Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WinReg' = '<SYSTEM32>\mouse\svchost.exe'
- [<HKLM>\SOFTWARE\Classes\irc\Shell\open\command] '' = '"<SYSTEM32>\mouse\svchost.exe"'
- [<HKLM>\SOFTWARE\Classes\ChatFile\Shell\open\command] '' = '"<SYSTEM32>\mouse\svchost.exe"'
- '<SYSTEM32>\mouse\rundll32.exe' mIRC
- '<SYSTEM32>\mouse\svchost.exe'
- '%WINDIR%\msagent\agentsvr.exe' -Embedding
- <SYSTEM32>\mouse\Quote.ini
- <SYSTEM32>\mouse\TMP1.$$$
- <SYSTEM32>\mouse\Silence.ini
- <SYSTEM32>\mouse\nick.ini
- <SYSTEM32>\mouse\takenick.ini
- <SYSTEM32>\mouse\TMP5.$$$
- <SYSTEM32>\mouse\TMP6.$$$
- <SYSTEM32>\mouse\TMP4.$$$
- <SYSTEM32>\mouse\TMP2.$$$
- <SYSTEM32>\mouse\TMP3.$$$
- <SYSTEM32>\mouse\remote.ini
- <SYSTEM32>\mouse\rundll.exe
- <SYSTEM32>\mouse\reg.dll
- <SYSTEM32>\mouse\control.ini
- <SYSTEM32>\mouse\mirc.ini
- <SYSTEM32>\mouse\win.com
- <SYSTEM32>\mouse\win.ini
- <SYSTEM32>\mouse\vir.exe
- <SYSTEM32>\mouse\rundll32.exe
- <SYSTEM32>\mouse\svchost.exe
- <SYSTEM32>\mouse\TMP4.$$$
- <SYSTEM32>\mouse\TMP5.$$$
- <SYSTEM32>\mouse\TMP6.$$$
- <SYSTEM32>\mouse\TMP1.$$$
- <SYSTEM32>\mouse\TMP2.$$$
- <SYSTEM32>\mouse\TMP3.$$$
- 'pr#######.nj.us.undernet.org':6667
- 'lo#####.uk.eu.undernet.org':6667
- 'mi###.##.eu.undernet.org':6667
- DNS ASK Pr#######.NJ.US.Undernet.Org
- DNS ASK lo#####.uk.eu.undernet.org
- DNS ASK Mi###.##.EU.Undernet.Org
- ClassName: 'NDDEAgnt' WindowName: 'NetDDE Agent'
- ClassName: '(null)' WindowName: 'mIRC'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'