Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'COM Surrogate' = '"%APPDATA%\COM Surrogate.exe"'
- '%APPDATA%\COM Surrogate.exe'
- '%APPDATA%\1337\ivan[2].exe'
- '<SYSTEM32>\attrib.exe' +s +h "%APPDATA%\COM Surrogate.exe"
- '<SYSTEM32>\cmd.exe' /C attrib +s +h "%APPDATA%\COM Surrogate.exe"
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %APPDATA%\1337\image23.jpg
- COM Surrogate.exe
- %APPDATA%\1337\ivan[2].exe
- %APPDATA%\COM Surrogate.exe
- %TEMP%\nsy2.tmp
- %APPDATA%\1337\image23.jpg
- %APPDATA%\COM Surrogate.exe
- %TEMP%\nsd3.tmp\System.dll
- '19#.#28.124.91':4444
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''