Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\windowsdefender.url
- <SYSTEM32>\dllhost.exe
- %HOMEPATH%\windowsdefender\windowsdefender.vbs
- %HOMEPATH%\windowsdefender\gpscript.exe
- 'st#####iarra.ddns.net':3360
- DNS ASK st#####iarra.ddns.net
- '<SYSTEM32>\dllhost.exe'