Technical Information
- <SYSTEM32>\cmd.exe
- %TEMP%\a7d3.tmp\a7e4.tmp\a7e5.bat
- %TEMP%\a7d3.tmp\bypass.exe
- %TEMP%\a7d3.tmp\process.exe
- %TEMP%\a7d3.tmp\microsoft edge.exe
- %TEMP%\defender.exe
- %TEMP%\autbefb.tmp
- %TEMP%\yleqsad
- %WINDIR%\temp\autc5dd.tmp
- %WINDIR%\temp\jxuryuw
- %TEMP%\autbefb.tmp
- %TEMP%\yleqsad
- %WINDIR%\temp\autc5dd.tmp
- %WINDIR%\temp\jxuryuw
- %TEMP%\defender.exe
- %ALLUSERSPROFILE%\ntuser.pol
- %HOMEPATH%\ntuser.pol
- %ALLUSERSPROFILE%\tempntuser.pol
- '%TEMP%\a7d3.tmp\bypass.exe'
- '%TEMP%\defender.exe' /D
- '%TEMP%\defender.exe' /SYS 1
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\A7D3.tmp\A7E4.tmp\A7E5.bat <Full path to file>"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\A7D3.tmp\A7E4.tmp\A7E5.bat <Full path to file>"
- '<SYSTEM32>\gpscript.exe' /RefreshSystemParam
- '<SYSTEM32>\raserver.exe' /offerraupdate