Technical Information
- Registry Editor (RegEdit)
- '<SYSTEM32>\net.exe' stop "WinDefend"
- %TEMP%\8cc4.tmp\8cd5.bat
- <Current directory>\r37.malw
- C:\r37.malw
- C:\users\r37.malw
- %HOMEPATH%\r37.malw
- %APPDATA%\r37.malw
- %TEMP%\r37.malw
- %HOMEPATH%\desktop\r37.malw
- %HOMEPATH%\downloads\r37.malw
- %WINDIR%\r37.malw
- <SYSTEM32>\r37.malw
- <Current directory>\rmdlr
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\8CC4.tmp\8CD5.bat <Full path to file>"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\8CC4.tmp\8CD5.bat <Full path to file>"
- '<SYSTEM32>\net1.exe' stop "WinDefend"
- '<SYSTEM32>\reg.exe' add HKLM\Software\Policies\Microsoft\WindowsDefender /v DisableAntiSpyware /t REG_DWORD /d 1 /f
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 00000001 /f