File size: 116142 bytes
CRC32: F65E7109
MD5: 5E1AE637F21056C6385D84468E31588E
SHA-1: 2C7B4A6FB1499906457B0C32A896F192679010EE
===================================================
Create file
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\herss.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ cvasds0 (0-9)
X:\ 10nb.exe
X:\2o1ajagt
X:\autorun.inf
Download file
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\am1.rar
Extract file
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\am1.exe
Keys added
HKLM\SOFTWARE\Classes\CLSID\MADOWN
Values added
HKLM\SOFTWARE\Classes\CLSID\MADOWN\urlinfo: "dsa21ss.x"
HKCU\ Software\Microsoft\Windows\CurrentVersion\Run\
cdoosoft: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\herss.exe"
Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Folder\Hidden\SHOWALL\CheckedValue: 0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Hidden: 0x00000002
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
ShowSuperHidden: 0x00000000
HKCU\ Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDriveTypeAutoRun: 0x00000091
