Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windl' = '%WINDIR%\Windl\mirc.exe'
- %WINDIR%\Windl\hex.exe /hide mIRC*
- %WINDIR%\Windl\mirc.exe
- %WINDIR%\msagent\agentsvr.exe -Embedding
- %WINDIR%\Windl\download.dll
- %WINDIR%\Windl\hex.exe
- %WINDIR%\Windl\servers.ini
- %WINDIR%\Windl\download\lol.jpg
- %WINDIR%\Windl\download\Thumbs.db
- %WINDIR%\Windl\mirc.exe
- %WINDIR%\Windl\serv.dll
- %WINDIR%\Windl\script.dll
- %WINDIR%\Windl\script.ini
- %WINDIR%\Windl\mirc.ini
- %WINDIR%\Windl\remote.ini
- %TEMP%\ae7459\setup.ini
- %WINDIR%\Windl\cmd\29692792.bat
- %TEMP%\ae7459\setup.zip
- %TEMP%\ae7459\setup.exe
- %TEMP%\ae7459\English.dat
- %WINDIR%\Windl\cmd\75815024.bat
- %WINDIR%\Windl\download\IRCD1.exe
- %WINDIR%\Windl\download\logo1.gif
- %WINDIR%\Windl\download\dunhill[01].jpg
- %WINDIR%\Windl\download\Canada.exe
- %WINDIR%\Windl\download\Canada01.exe
- %TEMP%\ae7459\English.dat
- %TEMP%\ae7459\setup.exe
- %TEMP%\ae7459\setup.ini
- %TEMP%\ae7459\setup.zip
- 'ga####un.hopto.org':6667
- DNS ASK ga####un.hopto.org
- ClassName: 'Shell_TrayWnd' WindowName: ''