Technical Information
- %HOMEPATH%\start menu\programs\startup\defender.exe
- %HOMEPATH%\start menu\programs\startup\process.exe
- %APPDATA%\microsoft\windows\start menu\programs\startup\defender.exe
- %APPDATA%\microsoft\windows\start menu\programs\startup\process.exe
- %TEMP%\6872.tmp\6883.tmp\6884.bat
- %APPDATA%\defender.exe
- %APPDATA%\process.exe
- %APPDATA%\defender.exe
- %APPDATA%\process.exe
- %TEMP%\6872.tmp\6883.tmp\6884.bat
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\6872.tmp\6883.tmp\6884.bat <Full path to file>"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\6872.tmp\6883.tmp\6884.bat <Full path to file>"