Trojan.MulDrop20.21081

Technical Information

Modifies file system

Creates the following files

%TEMP%\reg6d43.tmp
<SYSTEM32>\config\winsockcatalog.txt
<SYSTEM32>\config\envinfo.txt
<SYSTEM32>\config\localemetadata\wlanautoconfiglog_1033.mta
%WINDIR%\ServiceProfiles\LocalService\appdata\local\temp\msgf97b.tmp
%WINDIR%\ServiceProfiles\LocalService\appdata\local\temp\pubf97c.tmp
%WINDIR%\ServiceProfiles\LocalService\appdata\local\temp\evtf97d.tmp
<SYSTEM32>\config\wlanautoconfiglog.evtx
<SYSTEM32>\config\adapterinfo.txt
<SYSTEM32>\processes.txt
<SYSTEM32>\config\osinfo.txt
<SYSTEM32>\reg\networkprofiles.reg.txt
%TEMP%\rega5ff.tmp
<SYSTEM32>\reg\allcredfilter.reg.txt
%TEMP%\reg76e4.tmp
<SYSTEM32>\reg\allcred.reg.txt
%TEMP%\reg7280.tmp
<SYSTEM32>\reg\notif.reg.txt
<SYSTEM32>\config\windowsfirewallconfig.txt
<SYSTEM32>\config\windowsfirewalleffectiverules.txt

Deletes the following files

%TEMP%\reg6d43.tmp
%TEMP%\reg7280.tmp
%TEMP%\reg76e4.tmp
%TEMP%\rega5ff.tmp

Miscellaneous

Creates and executes the following

'<SYSTEM32>\cmd.exe' /c reg export "HKLM\SYSTEM\CurrentControlSet\Control\Winlogon\Notifications" Reg\Notif.reg.txt /y' (with hidden window)
'<SYSTEM32>\cmd.exe' /c echo Connection Security Rules currently enforced : >> config\WindowsFirewallEffectiveRules.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c netsh advfirewall monitor show firewall rule name=all >> config\WindowsFirewallEffectiveRules.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c echo ------------------------------------------------------------------------ >> config\WindowsFirewallEffectiveRules.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c echo Firewall Rules currently enforced : > config\WindowsFirewallEffectiveRules.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c netsh advfirewall consec show rule name=all verbose >> config\WindowsFirewallConfig.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c echo Connection Security Rules : >> config\WindowsFirewallConfig.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c netsh advfirewall firewall show rule name=all verbose >> config\WindowsFirewallConfig.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c certutil -v -enterprise -store -silent NTAuth >> config\envinfo.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c echo Firewall Rules : >> config\WindowsFirewallConfig.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c echo Connection Security Configuration: >> config\WindowsFirewallConfig.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c netsh advfirewall monitor show firewall >> config\WindowsFirewallConfig.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c echo Firewall Configuration: >> config\WindowsFirewallConfig.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c netsh advfirewall monitor show currentprofile >> config\WindowsFirewallConfig.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c echo ------------------------------------------------------------------------ >> config\WindowsFirewallConfig.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c echo Current Profiles: > config\WindowsFirewallConfig.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c netsh winsock show catalog > config\WinsockCatalog.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c netsh advfirewall monitor show consec >> config\WindowsFirewallConfig.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c certutil -v -user -store -silent root >> config\envinfo.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c netsh advfirewall monitor show consec rule name=all >> config\WindowsFirewallEffectiveRules.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c dispdiag -out dispdiag_stop.dat' (with hidden window)
'<SYSTEM32>\cmd.exe' /c sc query eaphost >> config\WcnInfo.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c sc query wlansvc >> config\WcnInfo.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c sc query wcncsvc >> config\WcnInfo.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c netsh wlan sho net m=b >> config\wlaninfo.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c netsh wlan show interfaces >> config\wlaninfo.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c netsh wl show d >> config\wlaninfo.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c netsh wl show i >> config\wlaninfo.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c wevtutil al config\WindowsFirewallLog.evtx' (with hidden window)
'<SYSTEM32>\cmd.exe' /c wevtutil epl "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall" config\WindowsFirewallLog.evtx' (with hidden window)
'<SYSTEM32>\cmd.exe' /c dxdiag /t dxdiag.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c wevtutil al config\WindowsFirewallConsecLogVerbose.evtx' (with hidden window)
'<SYSTEM32>\cmd.exe' /c wevtutil epl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurityVerbose" config\WindowsFirewallConsecLogVerbose.evtx' (with hidden window)
'<SYSTEM32>\cmd.exe' /c wevtutil al config\WindowsFirewallLogVerbose.evtx' (with hidden window)
'<SYSTEM32>\cmd.exe' /c wevtutil epl "Microsoft-Windows-Windows Firewall With Advanced Security/FirewallVerbose" config\WindowsFirewallLogVerbose.evtx' (with hidden window)
'<SYSTEM32>\cmd.exe' /c wevtutil al config\WindowsFirewallConsecLog.evtx' (with hidden window)
'<SYSTEM32>\cmd.exe' /c wevtutil epl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurity" config\WindowsFirewallConsecLog.evtx' (with hidden window)
'<SYSTEM32>\cmd.exe' /c time /t >> config\wlaninfo.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c certutil -v -store -silent root >> config\envinfo.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c certutil -v -store -silent -user My >> config\envinfo.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c certutil -v -store -silent My >> config\envinfo.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c set processor >> config\osinfo.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c reg export "HKLM\SOFTWARE\Policies\Microsoft\WcmSvc" Reg\WCMPolicy.reg.txt /y' (with hidden window)
'<SYSTEM32>\cmd.exe' /c reg export "HKLM\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\NetworkList" Reg\NetworkProfiles.reg.txt /y' (with hidden window)
'<SYSTEM32>\cmd.exe' /c reg export "HKLM\SOFTWARE\Policies\Microsoft\Windows\WiredL2\GP_Policy" Reg\L2GP.reg.txt /y' (with hidden window)
'<SYSTEM32>\cmd.exe' /c reg export "HKCU\SOFTWARE\Microsoft\dot3svc" Reg\HKCUDot3Svc.reg.txt /y' (with hidden window)
'<SYSTEM32>\cmd.exe' /c reg export "HKLM\SOFTWARE\Microsoft\dot3svc" Reg\HKLMDot3Svc.reg.txt /y' (with hidden window)
'<SYSTEM32>\cmd.exe' /c set u >> config\osinfo.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c reg export "HKLM\SOFTWARE\Microsoft\Wlansvc" Reg\HKLMWlanSvc.reg.txt /y' (with hidden window)
'<SYSTEM32>\cmd.exe' /c reg export "HKLM\SOFTWARE\Policies\Microsoft\Windows\Wireless\GPTWirelessPolicy" Reg\GPT.reg.txt /y' (with hidden window)
'<SYSTEM32>\cmd.exe' /c reg export "HKLM\SYSTEM\CurrentControlSet\Services\Wlansvc\Parameters\WlanAPIPermissions" Reg\APIPerm.reg.txt /y' (with hidden window)
'<SYSTEM32>\cmd.exe' /c reg export "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\{edd749de-2ef1-4a80-98d1-81f20e6df58e}" Reg\{edd749de-2ef1-4a80-98d1-81f20e6df58e}.reg....' (with hidden window)
'<SYSTEM32>\cmd.exe' /c reg export "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{33c86cd6-705f-4ba1-9adb-67070b837775}" Reg\{33c86cd6-705f-4ba1-9adb-67070b837775}.reg.txt /y' (with hidden window)
'<SYSTEM32>\cmd.exe' /c reg export "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{07AA0886-CC8D-4e19-A410-1C75AF686E62}" Reg\{07AA0886-CC8D-4e19-A410-1C75AF686E62}.reg.txt /y' (with hidden window)
'<SYSTEM32>\cmd.exe' /c reg export "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters" Reg\AllCredFilter.reg.txt /y' (with hidden window)
'<SYSTEM32>\cmd.exe' /c reg export "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" Reg\AllCred.reg.txt /y' (with hidden window)
'<SYSTEM32>\cmd.exe' /c reg export "HKCU\SOFTWARE\Microsoft\Wlansvc" Reg\HKCUWlanSvc.reg.txt /y' (with hidden window)
'<SYSTEM32>\cmd.exe' /c powercfg.exe /batteryreport /output config\battery-report.html' (with hidden window)
'<SYSTEM32>\cmd.exe' /c systeminfo >> config\osinfo.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c tasklist /svc > processes.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c route print >> config\envinfo.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c netsh lan show profiles >> config\envinfo.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c echo ROUTE PRINT: >> config\envinfo.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c echo. >> config\envinfo.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c ipconfig /all >> config\envinfo.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c netsh mbn show capability interface=* >> config\envinfo.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c netsh mbn show readyinfo interface=* >> config\envinfo.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c netsh mbn show profile name=* interface=* >> config\envinfo.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c netsh mbn show interfaces >> config\envinfo.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c netsh lan show settings >> config\envinfo.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c wevtutil epl "Microsoft-Windows-WLAN-AutoConfig/Operational" config\WLANAutoConfigLog.evtx' (with hidden window)
'<SYSTEM32>\cmd.exe' /c netsh lan show interfaces >> config\envinfo.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c netsh wlan show all > config\envinfo.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c wevtutil al config\WWANLog.evtx' (with hidden window)
'<SYSTEM32>\cmd.exe' /c wevtutil epl "Microsoft-Windows-WWAN-SVC-EVENTS/Operational" config\WWANLog.evtx' (with hidden window)
'<SYSTEM32>\cmd.exe' /c wevtutil al config\WCMLog.evtx' (with hidden window)
'<SYSTEM32>\cmd.exe' /c wevtutil epl "Microsoft-Windows-Wcmsvc/Operational" config\WCMLog.evtx' (with hidden window)
'<SYSTEM32>\cmd.exe' /c wevtutil al config\WLANAutoConfigLog.evtx' (with hidden window)
'<SYSTEM32>\cmd.exe' /c sc query fdrespub >> config\WcnInfo.txt' (with hidden window)
'<SYSTEM32>\cmd.exe' /c sc query upnphost >> config\WcnInfo.txt' (with hidden window)

Executes the following

'<SYSTEM32>\cmd.exe' /c reg export "HKLM\SYSTEM\CurrentControlSet\Control\Winlogon\Notifications" Reg\Notif.reg.txt /y
'<SYSTEM32>\cmd.exe' /c netsh advfirewall firewall show rule name=all verbose >> config\WindowsFirewallConfig.txt
'<SYSTEM32>\netsh.exe' advfirewall firewall show rule name=all verbose
'<SYSTEM32>\cmd.exe' /c echo Connection Security Rules : >> config\WindowsFirewallConfig.txt
'<SYSTEM32>\cmd.exe' /c netsh advfirewall consec show rule name=all verbose >> config\WindowsFirewallConfig.txt
'<SYSTEM32>\netsh.exe' advfirewall consec show rule name=all verbose
'<SYSTEM32>\netsh.exe' advfirewall monitor show consec
'<SYSTEM32>\cmd.exe' /c echo Firewall Rules : >> config\WindowsFirewallConfig.txt
'<SYSTEM32>\cmd.exe' /c echo Firewall Rules currently enforced : > config\WindowsFirewallEffectiveRules.txt
'<SYSTEM32>\netsh.exe' advfirewall monitor show firewall rule name=all
'<SYSTEM32>\cmd.exe' /c echo Connection Security Rules currently enforced : >> config\WindowsFirewallEffectiveRules.txt
'<SYSTEM32>\cmd.exe' /c netsh advfirewall monitor show consec rule name=all >> config\WindowsFirewallEffectiveRules.txt
'<SYSTEM32>\netsh.exe' advfirewall monitor show consec rule name=all
'<SYSTEM32>\cmd.exe' /c wevtutil epl "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall" config\WindowsFirewallLog.evtx
'<SYSTEM32>\cmd.exe' /c echo ------------------------------------------------------------------------ >> config\WindowsFirewallEffectiveRules.txt
'<SYSTEM32>\cmd.exe' /c netsh advfirewall monitor show firewall rule name=all >> config\WindowsFirewallEffectiveRules.txt
'<SYSTEM32>\cmd.exe' /c netsh advfirewall monitor show consec >> config\WindowsFirewallConfig.txt
'<SYSTEM32>\cmd.exe' /c echo Connection Security Configuration: >> config\WindowsFirewallConfig.txt
'<SYSTEM32>\netsh.exe' advfirewall monitor show firewall
'<SYSTEM32>\cmd.exe' /c certutil -v -store -silent root >> config\envinfo.txt
'<SYSTEM32>\certutil.exe' -v -store -silent root
'<SYSTEM32>\cmd.exe' /c certutil -v -enterprise -store -silent NTAuth >> config\envinfo.txt
'<SYSTEM32>\certutil.exe' -v -enterprise -store -silent NTAuth
'<SYSTEM32>\cmd.exe' /c certutil -v -user -store -silent root >> config\envinfo.txt
'<SYSTEM32>\certutil.exe' -v -user -store -silent root
'<SYSTEM32>\certutil.exe' -v -store -silent -user My
'<SYSTEM32>\cmd.exe' /c netsh winsock show catalog > config\WinsockCatalog.txt
'<SYSTEM32>\cmd.exe' /c echo Current Profiles: > config\WindowsFirewallConfig.txt
'<SYSTEM32>\cmd.exe' /c echo ------------------------------------------------------------------------ >> config\WindowsFirewallConfig.txt
'<SYSTEM32>\cmd.exe' /c netsh advfirewall monitor show currentprofile >> config\WindowsFirewallConfig.txt
'<SYSTEM32>\netsh.exe' advfirewall monitor show currentprofile
'<SYSTEM32>\cmd.exe' /c echo Firewall Configuration: >> config\WindowsFirewallConfig.txt
'<SYSTEM32>\cmd.exe' /c netsh advfirewall monitor show firewall >> config\WindowsFirewallConfig.txt
'<SYSTEM32>\netsh.exe' winsock show catalog
'<SYSTEM32>\wevtutil.exe' epl "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall" config\WindowsFirewallLog.evtx
'<SYSTEM32>\wevtutil.exe' al config\WindowsFirewallLog.evtx
'<SYSTEM32>\cmd.exe' /c sc query upnphost >> config\WcnInfo.txt
'<SYSTEM32>\cmd.exe' /c wevtutil epl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurity" config\WindowsFirewallConsecLog.evtx
'<SYSTEM32>\netsh.exe' wl show d
'<SYSTEM32>\cmd.exe' /c netsh wlan show interfaces >> config\wlaninfo.txt
'<SYSTEM32>\netsh.exe' wlan show interfaces
'<SYSTEM32>\cmd.exe' /c netsh wlan sho net m=b >> config\wlaninfo.txt
'<SYSTEM32>\netsh.exe' wlan sho net m=b
'<SYSTEM32>\netsh.exe' wl show i
'<SYSTEM32>\cmd.exe' /c netsh wl show d >> config\wlaninfo.txt
'<SYSTEM32>\cmd.exe' /c sc query wcncsvc >> config\WcnInfo.txt
'<SYSTEM32>\sc.exe' query wlansvc
'<SYSTEM32>\cmd.exe' /c sc query eaphost >> config\WcnInfo.txt
'<SYSTEM32>\sc.exe' query eaphost
'<SYSTEM32>\cmd.exe' /c sc query fdrespub >> config\WcnInfo.txt
'<SYSTEM32>\sc.exe' query fdrespub
'<SYSTEM32>\sc.exe' query wcncsvc
'<SYSTEM32>\cmd.exe' /c sc query wlansvc >> config\WcnInfo.txt
'<SYSTEM32>\cmd.exe' /c netsh wl show i >> config\wlaninfo.txt
'<SYSTEM32>\cmd.exe' /c time /t >> config\wlaninfo.txt
'<SYSTEM32>\dispdiag.exe' -out dispdiag_stop.dat
'<SYSTEM32>\cmd.exe' /c wevtutil al config\WindowsFirewallConsecLog.evtx
'<SYSTEM32>\wevtutil.exe' al config\WindowsFirewallConsecLog.evtx
'<SYSTEM32>\cmd.exe' /c wevtutil epl "Microsoft-Windows-Windows Firewall With Advanced Security/FirewallVerbose" config\WindowsFirewallLogVerbose.evtx
'<SYSTEM32>\wevtutil.exe' epl "Microsoft-Windows-Windows Firewall With Advanced Security/FirewallVerbose" config\WindowsFirewallLogVerbose.evtx
'<SYSTEM32>\cmd.exe' /c wevtutil al config\WindowsFirewallLogVerbose.evtx
'<SYSTEM32>\wevtutil.exe' al config\WindowsFirewallLogVerbose.evtx
'<SYSTEM32>\wevtutil.exe' epl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurity" config\WindowsFirewallConsecLog.evtx
'<SYSTEM32>\cmd.exe' /c wevtutil epl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurityVerbose" config\WindowsFirewallConsecLogVerbose.evtx
'<SYSTEM32>\cmd.exe' /c wevtutil al config\WindowsFirewallConsecLogVerbose.evtx
'<SYSTEM32>\wevtutil.exe' al config\WindowsFirewallConsecLogVerbose.evtx
'<SYSTEM32>\cmd.exe' /c dxdiag /t dxdiag.txt
'<SYSTEM32>\dxdiag.exe' /t dxdiag.txt
'%WINDIR%\syswow64\dxdiag.exe' /t dxdiag.txt
'<SYSTEM32>\cmd.exe' /c dispdiag -out dispdiag_stop.dat
'<SYSTEM32>\wevtutil.exe' epl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurityVerbose" config\WindowsFirewallConsecLogVerbose.evtx
'<SYSTEM32>\cmd.exe' /c certutil -v -store -silent -user My >> config\envinfo.txt
'<SYSTEM32>\cmd.exe' /c wevtutil al config\WindowsFirewallLog.evtx
'<SYSTEM32>\certutil.exe' -v -store -silent My
'<SYSTEM32>\powercfg.exe' /batteryreport /output config\battery-report.html
'<SYSTEM32>\reg.exe' export "HKLM\SOFTWARE\Microsoft\dot3svc" Reg\HKLMDot3Svc.reg.txt /y
'<SYSTEM32>\cmd.exe' /c reg export "HKCU\SOFTWARE\Microsoft\dot3svc" Reg\HKCUDot3Svc.reg.txt /y
'<SYSTEM32>\reg.exe' export "HKCU\SOFTWARE\Microsoft\dot3svc" Reg\HKCUDot3Svc.reg.txt /y
'<SYSTEM32>\cmd.exe' /c reg export "HKLM\SOFTWARE\Policies\Microsoft\Windows\WiredL2\GP_Policy" Reg\L2GP.reg.txt /y
'<SYSTEM32>\reg.exe' export "HKLM\SOFTWARE\Policies\Microsoft\Windows\WiredL2\GP_Policy" Reg\L2GP.reg.txt /y
'<SYSTEM32>\reg.exe' export "HKLM\SOFTWARE\Microsoft\Wlansvc" Reg\HKLMWlanSvc.reg.txt /y
'<SYSTEM32>\cmd.exe' /c reg export "HKLM\SOFTWARE\Microsoft\dot3svc" Reg\HKLMDot3Svc.reg.txt /y
'<SYSTEM32>\cmd.exe' /c reg export "HKLM\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\NetworkList" Reg\NetworkProfiles.reg.txt /y
'<SYSTEM32>\reg.exe' export "HKLM\SOFTWARE\Policies\Microsoft\WcmSvc" Reg\WCMPolicy.reg.txt /y
'<SYSTEM32>\cmd.exe' /c set processor >> config\osinfo.txt
'<SYSTEM32>\cmd.exe' /c systeminfo >> config\osinfo.txt
'<SYSTEM32>\systeminfo.exe'
'<SYSTEM32>\cmd.exe' /c set u >> config\osinfo.txt
'<SYSTEM32>\reg.exe' export "HKLM\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\NetworkList" Reg\NetworkProfiles.reg.txt /y
'<SYSTEM32>\cmd.exe' /c reg export "HKLM\SOFTWARE\Policies\Microsoft\WcmSvc" Reg\WCMPolicy.reg.txt /y
'<SYSTEM32>\cmd.exe' /c reg export "HKLM\SOFTWARE\Microsoft\Wlansvc" Reg\HKLMWlanSvc.reg.txt /y
'<SYSTEM32>\reg.exe' export "HKCU\SOFTWARE\Microsoft\Wlansvc" Reg\HKCUWlanSvc.reg.txt /y
'<SYSTEM32>\cmd.exe' /c reg export "HKCU\SOFTWARE\Microsoft\Wlansvc" Reg\HKCUWlanSvc.reg.txt /y
'<SYSTEM32>\cmd.exe' /c reg export "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" Reg\AllCred.reg.txt /y
'<SYSTEM32>\reg.exe' export "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" Reg\AllCred.reg.txt /y
'<SYSTEM32>\cmd.exe' /c reg export "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters" Reg\AllCredFilter.reg.txt /y
'<SYSTEM32>\reg.exe' export "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters" Reg\AllCredFilter.reg.txt /y
'<SYSTEM32>\cmd.exe' /c reg export "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{07AA0886-CC8D-4e19-A410-1C75AF686E62}" Reg\{07AA0886-CC8D-4e19-A410-1C75AF686E62}.reg.txt /y
'<SYSTEM32>\reg.exe' export "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{07AA0886-CC8D-4e19-A410-1C75AF686E62}" Reg\{07AA0886-CC8D-4e19-A410-1C75AF686E62}.reg.txt /y
'<SYSTEM32>\reg.exe' export "HKLM\SYSTEM\CurrentControlSet\Control\Winlogon\Notifications" Reg\Notif.reg.txt /y
'<SYSTEM32>\cmd.exe' /c reg export "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{33c86cd6-705f-4ba1-9adb-67070b837775}" Reg\{33c86cd6-705f-4ba1-9adb-67070b837775}.reg.txt /y
'<SYSTEM32>\cmd.exe' /c reg export "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\{edd749de-2ef1-4a80-98d1-81f20e6df58e}" Reg\{edd749de-2ef1-4a80-98d1-81f20e6df58e}.reg....
'<SYSTEM32>\reg.exe' export "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\{edd749de-2ef1-4a80-98d1-81f20e6df58e}" Reg\{edd749de-2ef1-4a80-98d1-81f20e6df58e}.reg.txt /y
'<SYSTEM32>\cmd.exe' /c reg export "HKLM\SYSTEM\CurrentControlSet\Services\Wlansvc\Parameters\WlanAPIPermissions" Reg\APIPerm.reg.txt /y
'<SYSTEM32>\reg.exe' export "HKLM\SYSTEM\CurrentControlSet\Services\Wlansvc\Parameters\WlanAPIPermissions" Reg\APIPerm.reg.txt /y
'<SYSTEM32>\cmd.exe' /c reg export "HKLM\SOFTWARE\Policies\Microsoft\Windows\Wireless\GPTWirelessPolicy" Reg\GPT.reg.txt /y
'<SYSTEM32>\reg.exe' export "HKLM\SOFTWARE\Policies\Microsoft\Windows\Wireless\GPTWirelessPolicy" Reg\GPT.reg.txt /y
'<SYSTEM32>\reg.exe' export "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{33c86cd6-705f-4ba1-9adb-67070b837775}" Reg\{33c86cd6-705f-4ba1-9adb-67070b837775}.reg.txt /y
'<SYSTEM32>\cmd.exe' /c powercfg.exe /batteryreport /output config\battery-report.html
'<SYSTEM32>\cmd.exe' /c tasklist /svc > processes.txt
'<SYSTEM32>\route.exe' print
'<SYSTEM32>\tasklist.exe' /svc
'<SYSTEM32>\cmd.exe' /c netsh mbn show interfaces >> config\envinfo.txt
'<SYSTEM32>\netsh.exe' mbn show interfaces
'<SYSTEM32>\cmd.exe' /c netsh mbn show profile name=* interface=* >> config\envinfo.txt
'<SYSTEM32>\netsh.exe' mbn show profile name=* interface=*
'<SYSTEM32>\cmd.exe' /c netsh mbn show readyinfo interface=* >> config\envinfo.txt
'<SYSTEM32>\cmd.exe' /c netsh lan show profiles >> config\envinfo.txt
'<SYSTEM32>\netsh.exe' lan show profiles
'<SYSTEM32>\netsh.exe' mbn show readyinfo interface=*
'<SYSTEM32>\cmd.exe' /c ipconfig /all >> config\envinfo.txt
'<SYSTEM32>\ipconfig.exe' /all
'<SYSTEM32>\cmd.exe' /c echo. >> config\envinfo.txt
'<SYSTEM32>\cmd.exe' /c echo ROUTE PRINT: >> config\envinfo.txt
'<SYSTEM32>\cmd.exe' /c route print >> config\envinfo.txt
'<SYSTEM32>\cmd.exe' /c netsh mbn show capability interface=* >> config\envinfo.txt
'<SYSTEM32>\netsh.exe' mbn show capability interface=*
'<SYSTEM32>\netsh.exe' lan show settings
'<SYSTEM32>\cmd.exe' /c netsh lan show settings >> config\envinfo.txt
'<SYSTEM32>\netsh.exe' lan show interfaces
'<SYSTEM32>\wevtutil.exe' epl "Microsoft-Windows-WLAN-AutoConfig/Operational" config\WLANAutoConfigLog.evtx
'<SYSTEM32>\cmd.exe' /c wevtutil al config\WLANAutoConfigLog.evtx
'<SYSTEM32>\wevtutil.exe' al config\WLANAutoConfigLog.evtx
'<SYSTEM32>\cmd.exe' /c wevtutil epl "Microsoft-Windows-Wcmsvc/Operational" config\WCMLog.evtx
'<SYSTEM32>\wevtutil.exe' epl "Microsoft-Windows-Wcmsvc/Operational" config\WCMLog.evtx
'<SYSTEM32>\cmd.exe' /c wevtutil al config\WCMLog.evtx
'<SYSTEM32>\cmd.exe' /c wevtutil epl "Microsoft-Windows-WLAN-AutoConfig/Operational" config\WLANAutoConfigLog.evtx
'<SYSTEM32>\wevtutil.exe' al config\WCMLog.evtx
'<SYSTEM32>\wevtutil.exe' epl "Microsoft-Windows-WWAN-SVC-EVENTS/Operational" config\WWANLog.evtx
'<SYSTEM32>\cmd.exe' /c wevtutil al config\WWANLog.evtx
'<SYSTEM32>\wevtutil.exe' al config\WWANLog.evtx
'<SYSTEM32>\cmd.exe' /c netsh wlan show all > config\envinfo.txt
'<SYSTEM32>\netsh.exe' wlan show all
'<SYSTEM32>\cmd.exe' /c netsh lan show interfaces >> config\envinfo.txt
'<SYSTEM32>\cmd.exe' /c wevtutil epl "Microsoft-Windows-WWAN-SVC-EVENTS/Operational" config\WWANLog.evtx
'<SYSTEM32>\cmd.exe' /c certutil -v -store -silent My >> config\envinfo.txt
'<SYSTEM32>\sc.exe' query upnphost

TECHNOLOGIES

TERMINOLOGIE

COURS ET EDU

MYTHES

Technical Information

Recommandations pour le traitement

Free trial