Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'msngers' = '<SYSTEM32>\fvist.com'
- <SYSTEM32>\sohid.com /n /fh mirc az1z
- <SYSTEM32>\fvist.com
- %WINDIR%\regedit.exe /s orgs.reg
- %WINDIR%\msagent\agentsvr.exe -Embedding
- <SYSTEM32>\sohid.com
- <SYSTEM32>\sostop.exe
- <SYSTEM32>\spn1k.dll
- <SYSTEM32>\psme2.exe
- <SYSTEM32>\nmessd.dll
- <SYSTEM32>\NTSX.exe
- <SYSTEM32>\org.reg
- <SYSTEM32>\xl4m3r.dll
- <SYSTEM32>\ybn3e.dll
- <SYSTEM32>\ybn4e.dll
- <SYSTEM32>\orgs.reg
- <SYSTEM32>\ybn2e.dll
- <SYSTEM32>\xxx-spam.dll
- <SYSTEM32>\xxxx-inviter.dll
- <SYSTEM32>\ybn1e.dll
- <SYSTEM32>\NITE.exe
- <SYSTEM32>\comqsss.dll
- <SYSTEM32>\dbqp.fon
- <SYSTEM32>\dmans.dll
- <SYSTEM32>\colfld.dll
- %TEMP%\GS1.tmp
- <SYSTEM32>\cl.dll
- <SYSTEM32>\cnick.dll
- <SYSTEM32>\dnmssa.dll
- <SYSTEM32>\mansor.exe
- <SYSTEM32>\na4.dll
- <SYSTEM32>\neiom.dll
- <SYSTEM32>\jGuest.dll
- <SYSTEM32>\eciysaw.dll
- <SYSTEM32>\fvist.com
- <SYSTEM32>\identzsa.dll
- <SYSTEM32>\dmans.dll
- <SYSTEM32>\orgs.reg
- %TEMP%\GS1.tmp
- 'he#.##-picssite.com':6698
- DNS ASK he#.##-picssite.com
- DNS ASK ir#.##waitarmy.net
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'NDDEAgnt' WindowName: 'NetDDE Agent'
- ClassName: 'az1z' WindowName: 'mirc'