- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
Endfield Records Malware Warning (Pull Tracker Explained)
This video explains the malware discovered on EndfieldRecords.com, a website that was used by players to track banner pull logs for Arknights: Endfield.
If you used the site, you should check your PC to make sure the malicious script did not create persistence tasks or registry entries on your system.
Timestamps:
0:00 Brief explanation
0:30 What happened
0:45 What the malware steals
1:05 How to check if your system is infected
1:22 Event Viewer
2:30 Task Scheduler
3:16 Checking Task Scheduler and Startup Programs with Powershell Commands
4:15 System32 Folder
4:54 The 2 Options to Remove the Malware
5:15 How to invalidate the old Token
5:40 What to do after, in case you followed the guide by the Discord user to remove the Malware
5:50 Outro
In this guide I explain:
- what happened with EndfieldRecords
- what the malware attempts to steal
- how to check if your system is infected
- how to remove it
The script reportedly attempted to collect data from files related to games like Wuthering Waves, Genshin Impact, Honkai Star Rail and Zenless Zone Zero, as well as Firefox browser data and Notepad files.
Even if nothing suspicious appears during the checks, it is still recommended to change your passwords and clean sessions if you used the website while it was online.
🔎 PowerShell commands used in the guide:
Check for the scheduled task:
Get-ScheduledTask -TaskName "RegisterDeviceScopeChange" -TaskPath "\Microsoft\Windows\DeviceDirectoryClient"
Check for the registry keys:
Get-Item "HKCU:\Software\Orutime\Lethreme"
Get-Item "HKLM:\Software\Orutime\Lethreme"
Check startup programs:
Get-ItemProperty "HKCU:\Software\Microsoft\Windows\CurrentVersion\Run"
Get-ItemProperty "HKLM:\Software\Microsoft\Windows\CurrentVersion\Run"
Ideally the first three commands should return something like: ObjectNotFound.
The last two commands will show programs that are configured to start automatically when Windows starts.
If you see unknown programs or suspicious URLs, investigate them further before allowing them to run.
⚠️ If you find any of the suspicious files or scheduled tasks mentioned in the video, consider doing a clean Windows reinstall to make sure the malware is completely removed.
#ArknightsEndfield #MalwareWarning #EndfieldRecords
Видео Endfield Records Malware Warning (Pull Tracker Explained) канала NITrogen
If you used the site, you should check your PC to make sure the malicious script did not create persistence tasks or registry entries on your system.
Timestamps:
0:00 Brief explanation
0:30 What happened
0:45 What the malware steals
1:05 How to check if your system is infected
1:22 Event Viewer
2:30 Task Scheduler
3:16 Checking Task Scheduler and Startup Programs with Powershell Commands
4:15 System32 Folder
4:54 The 2 Options to Remove the Malware
5:15 How to invalidate the old Token
5:40 What to do after, in case you followed the guide by the Discord user to remove the Malware
5:50 Outro
In this guide I explain:
- what happened with EndfieldRecords
- what the malware attempts to steal
- how to check if your system is infected
- how to remove it
The script reportedly attempted to collect data from files related to games like Wuthering Waves, Genshin Impact, Honkai Star Rail and Zenless Zone Zero, as well as Firefox browser data and Notepad files.
Even if nothing suspicious appears during the checks, it is still recommended to change your passwords and clean sessions if you used the website while it was online.
🔎 PowerShell commands used in the guide:
Check for the scheduled task:
Get-ScheduledTask -TaskName "RegisterDeviceScopeChange" -TaskPath "\Microsoft\Windows\DeviceDirectoryClient"
Check for the registry keys:
Get-Item "HKCU:\Software\Orutime\Lethreme"
Get-Item "HKLM:\Software\Orutime\Lethreme"
Check startup programs:
Get-ItemProperty "HKCU:\Software\Microsoft\Windows\CurrentVersion\Run"
Get-ItemProperty "HKLM:\Software\Microsoft\Windows\CurrentVersion\Run"
Ideally the first three commands should return something like: ObjectNotFound.
The last two commands will show programs that are configured to start automatically when Windows starts.
If you see unknown programs or suspicious URLs, investigate them further before allowing them to run.
⚠️ If you find any of the suspicious files or scheduled tasks mentioned in the video, consider doing a clean Windows reinstall to make sure the malware is completely removed.
#ArknightsEndfield #MalwareWarning #EndfieldRecords
Видео Endfield Records Malware Warning (Pull Tracker Explained) канала NITrogen
Комментарии отсутствуют
Информация о видео
8 марта 2026 г. 20:48:25
00:05:59
Другие видео канала
All Aurylene Locations in Wuling City | Arknights: Endfield Guide
ALL Chest Location in Qingbo Stockade | Arknights Endfield Chest Guide
The Complete Rossi Guide | (Teams, Builds and Rotations) | Arknights Endfield
ALL Jingyu Valley Chests Location | Arknights Endfield Guide
GET THIS FLAME EFFECT for your Bike | NTE #nte #ntecreator #bike #flame
Umbral Monument | Inorganic Construct Guide | Arknights: Endfield
Major Changes, Free Monthly Pass & More | Arknights: Endfield Patch 1.2 Livestream Summary
ALL Aurylene Locations Jingyu Valley | Arknights Endfield
F2P Umbral Monument Guide | Those Forsaken by the Land | Arknights: Endfield
Don't Build Hotori Wrong! Complete Hotori Guide | Best Teams, Builds, Weapons, Rotations! | NTE
Did you notice? They Hid These in Plain Sight #arknightsendfield #gaming #secret #games
AFK FARM ESSENCES EFFORTLESSLY | Severe Energy Alluvium | Arknights: Endfield Guide
Pick the RIGHT character with the selector! | NTE Guide
Delver of the Cryptic | Grotto Survey Trimmed Medal | Arknights Endfield Guide
Print Millions of Fons with your Coffee Shop | NTE Guide
ALL 7 Specialty Dish Location | Supply Exploration Day | Arknights: Endfield Event Guide
ALL Aurylene Locations in Qingbo Stockade | Arknights: Endfield Guide
GET THIS FLAME EFFECT for your Bike in Neverness to Everness | NTE Guide
Complete Beginner's Guide to Neverness to Everness | NTE Guide
Wuling Min-Maxed Factory Setup | Arknights: Endfield | Blueprints in description
