Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'LnX' = '"<SYSTEM32>\mirc.exe"'
- [<HKLM>\SOFTWARE\Classes\irc\Shell\open\command] '' = '"<SYSTEM32>\mirc.exe" -noconnect'
- [<HKLM>\SOFTWARE\Classes\ChatFile\Shell\open\command] '' = '"<SYSTEM32>\mirc.exe" -noconnect'
- '<SYSTEM32>\mirc.exe' /mirc.exe
- '%WINDIR%\regedit.exe' /S reg.dll
- '%WINDIR%\msagent\agentsvr.exe' -Embedding
- '%WINDIR%\regedit.exe' /S kayit.dll
- '%WINDIR%\regedit.exe' /S sistem\kayit.dll
- '%WINDIR%\regedit.exe' /S sistem\reg.dll
- <SYSTEM32>\remote.ini
- <SYSTEM32>\saldiri.dll
- <SYSTEM32>\reg.dll
- <SYSTEM32>\mircustom.dll
- <SYSTEM32>\nicks.dll
- <SYSTEM32>\system32\botconf.fat32
- <SYSTEM32>\aliases.ini
- <SYSTEM32>\system.dll
- <SYSTEM32>\servers.ini
- <SYSTEM32>\sysesc.dll
- <SYSTEM32>\ident.dll
- <SYSTEM32>\kayit.dll
- <SYSTEM32>\fname.dll
- <SYSTEM32>\control.ini
- <SYSTEM32>\ddos.fat32
- <SYSTEM32>\mirc68.tm_
- <SYSTEM32>\mirc69.tm_
- <SYSTEM32>\mirc67.tm_
- <SYSTEM32>\mirc.exe
- <SYSTEM32>\mirc.ini
- 'ir#.###ebekmafia.com':6667
- DNS ASK ir#.###ebekmafia.com
- ClassName: 'RegEdit_RegEdit' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'