Техническая информация
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'FlashHel' = 'D:\Program Files\FlsahRpraio.exe'
- <Текущая директория>exuikrnln.dll
- %WINDIR%\exuikrnln.dll
- %WINDIR%\syswow64\exuikrnln.dll
- D:\program files\flsahrpraio.exe
- D:\program files\flsahrpraio.exe
- 'da######.##s-cn-beijing.aliyuncs.com':80
- 'fr###.l52l.com':443
- 'cr#.###st-provider.cn':80
- 'microsoft.com':80
- 'lx####te.yikull.com':33345
- 'ds#.#53l.com':1976
- http://da######.##s-cn-beijing.aliyuncs.com/dh_pz/wz.txt
- http://cr#.###st-provider.cn/TrustAsiaRSADVTLSCAG2.crt
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- 'fr###.l52l.com':443
- 'lx####te.yikull.com':33345
- 'ds#.#53l.com':1976
- DNS ASK da######.##s-cn-beijing.aliyuncs.com
- DNS ASK fr###.l52l.com
- DNS ASK cr#.###st-provider.cn
- DNS ASK microsoft.com
- DNS ASK lx####te.yikull.com
- DNS ASK ds#.#53l.com
- ClassName: '' WindowName: 'FlsahRpraio.exe'
- 'D:\program files\flsahrpraio.exe'
- 'D:\program files\flsahrpraio.exe' ' (со скрытым окном)