Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'COM Surrogate' = '"%APPDATA%\COM Surrogate.exe"'
- %APPDATA%\COM Surrogate.exe
- %APPDATA%\COM Surrogate.exe
- 'cr####368.hopto.org':1604
- DNS ASK cr####368.hopto.org
- '%APPDATA%\COM Surrogate.exe'
- '<SYSTEM32>\attrib.exe' +s +h "%APPDATA%\COM Surrogate.exe"
- '<SYSTEM32>\cmd.exe' /C attrib +s +h "%APPDATA%\COM Surrogate.exe"