Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\AShld] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\AShld] 'ImagePath' = '%ALLUSERSPROFILE%\DRM\AShld\AShld.exe'
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\msiexec.exe
- %TEMP%\RarSFX0\AShldRes.dll
- %TEMP%\RarSFX0\AShld.exe
- %TEMP%\RarSFX0\AShldRes.DLL.asr
- %TEMP%\RarSFX0\Start.exe
- %ALLUSERSPROFILE%\Application Data\McAfee\MCLOGS\VirusScan\AShld\AShld000.log
- %ALLUSERSPROFILE%\DRM\AShld\AShldRes.DLL
- %ALLUSERSPROFILE%\DRM\AShld\AShldRes.DLL.asr
- %ALLUSERSPROFILE%\DRM\AShld\AShld.exe
- %ALLUSERSPROFILE%\DRM\AShld\cacybbzcwpxbbxg
- %ALLUSERSPROFILE%\DRM\AShld\AShldRes.DLL
- %ALLUSERSPROFILE%\DRM\AShld\AShldRes.DLL.asr
- %ALLUSERSPROFILE%\DRM\AShld\AShld.exe
- %TEMP%\RarSFX0\AShld.exe
- 'fa###.hsats.com':80
- 'ya###x.xicp.net':80
- http://fa###.hsats.com/CE2C866809C2C6FF0052B92B
- http://ya###x.xicp.net/AB2ED510735DCE9FB94D8FF2
- http://fa###.hsats.com/B99D61CBEE6315B877D3C860
- DNS ASK fa###.hsats.com
- DNS ASK ya###x.xicp.net
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- '%TEMP%\RarSFX0\Start.exe'
- '%TEMP%\RarSFX0\AShld.exe'
- '%ALLUSERSPROFILE%\DRM\AShld\AShld.exe'
- '<SYSTEM32>\svchost.exe'
- '<SYSTEM32>\msiexec.exe'