Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Startup' = 'mirc.exe'
- [<HKLM>\SOFTWARE\Classes\irc\Shell\open\command] '' = '"<SYSTEM32>\mirc.exe" -noconnect'
- [<HKLM>\SOFTWARE\Classes\ChatFile\Shell\open\command] '' = '"<SYSTEM32>\mirc.exe" -noconnect'
- <SYSTEM32>\mirc.exe
- %WINDIR%\regedit.exe /s 327879.reg
- %WINDIR%\regedit.exe /s 915658.reg
- %WINDIR%\regedit.exe /s 342721.reg
- %WINDIR%\regedit.exe /s 469657.reg
- %WINDIR%\regedit.exe /s 466310.reg
- %WINDIR%\msagent\agentsvr.exe -Embedding
- %WINDIR%\regedit.exe /s 721350.reg
- %WINDIR%\regedit.exe /s 69772.reg
- %WINDIR%\regedit.exe /s 297050.reg
- <SYSTEM32>\69772.reg
- <SYSTEM32>\466310.reg
- <SYSTEM32>\721350.reg
- <SYSTEM32>\297050.reg
- <SYSTEM32>\469657.reg
- <SYSTEM32>\342721.reg
- <SYSTEM32>\915658.reg
- <SYSTEM32>\327879.reg
- <SYSTEM32>\up.reg
- <SYSTEM32>\Con32.dll
- <SYSTEM32>\connects
- %TEMP%\aiw266515.EXE
- <SYSTEM32>\bear.txt
- %HOMEPATH%\Start Menu\Programs\Application name\Application name Uninstaller.lnk
- %WINDIR%\Application name Uninstaller.exe
- <SYSTEM32>\mirc.exe
- <SYSTEM32>\remote.ini
- <SYSTEM32>\915658.reg
- <SYSTEM32>\466310.reg
- <SYSTEM32>\469657.reg
- <SYSTEM32>\327879.reg
- <SYSTEM32>\721350.reg
- %TEMP%\aiw266515.EXE
- <SYSTEM32>\69772.reg
- <SYSTEM32>\297050.reg
- 'www.se##izi.com':80
- www.se##izi.com/ahmet.txt
- DNS ASK www.se##izi.com
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''