Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = '%APPDATA%\.exe'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Windows DefenderВ®' = '%APPDATA%\Windows\windef.exe'
- %APPDATA%\.exe
- %TEMP%\applaunch\app.ine
- %APPDATA%\windows\windef.exe
- %TEMP%\applaunch\.exe
- %APPDATA%\windows\windef.exe
- from %TEMP%\applaunch\app.ine to %TEMP%\applaunch\.exe
- DNS ASK ve##x.net
- '%APPDATA%\windows\windef.exe'
- '%WINDIR%\microsoft.net\framework\v2.0.50727\dw20.exe' -x -s 904
- '%WINDIR%\microsoft.net\framework\v2.0.50727\dw20.exe' -x -s 612