Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'firefox' = '"%WINDIR%\temp\mirc.exe"'
- '%WINDIR%\Temp\mirc.exe'
- '<SYSTEM32>\attrib.exe' +H +S %WINDIR%\temp
- '%WINDIR%\regedit.exe' /s %WINDIR%\temp\sad.reg
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\temp\sad.bat" "
- %WINDIR%\Temp\servers.ini
- %WINDIR%\Temp\users.ini
- %WINDIR%\Temp\mirc.ini
- %WINDIR%\Temp\remote.ini
- %WINDIR%\Temp\logs\status.log
- %WINDIR%\Temp\mirc1.tm_
- %WINDIR%\Temp\sad.bat
- %WINDIR%\Temp\mirc.exe
- %WINDIR%\Temp\sad.mir
- %WINDIR%\Temp\control.ini
- %WINDIR%\Temp\aliases.ini
- %WINDIR%\Temp\away.txt
- %WINDIR%\Temp\jumbo.ico
- %WINDIR%\Temp\sad.reg
- %WINDIR%\Temp\fullname.txt
- %WINDIR%\Temp\ident.txt
- %WINDIR%\Temp\servers.ini
- %WINDIR%\Temp\remote.ini
- %WINDIR%\Temp\sad.bat
- %WINDIR%\Temp\users.ini
- %WINDIR%\Temp\mirc.ini
- %WINDIR%\Temp\control.ini
- %WINDIR%\Temp\aliases.ini
- %WINDIR%\Temp\sad.reg
- %WINDIR%\Temp\jumbo.ico
- %WINDIR%\Temp\mirc2.tm_
- %WINDIR%\Temp\mirc1.tm_ в %WINDIR%\Temp\mirc.ini
- %WINDIR%\Temp\mirc.ini в %WINDIR%\Temp\mirc2.tm_
- ClassName: 'RegEdit_RegEdit' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'