Техническая информация
- [<HKLM>\SOFTWARE\Classes\irc\Shell\open\command] '' = '"<SYSTEM32>\mirc.exe" -noconnect'
- [<HKLM>\SOFTWARE\Classes\ChatFile\Shell\open\command] '' = '"<SYSTEM32>\mirc.exe" -noconnect'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'mirc' = 'mirc.exe'
- <SYSTEM32>\mirc.exe
- %WINDIR%\regedit.exe /s 713784.reg
- %WINDIR%\regedit.exe /s 13875.reg
- %WINDIR%\msagent\agentsvr.exe -Embedding
- <SYSTEM32>\mirc.exe
- <SYSTEM32>\uinput.dll
- <SYSTEM32>\stray.dll
- <SYSTEM32>\realms.ini
- <SYSTEM32>\softwares.dll
- <SYSTEM32>\13875.reg
- <SYSTEM32>\713784.reg
- <SYSTEM32>\yes.jpg
- <SYSTEM32>\trc.sys
- <SYSTEM32>\wlm.jpg
- %TEMP%\_ir_sf7_temp_0\IRIMG2.JPG
- <SYSTEM32>\value.ini
- %TEMP%\_ir_sf7_temp_0\IRIMG1.JPG
- %TEMP%\_ir_sf7_temp_0\irsetup.exe
- %TEMP%\_ir_sf7_temp_0\irsetup.dat
- <SYSTEM32>\no.jpg
- <SYSTEM32>\mirc.ini
- <SYSTEM32>\msdlg.dll
- <SYSTEM32>\cls.jpg
- <SYSTEM32>\microsoft.ico
- %TEMP%\_ir_sf7_temp_0\irsetup.exe
- <SYSTEM32>\713784.reg
- %TEMP%\_ir_sf7_temp_0\IRIMG2.JPG
- %TEMP%\_ir_sf7_temp_0\irsetup.dat
- %TEMP%\_ir_sf7_temp_0\IRIMG1.JPG
- 'www.pa####kaliye.com':80
- www.pa####kaliye.com/index4.php?ve##########################
- DNS ASK www.pa####kaliye.com
- DNS ASK www.microsoft.com
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''