Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18.exe' = '%APPDATA%Microsoft\System\Services\18.exe'
- %WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe
- %TEMP%\stage2.exe
- %TEMP%\stage1.exe
- %APPDATA%microsoft\system\services\18.exe
- DNS ASK xg#####tonex.no-ip.biz
- '%TEMP%\stage2.exe' x -y -o%LOCALAPPDATA%\Temp -pxnq8rPMxVI87ciGwWJHxRTy3iauHcIirteOOELv3B5vkS9kJoHBUAahY1dWxj8yA
- '%TEMP%\stage1.exe'
- '%TEMP%\stage2.exe' x -y -o%LOCALAPPDATA%\Temp -pxnq8rPMxVI87ciGwWJHxRTy3iauHcIirteOOELv3B5vkS9kJoHBUAahY1dWxj8yA' (со скрытым окном)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe'