Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'f810b94140b8d8db35ce472eb9f41cc2' = '"%TEMP%\windows defender.exe" ..'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'f810b94140b8d8db35ce472eb9f41cc2' = '"%TEMP%\windows defender.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\f810b94140b8d8db35ce472eb9f41cc2.exe
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\windows defender.exe" "windows defender.exe" ENABLE
- %TEMP%\windows defender.exe
- 'fo###.no-ip.info':1177
- DNS ASK fo###.no-ip.info
- '%TEMP%\windows defender.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\windows defender.exe" "windows defender.exe" ENABLE' (with hidden window)