Техническая информация
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\Startup.lnk
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] 'C:\Default\Surrogate.exe' = 'C:\Default\Surrogate.exe:*:Enabled:start'
- '<SYSTEM32>\wscript.exe' "C:\Default\Surrogate.vbe"
- '<SYSTEM32>\wscript.exe' "C:\Default\right.vbe"
- C:\Default\ComSystem.exe
- %TEMP%\~SBA.tmp
- %TEMP%\~SB9.tmp
- C:\Default\right.vbe
- C:\Default\album.url
- C:\Default\Surrogate.vbe
- C:\Default\Surrogate.exe
- %TEMP%\~SB8.tmp
- %TEMP%\LSB3.tmp
- %TEMP%\LSB2.tmp
- %TEMP%\LSB1.tmp
- %TEMP%\~SB4.tmp
- %TEMP%\~SB7.tmp
- %TEMP%\~SB6.tmp
- %TEMP%\~SB5.tmp
- %TEMP%\ff679f80-2a55-11e4-4823-0001d8c70029\x64.exe
- %TEMP%\~SB4.tmp
- %TEMP%\~SB8.tmp
- %TEMP%\LSB3.tmp
- %TEMP%\LSB2.tmp
- %TEMP%\~SB9.tmp
- %TEMP%\LSB1.tmp
- %TEMP%\~SBA.tmp
- %TEMP%\~SB6.tmp
- %TEMP%\~SB5.tmp
- %TEMP%\~SB7.tmp в %TEMP%\ff679f80-2a55-11e4-4823-0001d8c70029\x64.exe
- 'www.us#.com':80
- 'localhost':1037
- www.us#.com/Bprf575
- DNS ASK www.us#.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''