Техническая информация
- '%TEMP%\RarSFX0\WssbHepler.exe'
- '<SYSTEM32>\regsvr32.exe' jscript.dll /s /u
- '<SYSTEM32>\regsvr32.exe' vbscript.dll /s /u
- '<SYSTEM32>\regsvr32.exe' scrrun.dll /s
- '<SYSTEM32>\regsvr32.exe' jscript.dll /s
- '<SYSTEM32>\regsvr32.exe' vbscript.dll /s
- '<SYSTEM32>\regsvr32.exe' scrrun.dll /s /u
- '<SYSTEM32>\regsvr32.exe' YRWXls.ocx /s /u
- '<SYSTEM32>\cmd.exe' /c ""<SYSTEM32>\RegCell.bat" C: "<SYSTEM32>\""
- '<SYSTEM32>\regsvr32.exe' YRWXls.ocx /s
- '<SYSTEM32>\regsvr32.exe' CellWeb5.ocx /s
- '<SYSTEM32>\regsvr32.exe' CellWeb5.ocx /s /u
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '1609' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '1201' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '1004' = '00000000'
- <SYSTEM32>\CellWeb5.ocx
- <SYSTEM32>\Chart10W.dll
- <SYSTEM32>\CellWChs.dll
- <SYSTEM32>\cellweb5.inf
- <SYSTEM32>\ChartChs.dll
- %HOMEPATH%\Desktop\°І»ХКЎЖуТµ°мЛ°Т»Ме»ЇЖЅМЁ.url
- <SYSTEM32>\HAdo.dll
- <SYSTEM32>\YRWXls.ocx
- <SYSTEM32>\RegCell.bat
- %TEMP%\RarSFX0\CellWeb5.ocx
- %TEMP%\RarSFX0\Chart10W.dll
- %TEMP%\RarSFX0\CellWChs.dll
- %TEMP%\RarSFX0\cellweb5.inf
- %TEMP%\RarSFX0\ChartChs.dll
- %TEMP%\RarSFX0\RegCell.bat
- %TEMP%\RarSFX0\WssbHepler.exe
- %TEMP%\RarSFX0\hado.dll
- %TEMP%\RarSFX0\YRWXls.ocx
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'