Trojan.MulDrop35.4166

Technical Information

To ensure autorun and distribution

Creates or modifies the following files

%APPDATA%\microsoft\windows\start menu\programs\startup\update.exe

Malicious functions

Launches a large number of processes

Modifies file system

Creates the following files

%TEMP%\pkg-bzexyg\e54f3930ed2f0f54a318e25094ff51f7f8faaac345d1a813ee96f8d9f98b4021
%TEMP%\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\package.json
%TEMP%\pkg-bzexyg\82567c55bb0ba88de564bbc66e7e4557b1747caff6bb950ce568c87f73050e8e
%TEMP%\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\binding.gyp
%TEMP%\pkg-bzexyg\8d6b400ae7f69a80d0cdd37a968d7b9a913661fa53475e5b8de49dda21684973
%TEMP%\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\lib\sqlite3.js
%TEMP%\pkg-bzexyg\049b7b1b10417274be6c3e6a9518ac364729354435298d70abf834c35e8f3bf3
%TEMP%\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\lib\sqlite3-binding.js
%TEMP%\pkg-bzexyg\d06caec6136120c6fb7ee3681b1ca949e8b634e747ea8d3080c90f35aeb7728f
%TEMP%\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\lib\trace.js
%TEMP%\pkg-bzexyg\a39db87a3a3aa954ac3f6553b9fbfc642eb22bef7586cc1f0559e676aa073fa8
%TEMP%\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\lib\sqlite3.d.ts
%TEMP%\pkg-bzexyg\3cb442a7039ddcad2aac3f8bd5bfd6a4f9ff253ce47c1616b3a4495f11a5d0b9
%TEMP%\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\lib\binding\napi-v6-win32-unknown-x64\node_sqlite3.node
%TEMP%\pkg-bzexyg\7b557c097c162c9ba04985ab822f92a176bf848c34ca38e54f061057ad0d8bd0
%TEMP%\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\deps\common-sqlite.gypi
%TEMP%\pkg-bzexyg\5be353d29c0fabea29cfd34448c196da9506009c0b20fde55e01d4191941dd74
%TEMP%\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\deps\extract.js
%TEMP%\pkg-bzexyg\6172ffa4ed88aaea47b8345c247b75baba4df6f25e070a6b9dcd12c3f37b3e34
%TEMP%\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\deps\sqlite-autoconf-3410100.tar.gz
%TEMP%\pkg-bzexyg\8793f62b1133892ba376d18a15f552ef12b1e016f7e5df32ffb7279b760c11bd
%TEMP%\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\deps\sqlite3.gyp
%TEMP%\pkg-bzexyg\b6e86bf43d74c8ee2c2f57eb1947be6ce5d8c258c4866609571ed6c97b58b53c
%TEMP%\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\async.h
%TEMP%\pkg-bzexyg\c011d2d4e3ac82c55a8f9a9af39d4adea144ab5f1d2dc259299fbf6107b8a6d0
%TEMP%\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\backup.cc
%TEMP%\pkg-bzexyg\d3956cdbb650e1ecff8c94fe4e8645f80e10088156d409703c19f186a9c41aa8
%TEMP%\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\backup.h
%TEMP%\pkg-bzexyg\9b799ccdcf9649a9b79d78dcc2882f60e1a9bfbac98949ad18cef97cb433b22b
%TEMP%\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\database.cc
%TEMP%\pkg-bzexyg\8c5bcd084dddab2f2994b6cddc9b69a8f78a1034588b765e7bd859f27868fe43
%TEMP%\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\database.h
%TEMP%\pkg-bzexyg\9d4264bb1dcbef8d927bb3a1809a01b0b89d726c217cee99ea9ccfdc7d456b6f
%TEMP%\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\gcc-preinclude.h
%TEMP%\pkg-bzexyg\8d1afb5d27eab8302de08aca87eb6edc1b99ae963a854d3bd652a4fc61cbe3c6
%TEMP%\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\macros.h
%TEMP%\pkg-bzexyg\e80fae190ace1a5153a397ae9fe55d6d28651471fb7bebf9bbb5528095d70f44
%TEMP%\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\node_sqlite3.cc
%TEMP%\pkg-bzexyg\f868e9b32074053bdb621d6d1ffc8d8dbe65d14f95b273d57d97b0479741731a
%TEMP%\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\statement.cc
%TEMP%\pkg-bzexyg\2c99d9cef21876db64b610dd9baba8de1f7c94028d6d1c463eb3db213745b3bf
%TEMP%\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\statement.h
%TEMP%\pkg-bzexyg\e0ab4f798bccb877548b0ab0f3d98c051b36cde240fdf424c70ace7daf0ffd36
%TEMP%\pkg\7fb52b781709b065c240b6b81394be6e72e53fe11d7c8e0f7b49dd417eb78a01\sqlite3\src\threading.h
%TEMP%\pkg-bzexyg\ccf44393a655268646df56d826085d733023ba3d4232d57b55b57df390d3914a
%TEMP%\pkg\9cb237d1ab4e0cc18e5666663d96f22f645903931f6d3eb5ef4e149508544705\win-dpapi\package.json
%TEMP%\pkg-bzexyg\006729b3f92963f13ecf83480eb36b8f61ed88e9dc3afcb4b18c7c11e7710d71
%TEMP%\pkg\9cb237d1ab4e0cc18e5666663d96f22f645903931f6d3eb5ef4e149508544705\win-dpapi\index.js
%TEMP%\pkg-bzexyg\f0d4b90be8fc48e3e2f9af864c53a2feb1645e81f08ea654487b5ce8b6f09972
%TEMP%\pkg\9cb237d1ab4e0cc18e5666663d96f22f645903931f6d3eb5ef4e149508544705\win-dpapi\build\release\node-dpapi.node
%LOCALAPPDATA%\microsoft\edge\user data\default\login data_tmp
%LOCALAPPDATA%\microsoft\edge\user data\default\web data_tmp
%LOCALAPPDATA%\microsoft\edge\user data\default\history_tmp
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cookies.sqlite_tmp
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cookies.sqlite_tmp-shm
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\places.sqlite_tmp
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\places.sqlite_tmp-shm
%TEMP%\save-50it9cgisl\browsers\bookmarks.txt
%TEMP%\save-fbx9jk4xru.zip

Deletes following files that it created itself

%LOCALAPPDATA%\microsoft\edge\user data\default\login data_tmp
%LOCALAPPDATA%\microsoft\edge\user data\default\web data_tmp
%LOCALAPPDATA%\microsoft\edge\user data\default\history_tmp
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\cookies.sqlite_tmp-shm
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\places.sqlite_tmp-shm
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\places.sqlite_tmp

Substitutes the following files

%LOCALAPPDATA%\microsoft\edge\user data\default\web data_tmp
%LOCALAPPDATA%\microsoft\edge\user data\default\history_tmp
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\places.sqlite_tmp-shm
%APPDATA%\mozilla\firefox\profiles\dnyauhh1.default-release\places.sqlite_tmp

Network activity

Connects to

'ap#.#pify.org':443
'di##ord.com':443

TCP

Other

'ap#.#pify.org':443
'di##ord.com':443

UDP

DNS ASK ap#.#pify.org
DNS ASK di##ord.com

Miscellaneous

Executes the following

'<SYSTEM32>\cmd.exe' /d /s /c "hostname"
'<SYSTEM32>\hostname.exe'
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""
'<SYSTEM32>\cmd.exe' /d /s /c "wmic csproduct get uuid | more +1"
'<SYSTEM32>\wbem\wmic.exe' csproduct get uuid
'<SYSTEM32>\more.com' +1
'<SYSTEM32>\reg.exe' QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"
'<SYSTEM32>\cmd.exe' /d /s /c "wmic OS get caption, osarchitecture | more +1"
'<SYSTEM32>\wbem\wmic.exe' OS get caption, osarchitecture
'<SYSTEM32>\cmd.exe' /d /s /c "wmic cpu get name | more +1"
'<SYSTEM32>\wbem\wmic.exe' cpu get name
'<SYSTEM32>\cmd.exe' /d /s /c "wmic PATH Win32_VideoController get name | more +1"
'<SYSTEM32>\wbem\wmic.exe' PATH Win32_VideoController get name
'<SYSTEM32>\cmd.exe' /d /s /c "wmic computersystem get totalphysicalmemory | more +1"
'<SYSTEM32>\wbem\wmic.exe' computersystem get totalphysicalmemory
'<SYSTEM32>\cmd.exe' /d /s /c "wmic logicaldisk get size | more +1"
'<SYSTEM32>\wbem\wmic.exe' logicaldisk get size
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""
'<SYSTEM32>\reg.exe' QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook""
'<SYSTEM32>\reg.exe' QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook"
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager""
'<SYSTEM32>\reg.exe' QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx""
'<SYSTEM32>\reg.exe' QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx"
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime""
'<SYSTEM32>\reg.exe' QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime"
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore""
'<SYSTEM32>\reg.exe' QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore"
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40""
'<SYSTEM32>\reg.exe' QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40"
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data""
'<SYSTEM32>\reg.exe' QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data"
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX""
'<SYSTEM32>\reg.exe' QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX"
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData""
'<SYSTEM32>\reg.exe' QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData"
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack""
'<SYSTEM32>\reg.exe' QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack"
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 91.0.2 (x64 en-US)""
'<SYSTEM32>\reg.exe' QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 91.0.2 (x64 en-US)"
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.9.1 (x64 en-US)""
'<SYSTEM32>\reg.exe' QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.9.1 (x64 en-US)"
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2""
'<SYSTEM32>\reg.exe' QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2"
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent""
'<SYSTEM32>\reg.exe' QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent"
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC""
'<SYSTEM32>\reg.exe' QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC"
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver""
'<SYSTEM32>\reg.exe' QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver"
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F86418077F0}""
'<SYSTEM32>\reg.exe' QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F86418077F0}"
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}""
'<SYSTEM32>\reg.exe' QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}"
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6CD9E9ED-906D-4196-8DC3-F987D2F6615F}""
'<SYSTEM32>\reg.exe' QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6CD9E9ED-906D-4196-8DC3-F987D2F6615F}"
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-002A-0000-1000-0000000FF1CE}""
'<SYSTEM32>\reg.exe' QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-002A-0000-1000-0000000FF1CE}"
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-002A-0409-1000-0000000FF1CE}""
'<SYSTEM32>\reg.exe' QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-002A-0409-1000-0000000FF1CE}"
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-0116-0409-1000-0000000FF1CE}""
'<SYSTEM32>\reg.exe' QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-0116-0409-1000-0000000FF1CE}"
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942}""
'<SYSTEM32>\reg.exe' QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942}"
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}""
'<SYSTEM32>\reg.exe' QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}"
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}""
'<SYSTEM32>\cmd.exe' /d /s /c "powershell Get-Clipboard"
'<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Get-Clipboard
'<SYSTEM32>\reg.exe' QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}"
'<SYSTEM32>\cmd.exe' /d /s /c "hostname"' (with hidden window)
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""' (with hidden window)
'<SYSTEM32>\cmd.exe' /d /s /c "wmic csproduct get uuid | more +1"' (with hidden window)
'<SYSTEM32>\cmd.exe' /d /s /c "wmic OS get caption, osarchitecture | more +1"' (with hidden window)
'<SYSTEM32>\cmd.exe' /d /s /c "wmic cpu get name | more +1"' (with hidden window)
'<SYSTEM32>\cmd.exe' /d /s /c "wmic PATH Win32_VideoController get name | more +1"' (with hidden window)
'<SYSTEM32>\cmd.exe' /d /s /c "wmic computersystem get totalphysicalmemory | more +1"' (with hidden window)
'<SYSTEM32>\cmd.exe' /d /s /c "wmic logicaldisk get size | more +1"' (with hidden window)
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall""' (with hidden window)
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook""' (with hidden window)
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager""' (with hidden window)
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx""' (with hidden window)
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime""' (with hidden window)
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore""' (with hidden window)
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40""' (with hidden window)
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data""' (with hidden window)
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX""' (with hidden window)
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData""' (with hidden window)
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack""' (with hidden window)
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 91.0.2 (x64 en-US)""' (with hidden window)
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.9.1 (x64 en-US)""' (with hidden window)
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2""' (with hidden window)
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent""' (with hidden window)
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC""' (with hidden window)
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver""' (with hidden window)
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F86418077F0}""' (with hidden window)
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}""' (with hidden window)
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6CD9E9ED-906D-4196-8DC3-F987D2F6615F}""' (with hidden window)
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-002A-0000-1000-0000000FF1CE}""' (with hidden window)
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-002A-0409-1000-0000000FF1CE}""' (with hidden window)
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-0116-0409-1000-0000000FF1CE}""' (with hidden window)
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942}""' (with hidden window)
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}""' (with hidden window)
'<SYSTEM32>\cmd.exe' /d /s /c "<SYSTEM32>\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}""' (with hidden window)
'<SYSTEM32>\cmd.exe' /d /s /c "powershell Get-Clipboard"' (with hidden window)

Tecnologías

Términos

Formación y educación

Mitos

Technical Information

Curing recommendations

Free trial