Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Nero Burn' = '%TEMP%\nvsvc16.com'
- [<HKLM>\SOFTWARE\Classes\irc\Shell\open\command] '' = '"%TEMP%\nvsvc16.com" -noconnect'
- [<HKLM>\SOFTWARE\Classes\ChatFile\Shell\open\command] '' = '"%TEMP%\nvsvc16.com" -noconnect'
- %TEMP%\nvsvc16.com
- %WINDIR%\msagent\agentsvr.exe -Embedding
- <SYSTEM32>\attrib.exe +H +S reconfgh.dll
- <SYSTEM32>\attrib.exe +H +S mirc.ini
- %WINDIR%\regedit.exe /s o28.reg
- <SYSTEM32>\cmd.exe /c ""%TEMP%\122d.cmd" "
- %TEMP%\o28.reg
- %TEMP%\mirc.ini
- %TEMP%\remote.ini
- %TEMP%\122d.cmd
- %TEMP%\86102025.INS
- %TEMP%\0313.INS
- %TEMP%\31861617.INS
- %TEMP%\27296716.INS
- %TEMP%\reconfgh.dll
- %TEMP%\mirc.ini
- %TEMP%\122d.cmd
- %TEMP%\o28.reg
- 'ne#.##herhop.com':3030
- DNS ASK ne#.##herhop.com
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''