Техническая информация
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '<SYSTEM32>\frog.scr'
- <SYSTEM32>\frog.scr /p 65790
- <SYSTEM32>\rundll32.exe desk.cpl,InstallScreenSaver <SYSTEM32>\frog.scr
- %APPDATA%\Microsoft\Windows\Themes\Custom.theme
- %ALLUSERSPROFILE%\Start Menu\Programs\frog\Uninstall frog.lnk
- <LS_APPDATA>\Axialis\pssp0001.swf
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\success[1].php
- %PROGRAM_FILES%\Ofb1\Ofbs.dll
- %PROGRAM_FILES%\Ofb1\Uninstall.exe
- <SYSTEM32>\frog.$$A
- %PROGRAM_FILES%\Ofb1\Uninstall.$$A
- %TEMP%\Ofb1s.$$A
- %TEMP%\OpenIE_S.$$A
- %TEMP%\OFoxInstaller.$$A
- 'www.ow###rce.com':80
- 'localhost':1035
- www.ow###rce.com/tools/success.php?ip#####################################################################################
- DNS ASK www.ow###rce.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'InstItClass' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''