Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'meshal' = '<SYSTEM32>\Change\m3sh0.exe'
- <SYSTEM32>\Change\dorod.exe /n /fh mirc
- <SYSTEM32>\Change\m3sh0.exe
- %WINDIR%\regedit.exe /s flk23.reg
- %WINDIR%\msagent\agentsvr.exe -Embedding
- <SYSTEM32>\Change\o1o2o3o4
- <SYSTEM32>\Change\niamx
- <SYSTEM32>\Change\remote.ini
- <SYSTEM32>\Change\flk23.reg
- <SYSTEM32>\Change\t1m3r
- <SYSTEM32>\Change\demo.xt
- %TEMP%\GS1.tmp
- <SYSTEM32>\Change\dorod.exe
- <SYSTEM32>\Change\m3sh0.exe
- <SYSTEM32>\Change\hi
- <SYSTEM32>\Change\flk23.reg
- %TEMP%\GS1.tmp
- 'al#.##gimaes.com':2010
- DNS ASK al#.##gimaes.com
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: '' WindowName: 'mirc'