Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WindowsDefenderUpdater.exe' = '%ALLUSERSPROFILE%\WindowsDefenderUpdater.exe'
- windowsdefenderupdater.exe
- %ALLUSERSPROFILE%\windowsdefenderupdater.exe
- %TEMP%\system\xmrig.exe
- 'h.###4top.io':443
- DNS ASK h.###4top.io
- '%ALLUSERSPROFILE%\windowsdefenderupdater.exe'