Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'WindowsDefender' = 'regsvr32.exe /s "%PROGRAMDATA%\Software\Microsoft\Windows\Defender\AutoUpdate.dll"'
- %PROGRAMDATA%\software\microsoft\windows\defender\autoupdate.dll
- %PROGRAMDATA%\temp\8957.tmp.bat
- http://se#######confirm.bmail-org.com//?m=#############
- http://se#######confirm.bmail-org.com//?m=##################################################
- http://se#######confirm.bmail-org.com//?m=##############################################################
- DNS ASK se#######confirm.bmail-org.com
- '%WINDIR%\syswow64\regsvr32.exe' /s "%PROGRAMDATA%\Software\Microsoft\Windows\Defender\AutoUpdate.dll"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c %PROGRAMDATA%\temp\8957.tmp.bat
- '%WINDIR%\syswow64\regsvr32.exe' /s "%PROGRAMDATA%\Software\Microsoft\Windows\Defender\AutoUpdate.dll"