Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\windows defender update.vbs
- %APPDATA%\microsoft\windows\start menu\v.ps1
- %HOMEPATH%\musicapp.exe
- 'dl.#####oxusercontent.com':443
- 'mi#######-defender-2020.16-b.it':250
- DNS ASK dl.#####oxusercontent.com
- DNS ASK mi#######-defender-2020.16-b.it
- '%HOMEPATH%\musicapp.exe'
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -windo 1 -noexit -exec bypass -file "%HOMEPATH%/AppData\Roaming\Microsoft\Windows\Start Menu\v.ps1"' (with hidden window)
- '%WINDIR%\syswow64\wscript.exe' "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Windows Defender Update.vbs"
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -windo 1 -noexit -exec bypass -file "%HOMEPATH%/AppData\Roaming\Microsoft\Windows\Start Menu\v.ps1"