{
	"id": "15f11f83-9f00-45bc-9547-4d64c1ddfd38",
	"created_at": "2026-04-06T00:19:00.952362Z",
	"updated_at": "2026-04-10T03:22:00.602847Z",
	"deleted_at": null,
	"sha1_hash": "0da1182aaffb8e3924d8a4480a7c62b39635627f",
	"title": "GitHub - wgpsec/CreateHiddenAccount: A tool for creating hidden accounts using the registry || 一个使用注册表创建隐藏帐户的工具",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1415832,
	"plain_text": "GitHub - wgpsec/CreateHiddenAccount: A tool for creating hidden\r\naccounts using the registry || 一个使用注册表创建隐藏帐户的工具\r\nBy teamssix\r\nArchived: 2026-04-05 17:46:21 UTC\r\nStars 491\r\n iissssuueess 22 ooppeenn rreelleeaassee v0.2 aauutthhoorr TTeeaammssSSiixx WWggppSSeecc 狼狼组组安安全全团团队队\r\n中文 | EN\r\nTool Introduction\r\nThere are two common ways to create a hidden account. One is to add the $ sign directly after the user name to\r\ncreate it, and the other is to use the registry to clone the user to create. .\r\nSo I wondered if I could implement the process of cloning accounts using the registry. After searching on the\r\nInternet, I couldn't find a convenient tool, so I wrote one myself.\r\nIn addition to adding hidden accounts, the tool also adds functions to check hidden accounts and delete hidden\r\naccounts, so that both the red team and the blue team can use this tool.\r\n**DISCLAIMER: DO NOT USE THE TOOL FOR ILLEGAL USE, THE DEVELOPER IS NOT\r\nRESPONSIBLE OR RESPONSIBLE FOR ANY MISUSE OR DAMAGE. **\r\nDownload Link\r\nhttps://github.com/wgpsec/CreateHiddenAccount\r\nPage 1 of 6\n\nhttps://github.com/wgpsec/CreateHiddenAccount/releases\r\nCreateHiddenAccount.exe BypassAV works better\r\nCreateHiddenAccount_upx.exe Smaller size\r\nHelp Information\r\nUse CreateHiddenAccount.exe -h for help\r\n-c Check the hidden accounts of the current system\r\n-cu Set clone user (default \"Administrator\")\r\n-d Set delete username, If the username does not end with a $ sign, a $ sign will be added automatically\r\n-oc Only create hidden users, do not clone users by modifying the registry\r\n-p Set password\r\n-u Set username, If the username does not end with a $ sign, a $ sign will be added automatically\r\n-v View version\r\n✨ Example\r\nAdd a hidden account with the user name teamssix, the tool will automatically add the $ character after the user\r\nname, so the created user name is teamssix$\r\nWhen using, remember to run under administrator privileges, otherwise it will prompt insufficient privileges.\r\n CreateHiddenAccount.exe -u teamssix -p Passw0rd\r\nhttps://github.com/wgpsec/CreateHiddenAccount\r\nPage 2 of 6\n\nSelect the username you want to clone\r\nCreateHiddenAccount.exe -u teamssix2 -p Passw0rd -cu test\r\nhttps://github.com/wgpsec/CreateHiddenAccount\r\nPage 3 of 6\n\nOnly create hidden users, do not modify the registry\r\nCreateHiddenAccount.exe -u teamssix3 -p Passw0rd -oc\r\nCheck the hidden accounts of the current system.\r\n CreateHiddenAccount.exe -c\r\nhttps://github.com/wgpsec/CreateHiddenAccount\r\nPage 4 of 6\n\nDelete the teamssix hidden account\r\n CreateHiddenAccount.exe -d teamssix\r\nIn the end, if there is any bug to open an issue, the Star will be gone, you know.\r\n⚠️ Notice\r\nThe tool requires administrator privileges to run\r\nThis tool is not guaranteed to work properly on 32-bit systems\r\nhttps://github.com/wgpsec/CreateHiddenAccount\r\nPage 5 of 6\n\nOn the domain controller machine, this tool will only add hidden users and will not modify the registry,\r\nbecause on the domain controller machine, user information is not stored in the registry.\r\nIf the control panel shows that there is a hidden user, but both tools and net user show that the user does not\r\nexist, then when the computer restarts, the hidden user in the control panel will disappear.\r\nThe tool will automatically add the $ character to the username without the $ character. For example, if -u\r\nspecifies the user name as teamssix, the actual account added is teamssix$; if -u specifies the user name as\r\nteamssix$, then the actual added account is or teamssix$\r\nThe purpose of this is because if the user name does not have the $ character, then hiding the\r\nuser is meaningless. If you just want to add an account, just use net user directly.\r\nChangelog\r\nv0.2 2021.1.18\r\nEnhanced the ability to detect hidden accounts\r\nAdded ability to select clone user\r\nAdded the function of only creating hidden users without modifying the registry\r\nAdded tool version display\r\nv0.1 2021.1.17\r\nSource: https://github.com/wgpsec/CreateHiddenAccount\r\nhttps://github.com/wgpsec/CreateHiddenAccount\r\nPage 6 of 6",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://github.com/wgpsec/CreateHiddenAccount"
	],
	"report_names": [
		"CreateHiddenAccount"
	],
	"threat_actors": [],
	"ts_created_at": 1775434740,
	"ts_updated_at": 1775791320,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/0da1182aaffb8e3924d8a4480a7c62b39635627f.pdf",
		"text": "https://archive.orkl.eu/0da1182aaffb8e3924d8a4480a7c62b39635627f.txt",
		"img": "https://archive.orkl.eu/0da1182aaffb8e3924d8a4480a7c62b39635627f.jpg"
	}
}