Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'msennger' = '<SYSTEM32>\kasber.exe'
- <SYSTEM32>\norton.exe /n /fh mirc
- <SYSTEM32>\kasber.exe
- %WINDIR%\regedit.exe /s org.reg
- %WINDIR%\msagent\agentsvr.exe -Embedding
- <SYSTEM32>\scans
- <SYSTEM32>\securaq.exe
- <SYSTEM32>\ps2m.exe
- <SYSTEM32>\of.exe
- <SYSTEM32>\ournik
- <SYSTEM32>\test
- <SYSTEM32>\poiyu
- <SYSTEM32>\org.reg
- <SYSTEM32>\v1rgf
- <SYSTEM32>\u
- <SYSTEM32>\v1rg1n
- <SYSTEM32>\o1o2o3o4
- <SYSTEM32>\c
- <SYSTEM32>\cl
- <SYSTEM32>\b
- %TEMP%\GS1.tmp
- <SYSTEM32>\a
- <SYSTEM32>\d
- <SYSTEM32>\msn.dll
- <SYSTEM32>\norton.exe
- <SYSTEM32>\kasber.exe
- <SYSTEM32>\f
- <SYSTEM32>\g
- <SYSTEM32>\d.dll
- <SYSTEM32>\org.reg
- %TEMP%\GS1.tmp
- 'fl###.dynu.net':6667
- DNS ASK fl###.dynu.net
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: '' WindowName: 'mirc'
- ClassName: 'NDDEAgnt' WindowName: 'NetDDE Agent'