Техническая информация
- [<HKLM>\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\shell\open\command] '' = '""%TEMP%\2040211285.bin"" %1'
- <SYSTEM32>\freecelll.exe "<SYSTEM32>\c__10000.nls"
- <SYSTEM32>\at.exe 13:48 /every:Th "<SYSTEM32>\freecelll.exe"
- <SYSTEM32>\regsvr32.exe /s "<SYSTEM32>\ddispex.dll"
- <SYSTEM32>\ddispex.dll
- %TEMP%\2040211285.bin
- <SYSTEM32>\2057\inf2057.dat
- <SYSTEM32>\c__10000.nls
- %TEMP%\1744120631.bin
- %TEMP%\2256123983.tmp
- <SYSTEM32>\freecelll.exe
- %TEMP%\1744120631.bin
- %TEMP%\2256123983.tmp
- ClassName: 'Shell_TrayWnd' WindowName: ''