Техническая информация
- [<HKLM>\SOFTWARE\Classes\irc\Shell\open\command] '' = '"<SYSTEM32>\dirote.exe" -noconnect'
- [<HKLM>\SOFTWARE\Classes\ChatFile\Shell\open\command] '' = '"<SYSTEM32>\dirote.exe" -noconnect'
- <SYSTEM32>\f1ght.exe xsiger.bat
- <SYSTEM32>\dirote.exe
- %WINDIR%\msagent\agentsvr.exe /pid=2544
- <SYSTEM32>\cmd.exe /c xsiger.bat
- %WINDIR%\msagent\agentsvr.exe -Embedding
- <SYSTEM32>\v1rgf
- <SYSTEM32>\redroses
- <SYSTEM32>\x.q
- <SYSTEM32>\xsiger.bat
- <SYSTEM32>\rx
- <SYSTEM32>\rconnect.conf
- <SYSTEM32>\demo.xt
- %TEMP%\GS1.tmp
- <SYSTEM32>\dirote.exe
- <SYSTEM32>\kfolder
- <SYSTEM32>\f1ght.exe
- %TEMP%\GS1.tmp
- 'xp.##stemxp.net':1751
- DNS ASK xp.##stemxp.net
- ClassName: 'Shell_TrayWnd' WindowName: ''