Техническая информация
- [<HKLM>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'Explorer.exe sIRC4.exe'
- <SYSTEM32>\sirc4.exe
- C:\marijuana.txt
- <SYSTEM32>\xdccprograms\network setup wizard.exe
- <SYSTEM32>\xdccprograms\wireless network setup wizard.exe
- C:\rar.bat
- <SYSTEM32>\xdccprograms\chromesetup (1).exe
- <SYSTEM32>\xdccprograms\chromesetup.exe
- <SYSTEM32>\xdccprograms\wireless network setup wizard.rar
- <SYSTEM32>\xdccprograms\firefox setup 40.0.2 (1).exe
- <SYSTEM32>\xdccprograms\firefox setup 40.0.2.exe
- <SYSTEM32>\xdccprograms\firefox setup stub 40.0.2.exe
- <SYSTEM32>\xdccprograms\icq_rfrset.exe
- <SYSTEM32>\xdccprograms\jre-8u60-windows-i586-iftw (1).exe
- <SYSTEM32>\dc++ share\jre-8u60-windows-i586-iftw.exe
- <SYSTEM32>\dc++ share\mirc743.exe
- <SYSTEM32>\dc++ share\pidgin-2.10.11 (1).exe
- ClassName: 'WinRarWindow' WindowName: ''
- '<SYSTEM32>\cmd.exe' /c C:\rar.bat' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c C:\rar.bat
- '%ProgramFiles%\winrar\winrar.exe' a -idp -inul -c- -m5 "<SYSTEM32>\xdccPrograms\Wireless Network Setup Wizard" "<SYSTEM32>\xdccPrograms\Wireless Network Setup Wizard.exe"