Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{5D06580A-08EB-4DD0-8425-DDBB5198B30C}' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\CelInDrv] 'ImagePath' = '<DRIVERS>\CelInDriver.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\WinDHCPsvc] 'Start' = '00000002'
- '%TEMP%\srvwow.exe'
- '<SYSTEM32>\cmd.exe' /c ""<Текущая директория>\MicroSoft.bat" "
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\windhcp.ocx
- <Текущая директория>\MicroSoft.bat
- <DRIVERS>\CelInDriver.sys
- %PROGRAM_FILES%\Internet Explorer\PLUGINS\CDown.dll
- %TEMP%\srvwow.exe
- %TEMP%\srvwow.dat
- %PROGRAM_FILES%\Internet Explorer\PLUGINS\CDown.sys
- %PROGRAM_FILES%\Internet Explorer\PLUGINS\CDown.dll
- <DRIVERS>\etc\hosts
- %TEMP%\srvwow.dat
- <DRIVERS>\CelInDriver.sys
- ClassName: 'ListBox' WindowName: 'CDownDll'
- ClassName: 'ListBox' WindowName: 'CDownExe'