Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'meshal' = '<SYSTEM32>\debawin\SaB.exe'
- <SYSTEM32>\debawin\dorod.exe /n /fh mirc
- <SYSTEM32>\debawin\SaB.exe
- %WINDIR%\regedit.exe /s flk23.reg
- %WINDIR%\msagent\agentsvr.exe -Embedding
- <SYSTEM32>\debawin\SaB.exe
- <SYSTEM32>\debawin\o1o2o3o4
- <SYSTEM32>\debawin\t1m3r
- <SYSTEM32>\debawin\flk23.reg
- <SYSTEM32>\debawin\temp.scr
- <SYSTEM32>\debawin\niamx
- <SYSTEM32>\debawin\demo.xt
- %TEMP%\GS1.tmp
- <SYSTEM32>\debawin\dorod.exe
- <SYSTEM32>\debawin\Invite
- <SYSTEM32>\debawin\hi
- <SYSTEM32>\debawin\flk23.reg
- %TEMP%\GS1.tmp
- 'gt#.#rshell.com':7000
- DNS ASK gt#.#rshell.com
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: '' WindowName: 'mirc'