Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WinUpdate' = '<SYSTEM32>\Explored.exe'
- [<HKLM>\SOFTWARE\Classes\irc\Shell\open\command] '' = '"<SYSTEM32>\Explored.exe" -noconnect'
- [<HKLM>\SOFTWARE\Classes\ChatFile\Shell\open\command] '' = '"<SYSTEM32>\Explored.exe" -noconnect'
- <SYSTEM32>\kernel33.exe /c /fh mirc
- <SYSTEM32>\Explored.exe
- %WINDIR%\msagent\agentsvr.exe -Embedding
- %WINDIR%\regedit.exe /s 464.reg
- <SYSTEM32>\46602466.INS
- <SYSTEM32>\82562790.INS
- <SYSTEM32>\16263294.INS
- <SYSTEM32>\69768441.INS
- <SYSTEM32>\71793066.INS
- <SYSTEM32>\TMP1.$$$
- <SYSTEM32>\remote.ini
- <SYSTEM32>\464.reg
- <SYSTEM32>\48171491.INS
- <SYSTEM32>\mirc.ini
- <SYSTEM32>\31861617.INS
- <SYSTEM32>\37224256.INS
- <SYSTEM32>\27296716.INS
- <SYSTEM32>\0313.INS
- <SYSTEM32>\86102025.INS
- <SYSTEM32>\91723679.INS
- <SYSTEM32>\77463279.INS
- <SYSTEM32>\5972932.INS
- <SYSTEM32>\8204747.INS
- <SYSTEM32>\7058408.INS
- <SYSTEM32>\464.reg
- <SYSTEM32>\TMP1.$$$
- 'ir#.##adowfire.org':6667
- DNS ASK ir#.##adowfire.org
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'mirc' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''