Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'msennger' = '<SYSTEM32>\system drive\kasber.exe'
- '<SYSTEM32>\system drive\norton.exe' /n /fh mirc
- '<SYSTEM32>\system drive\kasber.exe'
- '%WINDIR%\regedit.exe' /s org.reg
- '%WINDIR%\msagent\agentsvr.exe' -Embedding
- <SYSTEM32>\system drive\ournik
- <SYSTEM32>\system drive\poiyu
- <SYSTEM32>\system drive\of.exe
- <SYSTEM32>\system drive\norton.exe
- <SYSTEM32>\system drive\o1o2o3o4
- <SYSTEM32>\system drive\v1rgf
- <SYSTEM32>\system drive\org.reg
- <SYSTEM32>\system drive\u
- <SYSTEM32>\system drive\ps2m.exe
- <SYSTEM32>\system drive\test
- <SYSTEM32>\system drive\c
- <SYSTEM32>\system drive\d
- <SYSTEM32>\system drive\b
- %TEMP%\GS1.tmp
- <SYSTEM32>\system drive\a
- <SYSTEM32>\system drive\kasber.exe
- <SYSTEM32>\system drive\msn.dll
- <SYSTEM32>\system drive\g
- <SYSTEM32>\system drive\e
- <SYSTEM32>\system drive\f
- <SYSTEM32>\system drive\d.dll
- <SYSTEM32>\system drive\org.reg
- %TEMP%\GS1.tmp
- 'fe##.#nsdojo.com':5555
- DNS ASK fe##.#nsdojo.com
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: '' WindowName: 'mirc'
- ClassName: 'NDDEAgnt' WindowName: 'NetDDE Agent'