| description | ioc | process |
|---|
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /t" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /R" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /b" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /y" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /J" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /P" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /Q" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /w" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /Y" | 922e5bdfe56cae648449750335a4bb01a5a8ae5b8bbb7d3289ec9427fc11b37f.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /u" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /p" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /o" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /S" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /C" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /a" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /m" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /N" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /O" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /Y" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /G" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /I" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /l" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /g" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /h" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /v" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /M" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /f" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /x" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /T" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /c" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /F" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /i" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /W" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /H" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /Z" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /E" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /L" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /K" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /d" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /V" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /e" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /U" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /A" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /B" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /D" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /k" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /X" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /n" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /r" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /s" | ztdouw.exe |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztdouw = "C:\\Users\\Admin\\ztdouw.exe /q" | ztdouw.exe |
