Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Defender' = '%APPDATA%\Windows Defender/defender\Defender.exe'
- %APPDATA%\Windows Defender\defender\Defender.exe:ZONE.identifier
- %APPDATA%\Windows Defender\defender\Defender.exe
- from <Full path to virus> to %TEMP%\tmp1.exe
- '1o#.#o-ip.info':5660
- DNS ASK 1o#.#o-ip.info
- ClassName: 'Indicator' WindowName: '(null)'