Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Root' = '%WINDIR%\inf\erloge.com'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SysClean' = '%WINDIR%\inf\erloge.com'
- [<HKLM>\SOFTWARE\Classes\ChatFile\Shell\open\command] '' = '"%WINDIR%\inf\erloge.com" -noconnect'
- [<HKLM>\SOFTWARE\Classes\irc\Shell\open\command] '' = '"%WINDIR%\inf\erloge.com" -noconnect'
- %WINDIR%\inf\erloge.com
- <SYSTEM32>\attrib.exe +H +S erloge.com
- %WINDIR%\msagent\agentsvr.exe -Embedding
- <SYSTEM32>\attrib.exe +H +S Fat32.ini
- <SYSTEM32>\attrib.exe +H +S program.msi
- %WINDIR%\regedit.exe /s m32.reg
- %WINDIR%\regedit.exe /s l55.reg
- <SYSTEM32>\attrib.exe +H +S dbqp.fon
- <SYSTEM32>\cmd.exe /c ""%WINDIR%\inf\vb2d.cmd" "
- %WINDIR%\inf\m32.reg
- %WINDIR%\inf\l55.reg
- %WINDIR%\inf\Fat32.ini
- %WINDIR%\inf\vb2d.cmd
- %WINDIR%\inf\dbqp.fon
- %WINDIR%\inf\86102025.INS
- %WINDIR%\inf\0313.INS
- %WINDIR%\inf\31861617.INS
- %WINDIR%\inf\27296716.INS
- %WINDIR%\inf\program.msi
- %WINDIR%\inf\Fat32.ini
- %WINDIR%\inf\dbqp.fon
- %WINDIR%\inf\erloge.com
- %WINDIR%\inf\vb2d.cmd
- %WINDIR%\inf\m32.reg
- %WINDIR%\inf\l55.reg
- 'x.##nr.net':3921
- DNS ASK x.##nr.net
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''