Technical Information
- %APPDATA%\dessi.exe (downloaded from the Internet)
- %APPDATA%\ashoutxt.exe (downloaded from the Internet) /nogui %APPDATA%\ashoutxt.txt
- %APPDATA%\ahresbhv.exe (downloaded from the Internet)
- %APPDATA%\ahaScr.exe (downloaded from the Internet)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\SL6TKFAX\bspnja[1].jpg
- %APPDATA%\dessi.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\bspnja[1].gif
- %APPDATA%\ashoutxt.txt
- %APPDATA%\ashoutxt.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\prop[1].gif
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\didi[1].gif
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\upril[1].gif
- %APPDATA%\ahaScr.exe
- %APPDATA%\ahresbhv.exe
- 'au####casvaldir.com':80
- au####casvaldir.com/vovo/bspnja.jpg
- au####casvaldir.com/vovo/bspnja.gif
- au####casvaldir.com/lulu/upril.gif
- au####casvaldir.com/lulu/didi.gif
- au####casvaldir.com/lulu/prop.gif
- DNS ASK au####casvaldir.com
- ClassName: 'Shell_TrayWnd' WindowName: ''