Техническая информация
- [<HKLM>\SOFTWARE\Classes\irc\Shell\open\command] '' = '"<SYSTEM32>\svchots.exe" -noconnect'
- [<HKLM>\SOFTWARE\Classes\ChatFile\Shell\open\command] '' = '"<SYSTEM32>\svchots.exe" -noconnect'
- <SYSTEM32>\svchots.exe
- %WINDIR%\msagent\agentsvr.exe -Embedding
- %WINDIR%\regedit.exe /S kayit.dll
- <SYSTEM32>\7058408.INS
- <SYSTEM32>\8204747.INS
- <SYSTEM32>\system32\5972932.INS
- <SYSTEM32>\mirc.ini
- <SYSTEM32>\system32\91723679.INS
- <SYSTEM32>\86102025.INS
- <SYSTEM32>\0313.INS
- <SYSTEM32>\27296716.INS
- <SYSTEM32>\37224256.INS
- <SYSTEM32>\31861617.INS
- 'to##.#anitam.com':6669
- DNS ASK to##.#anitam.com
- '<IP-адрес в локальной сети>':1036
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''