Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '12CFG214-K641-11SF-N33P' = 'C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1077\vslmq.exe'
- %WINDIR%\Explorer.EXE
- C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1077\Desktop.ini
- C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1077\vslmq.exe
- C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1077\vslmq.exe
- 'po###.#lwaysproxy.info':1199
- DNS ASK po###.#lwaysproxy.info
- ClassName: '(null)' WindowName: 'Registry Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'File Monitor - Sysinternals: www.sysinternals.com'
- ClassName: '(null)' WindowName: 'The Wireshark Network Analyzer'
- ClassName: '(null)' WindowName: 'Process Monitor - Sysinternals: www.sysinternals.com'