5%85%B3%E9%97%ADWD.exe) |
| Type | ASCII text |
| MD5 | 6464757309ef963dcb503b19b8d9dfd6 |
| SHA1 | 68d81799c836fe825d0ac71487de517e7bf84ab9 |
| SHA256 | 910c0a93a65b356c7a9534332555c560285117859d771781f9aca7848a25f336 |
| CRC32 | D0E17245 |
| ssdeep | 3:jBJ0nMWXZ6RKZFNKugLCgT/KRx9sH87wLXpA6M5IBrl7V//:jBJ0nMhRKLNK9LC6/Knc0/G7V3 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | ffe12c22c2fca022_RemoveSecurityandMaintenance.reg |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RarSFX0\Remove_SecurityComp\RemoveSecurityandMaintenance.reg |
| Size | 745.0B |
| Processes | 2540 (%E4%B8%80%E9%94%AE%E5%85%B3%E9%97%ADWD.exe) |
| Type | ASCII text |
| MD5 | 404d6ec6189f8dd2f45816d4e34b2501 |
| SHA1 | fd4e2998dee542f7826d3441006198652766b655 |
| SHA256 | ffe12c22c2fca0229ce7fd8e7a5953a3df57b32a1c152ad5a104aacbba874a00 |
| CRC32 | C1CD7CAE |
| ssdeep | 12:jBJ0SK0k1GFw82v1GFmLqWVk1GFmLqUU82v1GFmLMVjnQVI91GFmLeoVk1GFmLeK:jBJtk1Iwv1ImWak1ImWUUv1ImIV7AI9w |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | a6fa768c4964c328_PowerRun.exe |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RarSFX0\PowerRun.exe |
| Size | 873.1KB |
| Processes | 2540 (%E4%B8%80%E9%94%AE%E5%85%B3%E9%97%ADWD.exe) |
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | fc1fb033d57f72089fb4762245a8b18d |
| SHA1 | 7ec0f7ca5f0e0d20e5372bf69865d0a809e6cc8e |
| SHA256 | a6fa768c4964c328c748558627c20c2ba455e589a1b87cfa3911d197da1688d2 |
| CRC32 | 92D7BEFA |
| ssdeep | 24576:g2DW/xbWX2YIb3Qsu3/PNL3Q7HybtTpAA+c:g2EaXSQsW/PNjQLY9ARc |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 7b4abcd75af76bf6_RemovalofAnti-PhishingServices.reg |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RarSFX0\Remove_SecurityComp\RemovalofAnti-PhishingServices.reg |
| Size | 1.9KB |
| Processes | 2540 (%E4%B8%80%E9%94%AE%E5%85%B3%E9%97%ADWD.exe) |
| Type | ASCII text |
| MD5 | a5cbb7103c27b76a89f26c634112eaa1 |
| SHA1 | efeee8a765b4527bc0642b7bdc72a9ee128c138d |
| SHA256 | 7b4abcd75af76bf67bc0028fd42083c4dfb81f4b27ac3e7b54bacb16436165b4 |
| CRC32 | 175CC22F |
| ssdeep | 48:9JmIk0a0PIafIaPIDYID0nIDzIDI0+J+aJ+akID0nIDzIDI00a0PIafIaV:PNar37wIASo3GwIAtr6 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 671882e8377147b9_ExploitGuard_d.reg |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RarSFX0\Remove_SecurityComp\ExploitGuard_d.reg |
| Size | 997.0B |
| Processes | 2540 (%E4%B8%80%E9%94%AE%E5%85%B3%E9%97%ADWD.exe) |
| Type | ASCII text |
| MD5 | bdc67b037015e5757e50349fdaaad2ce |
| SHA1 | a2e6a07b244bca46bb87d2793442a2967f176d6e |
| SHA256 | 671882e8377147b9778131d45f5008aaafe25b07c5e45eede4f84b46935e3973 |
| CRC32 | A9B3CF97 |
| ssdeep | 24:jBJt9+VZtWd+VfMO+VfU+Vg+VfMOIfWzxYSUIVt:9Jf+BC+BMO+m+y+BMOIfWySUID |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | f89c94c0952008e3_DisableDevDriveProtection.reg |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RarSFX0\Remove_SecurityComp\DisableDevDriveProtection.reg |
| Size | 155.0B |
| Processes | 2540 (%E4%B8%80%E9%94%AE%E5%85%B3%E9%97%ADWD.exe) |
| Type | ASCII text |
| MD5 | 6a49e74e740be0f0720994c0dd39debd |
| SHA1 | f39c579314ee0c23985d4b6126dfc5043ba5314b |
| SHA256 | f89c94c0952008e38b1da6f73fb2b2802421673db7e57354e6cd5755a47553a7 |
| CRC32 | 519072AD |
| ssdeep | 3:jBJ0nMWXZ6RKZFNKugLxqrZfyM1KJA77ZXinaMJ7V/W:jBJ0nMhRKLNK9LxiH18A77ZynaMJ7Vu |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | a712ea7de1e93b1e_RemoveStartupEntries.reg |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RarSFX0\Remove_defender\RemoveStartupEntries.reg |
| Size | 421.0B |
| Processes | 2540 (%E4%B8%80%E9%94%AE%E5%85%B3%E9%97%ADWD.exe) |
| Type | ASCII text |
| MD5 | 46e1f130651252baa33fbd9584de7924 |
| SHA1 | 734cf2e4f573142dbb3f9714e1162a2309c3bb55 |
| SHA256 | a712ea7de1e93b1e8cf780d6e0d042fcf5e277171f6cccfa5d48e20a48a2ac16 |
| CRC32 | C72091DE |
| ssdeep | 12:jBJ0SK08i2wvVjrtPtLMVjnQ88tPtLMVjrhPV:jBJt8iVvV1PtIV7cPtIV5PV |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name |
e3b0c44298fc1c14___tmp_rar_sfx_access_check_18061265
Empty file or file not found
|
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RarSFX0\__tmp_rar_sfx_access_check_18061265 |
| Size | 0.0B |
| Type | empty |
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| CRC32 | 00000000 |
| ssdeep | 3:: |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 932291462f74d0da_RemoveShellAssociation.reg |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RarSFX0\Remove_defender\RemoveShellAssociation.reg |
| Size | 1.4KB |
| Processes | 2540 (%E4%B8%80%E9%94%AE%E5%85%B3%E9%97%ADWD.exe) |
| Type | ASCII text |
| MD5 | d6df2c7f5b3faed2c5403b8ecd3e7157 |
| SHA1 | d220b9cd650aaa4d1137ea304cc28a66216c6163 |
| SHA256 | 932291462f74d0da711f6c9a9c148801b2cef52f941d8d8903c78f537dc2d49a |
| CRC32 | 2F4E3299 |
| ssdeep | 24:jBJtY2r8VOsWZWRbr+Svb882gWaX/Ym53Vt2C53VV:9JmZHm0b6ab88BvX/H5ltP5lV |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 529ba3d890cc8600_Remove and Disable Microsoft Pluton.reg |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RarSFX0\Remove_SecurityComp\Remove and Disable Microsoft Pluton.reg |
| Size | 233.0B |
| Processes | 2540 (%E4%B8%80%E9%94%AE%E5%85%B3%E9%97%ADWD.exe) |
| Type | ASCII text |
| MD5 | a2bdc4b46c8714a317f157abc95673c8 |
| SHA1 | 133fac893ea7e44c1e90b6ad5b78d09c88d960ad |
| SHA256 | 529ba3d890cc8600221841ecc3fd4419c4e4c6cfcf655df163da2805a57db7a5 |
| CRC32 | 014953D2 |
| ssdeep | 6:jBJ0nMhRKLNKrMLC6/Kb4sMLC6/KbAkMLC6/KbWS:jBJ0SK0YLn/y4Ln/y8Ln/yL |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 9648eaafbf79cc32_DestroyDefender.bat |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RarSFX0\DestroyDefender.bat |
| Size | 4.1KB |
| Processes | 2540 (%E4%B8%80%E9%94%AE%E5%85%B3%E9%97%ADWD.exe) |
| Type | ASCII text, with very long lines |
| MD5 | 995b173aaeaff46aa0b55747afd3e652 |
| SHA1 | 2f6dc73c5b08881738d01203428d7f50190d95cc |
| SHA256 | 9648eaafbf79cc32c3460aa5b5e48bad7a08a7a010cce5caffa0970580410fa0 |
| CRC32 | 517A0FAF |
| ssdeep | 96:SlINI7iyBw27z/2feD1+wkLNzRrLgRpIGAEsmJql5yYoZ:SlIyiYz/2fSKzRrU7HtZ |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | f3fa1708ff76cf83_WindowsSettingsPageVisibility.reg |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RarSFX0\Remove_defender\WindowsSettingsPageVisibility.reg |
| Size | 168.0B |
| Processes | 2540 (%E4%B8%80%E9%94%AE%E5%85%B3%E9%97%ADWD.exe) |
| Type | ASCII text |
| MD5 | 698a36e4289bc616ecddf11f3422cbf3 |
| SHA1 | b75a693422a1d1d25d890306f33c682080eca2de |
| SHA256 | f3fa1708ff76cf83f28c5967402f55c2e7b744275932f8e457ed4f53e213bd66 |
| CRC32 | 8400243B |
| ssdeep | 3:jBJ0nMWXZ6RKZFNKugLxqrZfyM1K7eB/k+UyWA8x17HMJQW31NP:jBJ0nMhRKLNK9LxiH1jhRUyWj17HIQ2 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | ef71783c18624e5c_RemoveSignatureUpdates.reg |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RarSFX0\Remove_defender\RemoveSignatureUpdates.reg |
| Size | 565.0B |
| Processes | 2540 (%E4%B8%80%E9%94%AE%E5%85%B3%E9%97%ADWD.exe) |
| Type | ASCII text |
| MD5 | 676c0fece649e01cde33cec844092fe7 |
| SHA1 | 9c37fa5572637bca87a48e7561408ade7911bcd7 |
| SHA256 | ef71783c18624e5c80cae1b445b545eefa0338e7736b0c5e9272f6dad1cb7092 |
| CRC32 | 203C9DEC |
| ssdeep | 12:jBJ0SK087WSAdRMLh8zVcJesRHs9/Gkmj54zfhHGSPRop+HT9cOyRF/g:jBJt8iSAs+VCa46jlzhkRF4 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | a5e835c60f19233f_RemovalofWindowsDefenderAntivirus.reg |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RarSFX0\Remove_defender\RemovalofWindowsDefenderAntivirus.reg |
| Size | 4.4KB |
| Processes | 2540 (%E4%B8%80%E9%94%AE%E5%85%B3%E9%97%ADWD.exe) |
| Type | ASCII text |
| MD5 | a9cd4115660909a5ff375f960193c315 |
| SHA1 | fc40c068e6da67113dc27d76df216ebcdd8b16c9 |
| SHA256 | a5e835c60f19233f4adf294821bbd82663e185ccd38444993e7be983235760af |
| CRC32 | 3BA4BFDA |
| ssdeep | 48:9Jmh5Khuh/emh8IhH/WmhUEhMhth5hoPfEhyeNhlz6h5SpPKkVemuI1/WmGESbPa:Pa//KCOGSf/W62KZL/RG4ldz/V2oZP |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 930af3fc9ed5e887_NomoreDelayandTimeouts.reg |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RarSFX0\Remove_defender\NomoreDelayandTimeouts.reg |
| Size | 1.3KB |
| Processes | 2540 (%E4%B8%80%E9%94%AE%E5%85%B3%E9%97%ADWD.exe) |
| Type | ASCII text |
| MD5 | 4e7a3f9f0275fe7ca00e9632f196f13f |
| SHA1 | f1250f21ec07bd882f6ec8609c10d57938d571a1 |
| SHA256 | 930af3fc9ed5e887dd9e389698ae4cc813f94bf89d4ae59759d11cc3adf95045 |
| CRC32 | 6600B63A |
| ssdeep | 24:jBJt9IV1GIVKhZReV2qhZRIV2EgHBrab1HwzKTztDSTztDBY8V7PlDw:9JfISIUhZRe3hZRIcuHwzaztDiztDvRO |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 78dc269070acbaf7_DisableVBS.reg |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RarSFX0\Remove_SecurityComp\DisableVBS.reg |
| Size | 2.0KB |
| Processes | 2540 (%E4%B8%80%E9%94%AE%E5%85%B3%E9%97%ADWD.exe) |
| Type | ASCII text |
| MD5 | 4e8a9b71d2adbc532c9cb80cdba091d6 |
| SHA1 | 8fca69ace3cd23588459981ef6dfb61fcdb820d8 |
| SHA256 | 78dc269070acbaf7981717c584d983cba142abccb2c7efbd9158015147674e77 |
| CRC32 | 4E8FC899 |
| ssdeep | 48:9JR0IDt+ID+4JRrZbp1d331ueID+zmIDtMIDtGIDtKIDt83ID+d9354R:PRBlzZtcYNBjBtBpBN7 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 9e373722530a78ab_DisableDefenderPolicies.reg |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RarSFX0\Remove_defender\DisableDefenderPolicies.reg |
| Size | 7.8KB |
| Processes | 2540 (%E4%B8%80%E9%94%AE%E5%85%B3%E9%97%ADWD.exe) |
| Type | ASCII text |
| MD5 | 996a2082ef8682964fdfe432a397b6a4 |
| SHA1 | 22c3e28e0dd13a59190a60c030f0e5f144f81646 |
| SHA256 | 9e373722530a78ab12472a38e0b6834a31162c25eeac4f02ce9cdb755e1effb0 |
| CRC32 | 7DE03485 |
| ssdeep | 192:PQ5lzMFJWMJrtk3UkpOPeH+V77uSp2Tks8prWLVqFv+Nc:PQXMFJWMJrtk3UkpOPeH+V77uSp2Is8Z |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 9c098d624b4fd2ce_RemoveWindowsDefenderFirewallRules.reg |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RarSFX0\Remove_SecurityComp\RemoveWindowsDefenderFirewallRules.reg |
| Size | 542.0B |
| Processes | 2540 (%E4%B8%80%E9%94%AE%E5%85%B3%E9%97%ADWD.exe) |
| Type | ASCII text |
| MD5 | 4fca1f4c96dd37618c176a6461e30a03 |
| SHA1 | 7257b1c45e276c4650e49811b0d2512ebdd967c7 |
| SHA256 | 9c098d624b4fd2ce42067a75d0d5f37e6d580e5430ee68dea36d4325e424f1b4 |
| CRC32 | E3CBE47F |
| ssdeep | 12:jBJ0SK09Ln/yc/53GK8XIdLWLkIfLn/yc/Ei8IEY9dgf:jBJt92C53nF2Bf2CEGEAm |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | fcc2f442c6689677_DisableLSAProtection.reg |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RarSFX0\Remove_SecurityComp\DisableLSAProtection.reg |
| Size | 500.0B |
| Processes | 2540 (%E4%B8%80%E9%94%AE%E5%85%B3%E9%97%ADWD.exe) |
| Type | ASCII text |
| MD5 | a9f8c796b2074848731999f656c2ab9c |
| SHA1 | 5a522bf62fe3e2eb3f599bdd0fb77981071c5bc8 |
| SHA256 | fcc2f442c668967702805e375cc765247c4bf265a90c2289b37caeaa1537b6f7 |
| CRC32 | B31B62AC |
| ssdeep | 12:jBJ0SK09Lh8zV/gyqqULn/ZsFwM/cXQZ1UIPs/CLn84LmqmTGZelJV:jBJt9+V/5AxM/iCPsd4aHTrJV |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | f606ecc982d3bcbf_DisableAntivirusProtection.reg |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RarSFX0\Remove_defender\DisableAntivirusProtection.reg |
| Size | 1.4KB |
| Processes | 2540 (%E4%B8%80%E9%94%AE%E5%85%B3%E9%97%ADWD.exe) |
| Type | ASCII text |
| MD5 | 173359f06739be830c9d79ab767cbc43 |
| SHA1 | 68137b1e54cf2b06de87793530a379f8f0f46fd3 |
| SHA256 | f606ecc982d3bcbf1ec4651a183d542891fc325f9099ba0e802aa6926abef724 |
| CRC32 | 23A7801A |
| ssdeep | 24:jBJt88An+VnCa8ax+VD0mrWrNrV3RZXm8ZKxNDB+I1BUEUCBVnCI:9JNAn+BCox+ymqR1XmeKf9+IDtUSBCI |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 0e8eff9d7c2a6d2c_DisableTamperProtection.reg |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RarSFX0\Remove_SecurityComp\DisableTamperProtection.reg |
| Size | 319.0B |
| Processes | 2540 (%E4%B8%80%E9%94%AE%E5%85%B3%E9%97%ADWD.exe) |
| Type | ASCII text |
| MD5 | b764c4455dad6bda01e10679e04de52b |
| SHA1 | bef8831d74b98e0fc4d10809d149a7bca7020215 |
| SHA256 | 0e8eff9d7c2a6d2cfa40a7530753cccffc959186c9e1a89eb623e2dd5bdcef6d |
| CRC32 | 5B7D1A92 |
| ssdeep | 6:jBJ0nMhRKLNK8dWDvlFQsAGvNLxiH18A73eX/+A45iqMg7VYFuoJH5iqm7V3:jBJ0SK08vuNLMV12/48GYjH8nR3 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | cf9e538aaea08109_DisableSystemMitigations.reg |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RarSFX0\Remove_SecurityComp\DisableSystemMitigations.reg |
| Size | 866.0B |
| Processes | 2540 (%E4%B8%80%E9%94%AE%E5%85%B3%E9%97%ADWD.exe) |
| Type | ASCII text |
| MD5 | c7d9de0b032d8d54751713ed3d2954c5 |
| SHA1 | a3bc8c4aaad6b0771f780685854948b2d9cee35f |
| SHA256 | cf9e538aaea081090e945093f69919d1a76c34f0200ffb1a61684273bf43eba4 |
| CRC32 | E7ABA75D |
| ssdeep | 24:jBJt9IVNgRUXAC9N3b3RUfPQilkRUQoRo:9JfI06PN36Ailk6K |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | d3fc31e347e01560_RemoverofDefenderContextMenu.reg |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RarSFX0\Remove_defender\RemoverofDefenderContextMenu.reg |
| Size | 590.0B |
| Processes | 2540 (%E4%B8%80%E9%94%AE%E5%85%B3%E9%97%ADWD.exe) |
| Type | ASCII text |
| MD5 | 5bd5f87272714328644ab48bb7c00f81 |
| SHA1 | 84dfccdbea857b8bf96c88cf11247eb5880cda40 |
| SHA256 | d3fc31e347e01560159e4a3955f4ceca4ee12b06a2f56c448ce5d10c9c8788cd |
| CRC32 | C1CD6167 |
| ssdeep | 12:jBJ0SK0YLetVjnQrWgmLMVjnQrWgsGiApLMVX0Fv:jBJtYCtV7kRmIV7kRspApIVXe |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e3c47e6fe49e0f39_RemoveSecHealthApp.ps1 |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RarSFX0\RemoveSecHealthApp.ps1 |
| Size | 1.7KB |
| Processes | 2540 (%E4%B8%80%E9%94%AE%E5%85%B3%E9%97%ADWD.exe) |
| Type | ASCII text |
| MD5 | efadf19c5a26d17b4da7eb7783ca6154 |
| SHA1 | d1187363963c61d24a106fdeefec44ab8312f0ed |
| SHA256 | e3c47e6fe49e0f3905ba47ee21daff40a53ac9c2d18eb452a27812ef054a4cdc |
| CRC32 | D3541612 |
| ssdeep | 48:N/8r1akzmZnWnZxT1eIcme9OkjmNyTWg47cYROkjmNyX:2R/mGxBeIcmEOk+ym7c2Ok+yX |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 9b379b8478d9ec72_DisableDefenderandSecurityCenterNotifications.reg |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RarSFX0\Remove_defender\DisableDefenderandSecurityCenterNotifications.reg |
| Size | 1.1KB |
| Processes | 2540 (%E4%B8%80%E9%94%AE%E5%85%B3%E9%97%ADWD.exe) |
| Type | ASCII text |
| MD5 | 3ffd3ac807cc5ff5fbf6b6679df660fc |
| SHA1 | c5c6ceb92305e83b82baf8b9a9245f6a2c70629d |
| SHA256 | 9b379b8478d9ec722c72d0eff669e132dc52c44e8d27bea832b6fbe6d4f00f11 |
| CRC32 | FC546682 |
| ssdeep | 24:jBJt8sekI1BUGOVI1BUGeI1BUGdVNK79bIfFIfLZgpG+VKEZPYVtSxZ:9JFekIDx0IDxeIDxDNSbINIDyM+ATYZ |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | d7d86b7b1b8535a2_RemoveDefenderTasks.reg |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RarSFX0\Remove_defender\RemoveDefenderTasks.reg |
| Size | 565.0B |
| Processes | 2540 (%E4%B8%80%E9%94%AE%E5%85%B3%E9%97%ADWD.exe) |
| Type | ASCII text |
| MD5 | 24104d7ce85a742bd72c9063c7807583 |
| SHA1 | bcc91c5b20e2c34f5a507d913cfbf14d57626f88 |
| SHA256 | d7d86b7b1b8535a28ce0bd897ef6e6e5ebaf6e9c153bbb6052f45cea58836f76 |
| CRC32 | B6487FE0 |
| ssdeep | 12:jBJ0SK0YLMV2/+ClviV3fmLMV2/+ClvfSmS0LMV2/+ClvJ/y2LMV2/+ClvV+kXUq:jBJtYIV2FlvmOIV2Flvf/S0IV2FlvJrH |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2fef430e1b4c0fd6_DisableSmartScreen.reg |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RarSFX0\Remove_SecurityComp\DisableSmartScreen.reg |
| Size | 1.6KB |
| Processes | 2540 (%E4%B8%80%E9%94%AE%E5%85%B3%E9%97%ADWD.exe) |
| Type | ASCII text |
| MD5 | e14885202245cab031174c1308ea1931 |
| SHA1 | 0b841a93e510faa9880d0df685a469e4e52efe3c |
| SHA256 | 2fef430e1b4c0fd66bcacefb5b90e7ea1b036dc377dbaa0d5543e429b71aea76 |
| CRC32 | 63D75615 |
| ssdeep | 48:9JNWmMnZC16Lk9SoBIss+BHwIDuIDdO7nID5IDPc7VW3RCXnnm+2EM:PEmMZm+kodsXBHPZRwIW7+8hghhM |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 225980b59c55db6a_DisableUAC.reg |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\RarSFX0\Remove_SecurityComp\DisableUAC.reg |
| Size | 829.0B |
| Processes | 2540 (%E4%B8%80%E9%94%AE%E5%85%B3%E9%97%ADWD.exe) |
| Type | ASCII text |
| MD5 | a180033fbcabea819f69385ee72b7e11 |
| SHA1 | 169272c0e0446065fb71d098c49c74fc422ff65f |
| SHA256 | 225980b59c55db6a3eaf7424451da1994c75874872744d304fe43206e2fb5ae7 |
| CRC32 | 41826302 |
| ssdeep | 24:jBJt8iIV1mALCBAentCjXA4bGRwtomEAhvrIcIV1n6h:9JnIhGdCjRbGko6pIT6h |
| Yara | None matched |
| VirusTotal | Search for analysis |