Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SysConfig' = '<SYSTEM32>\MSDrive.exe'
- Диспетчера задач (Taskmgr)
- Редактора реестра (RegEdit)
- Компонент восстановления системы (SR)
- <SYSTEM32>\mirc.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\mirc[1].txt
- <SYSTEM32>\mirc3.bin
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\gedbot[1].txt
- <SYSTEM32>\mirc.exe
- <SYSTEM32>\mirc.ini
- <SYSTEM32>\gedbot.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\mirc3[1].bin
- <SYSTEM32>\mirc0.bin
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\mirc0[1].bin
- <SYSTEM32>\MSDrive.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\mirc1[1].bin
- <SYSTEM32>\mirc2.bin
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\mirc2[1].bin
- <SYSTEM32>\mirc1.bin
- 'al####.allhyper.com':80
- 'localhost':1035
- al####.allhyper.com/mirc3.bin
- al####.allhyper.com/mirc.txt
- al####.allhyper.com/gedbot.txt
- al####.allhyper.com/mirc0.bin
- al####.allhyper.com/mirc1.bin
- al####.allhyper.com/mirc2.bin
- DNS ASK al####.allhyper.com