Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'c867423b60de953fdaf180510be05ef5' = '"%APPDATA%\windows defender.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'c867423b60de953fdaf180510be05ef5' = '"%APPDATA%\windows defender.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\c867423b60de953fdaf180510be05ef5.exe
- '%LOCALAPPDATA%\tempwinlogon.exe'
- '%APPDATA%\windows defender.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\windows defender.exe" "windows defender.exe" ENABLE
- %LOCALAPPDATA%\tempwinlogon.exe
- %APPDATA%\windows defender.exe
- 'ma####9.myq-see.com':1010
- DNS ASK ma####9.myq-see.com
- ClassName: '' WindowName: 'Windows Task Manager'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\windows defender.exe" "windows defender.exe" ENABLE' (with hidden window)