Access is denied.

[Papotito123]

Hello: This is an issue that happens all of sudden. Not too much times but some times.Could be any with any command. AVAST is Disabled.I'm connected to Internet.

C:\Users\TESTACCOUNT\Downloads\NTHASH-FPC-master(18OCT2020)\NTHASH-FPC-master\NTHASH-FPC-master\NTHASH>NTHASH-win64.exe /decodeblob /binary:.\data.blob Access is denied.

I can open new cmd.Doesn't resolves. I have to rename the original folder(master folder) and extract NTHASH.zip again.Then in a new cmd will works good again.

Thanks again.

[erwan2212]

To me this is your AV and a behavioral detection setting : -nthash will run once and perform some suspcious activity -your av will flag it (path and/or some hash) and delete it -unzipping to a new folder will do the trick until next time

[Papotito123]

Hello: This " block" happens very rarely. Maybe running too much commands for some hours could trigger something in the background even with the thid-party AV turned OFF.This latest time occured when running from a .bat in a USB pendrive for huge time (trying to make the .bat work good)

As this happened when I starting to use nthash , I just escape the situation by deleting folder and extracting again.

Thanks.

[erwan2212]

what worries me is that your AV seems to trigger on harmless commands like decodeblob. all decodeblob does is read a file.

still, in the meantime i have reviewed my code a bit so that I am less agressive/demanding when opening a handle to lsass process. i dont expect this to be magical but my code is more "os" friendly so.

[erwan2212]

Closing this one. Cannot do much about either windows or av behavior detection.