Technical Information
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'run' = '<SYSTEM32>\shellext\svchost.exe'
- [<HKLM>\SOFTWARE\Classes\irc\Shell\open\command] '' = '"<SYSTEM32>\shellext\svchost.exe"'
- [<HKLM>\SOFTWARE\Classes\ChatFile\Shell\open\command] '' = '"<SYSTEM32>\shellext\svchost.exe"'
- '<SYSTEM32>\ShellExt\svchost.exe'
- '%WINDIR%\msagent\agentsvr.exe' -Embedding
- <SYSTEM32>\ShellExt\notify.ini
- <SYSTEM32>\ShellExt\operator.ini
- <SYSTEM32>\ShellExt\partmsg.ini
- <SYSTEM32>\ShellExt\kick.txt
- <SYSTEM32>\ShellExt\mirc.ini
- <SYSTEM32>\ShellExt\nick.txt
- <SYSTEM32>\ShellExt\servers.ini
- <SYSTEM32>\ShellExt\svchost.exe
- <SYSTEM32>\ShellExt\updater.ini
- <SYSTEM32>\ShellExt\perform.ini
- <SYSTEM32>\ShellExt\remote.ini
- <SYSTEM32>\ShellExt\scr.ini
- <SYSTEM32>\ShellExt\IRC.ICO
- <SYSTEM32>\ShellExt\channels.txt
- <SYSTEM32>\ShellExt\conn.ini
- <SYSTEM32>\ShellExt\control.ini
- <SYSTEM32>\ShellExt\add.txt
- <SYSTEM32>\ShellExt\aliases.ini
- <SYSTEM32>\ShellExt\away.txt
- <SYSTEM32>\ShellExt\greet.ini
- <SYSTEM32>\ShellExt\ident.txt
- <SYSTEM32>\ShellExt\injuraturi.txt
- <SYSTEM32>\ShellExt\engine.ini
- <SYSTEM32>\ShellExt\flood.txt
- <SYSTEM32>\ShellExt\fullname.txt
- <SYSTEM32>\ShellExt\notify.ini
- <SYSTEM32>\ShellExt\operator.ini
- <SYSTEM32>\ShellExt\partmsg.ini
- <SYSTEM32>\ShellExt\kick.txt
- <SYSTEM32>\ShellExt\mirc.ini
- <SYSTEM32>\ShellExt\nick.txt
- <SYSTEM32>\ShellExt\servers.ini
- <SYSTEM32>\ShellExt\svchost.exe
- <SYSTEM32>\ShellExt\updater.ini
- <SYSTEM32>\ShellExt\perform.ini
- <SYSTEM32>\ShellExt\remote.ini
- <SYSTEM32>\ShellExt\scr.ini
- <SYSTEM32>\ShellExt\IRC.ICO
- <SYSTEM32>\ShellExt\channels.txt
- <SYSTEM32>\ShellExt\conn.ini
- <SYSTEM32>\ShellExt\control.ini
- <SYSTEM32>\ShellExt\add.txt
- <SYSTEM32>\ShellExt\aliases.ini
- <SYSTEM32>\ShellExt\away.txt
- <SYSTEM32>\ShellExt\greet.ini
- <SYSTEM32>\ShellExt\ident.txt
- <SYSTEM32>\ShellExt\injuraturi.txt
- <SYSTEM32>\ShellExt\engine.ini
- <SYSTEM32>\ShellExt\flood.txt
- <SYSTEM32>\ShellExt\fullname.txt
- 'me##.##.us.undernet.org':7000
- 'lo#######s2.ca.us.undernet.org':6666
- 'ne#####.ny.us.undernet.org':6661
- 'me###.##.us.undernet.org':6666
- 'os###.##.eu.undernet.org':6662
- 'lo####.#k.eu.undernet.org':6667
- 'le######.nl.eu.undernet.org':6666
- 'os###.##.eu.undernet.org':6667
- 'lo#####.uk.eu.undernet.org':6667
- 'ta###.##.us.undernet.org':7000
- 'ta###.##.us.undernet.org':6662
- 'me###.##.us.undernet.org':7000
- 'gr##.##.eu.undernet.org':6666
- 'bu#######.ro.eu.undernet.org':6661
- 'lo#######s.ca.us.undernet.org':6666
- 'he######.fi.eu.undernet.org':6667
- 'el####.#e.eu.undernet.org':7000
- 'os###.##.eu.undernet.org':6660
- 'lo####.#k.eu.undernet.org':6668
- 'he######.fi.eu.undernet.org':7000
- 'le######.nl.eu.undernet.org':6668
- 'he######.fi.eu.undernet.org':6668
- 'lo#####.uk.eu.undernet.org':6663
- 'lo####.#k.eu.undernet.org':6664
- 'gr##.##.eu.undernet.org':6668
- 'di####.#l.eu.undernet.org':7000
- 'bu#######.ro.eu.undernet.org':7000
- 'el####.#e.eu.undernet.org':6668
- 'ed#.##.eu.undernet.org':7000
- 'os###.##.eu.undernet.org':6668
- 'ne#####.ny.us.undernet.org':6663
- 'me###.##.us.undernet.org':6665
- 'gr##.##.eu.undernet.org':6662
- 'ta###.##.us.undernet.org':6665
- 'me##.##.us.undernet.org':6665
- 'za####.#r.eu.undernet.org':6667
- 'os###.##.eu.undernet.org':6663
- 'lo#######s2.ca.us.undernet.org':7000
- 'lo#######s.ca.us.undernet.org':7000
- DNS ASK Lo#######s.CA.US.Undernet.org
- DNS ASK Lo#######s2.CA.US.Undernet.org
- DNS ASK Os###.##.EU.undernet.org
- DNS ASK Za####.#r.EU.UnderNet.org
- DNS ASK ne#####.ny.us.undernet.org
- DNS ASK Ta###.##.US.Undernet.org
- DNS ASK me##.##.us.undernet.org
- DNS ASK me###.##.us.undernet.org
- DNS ASK Lo#####.UK.EU.Undernet.Org
- DNS ASK Ed#.##.EU.UnderNet.Org
- DNS ASK El####.#e.Eu.undernet.org
- DNS ASK bu#######.ro.eu.undernet.org
- DNS ASK Di####.#L.EU.Undernet.Org
- DNS ASK Le######.NL.EU.UnderNet.Org
- DNS ASK Lo####.#K.Eu.Undernet.Org
- DNS ASK gr##.##.Eu.UnderNet.org
- DNS ASK He######.FI.EU.Undernet.org
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''