Техническая информация
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '' = '%TEMP%\'
- [<HKLM>\System\CurrentControlSet\Services\aszjh] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\aszjh] 'ImagePath' = '<SYSTEM32>\nmaehl.exe'
- [<HKLM>\System\CurrentControlSet\Services\Natiaonal Safe Meadi] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Natiaonal Safe Meadi] 'ImagePath' = '%TEMP%\Server_se.exe'
- %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\upnp device host\upnphost\udhisapi.dll
- %TEMP%\$filenumbere.txt
- %TEMP%\$filenumber.txt
- %TEMP%\server_se.exe
- %TEMP%\aszjh_ser_se.exe
- %WINDIR%\syswow64\nmaehl.exe
- %TEMP%\1.wmv
- %TEMP%\$filenumbere.txt
- %TEMP%\$filenumber.txt
- %TEMP%\aszjh_ser_se.exe
- 'localhost':8080
- 'localhost':2013
- DNS ASK ls####.codns.com
- '23#.#55.255.250':1900
- ClassName: 'WMPlayerApp' WindowName: ''
- ClassName: '\MSITPro::EventQueue' WindowName: ''
- ClassName: 'Type32_Main_Window' WindowName: ''
- '%TEMP%\server_se.exe'
- '%TEMP%\aszjh_ser_se.exe'
- '%WINDIR%\syswow64\nmaehl.exe'
- '%WINDIR%\syswow64\cmd.exe' /c del %TEMP%\ASZJH_~1.EXE > nul' (со скрытым окном)
- '%ProgramFiles(x86)%\windows media player\wmplayer.exe' /prefetch:7 /Open "%TEMP%\1.wmv"
- '%WINDIR%\syswow64\cmd.exe' /c del %TEMP%\ASZJH_~1.EXE > nul