Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '8d3f0d5660b5fa2b8e8c78c2be4b7568' = '"%TEMP%\WindowsDefender.exe" ..'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] '8d3f0d5660b5fa2b8e8c78c2be4b7568' = '"%TEMP%\WindowsDefender.exe" ..'
- %HOMEPATH%\start menu\programs\startup\8d3f0d5660b5fa2b8e8c78c2be4b7568.exe
- [<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\WindowsDefender.exe' = '%TEMP%\WindowsDefender.exe:*:Enable...
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\WindowsDefender.exe" "WindowsDefender.exe" ENABLE
- %TEMP%\windowsdefender.exe
- <Full path to file>
- %TEMP%\windowsdefender.exe
- '17#.#05.61.83':5552
- '%TEMP%\windowsdefender.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\WindowsDefender.exe" "WindowsDefender.exe" ENABLE' (with hidden window)