Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\52QAMLZZHC] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\VAYO1JCGL4XM] 'Start' = '00000002'
- '%PROGRAM_FILES%\0ENL9GYSPOLM.exe' 70B2VO
- '<SYSTEM32>\reg.exe' ADD "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Display Inline Videos" /t REG_SZ /d no /F
- '<SYSTEM32>\reg.exe' ADD "HKCU\Software\Microsoft\Internet Explorer\Main" /v Play_Background_Sounds /t REG_SZ /d no /F
- '<SYSTEM32>\reg.exe' ADD "HKCU\Software\Microsoft\Internet Explorer\Main" /v Play_Animations /t REG_SZ /d no /F
- '<SYSTEM32>\reg.exe' ADD "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Disable Script Debugger" /t REG_SZ /d yes /F
- '<SYSTEM32>\reg.exe' ADD "HKCU\Software\Microsoft\Internet Explorer\Main" /v DisableScriptDebuggerIE /t REG_SZ /d yes /F
- '<SYSTEM32>\regsvr32.exe' /u /s vbscript.dll
- '<SYSTEM32>\regsvr32.exe' /u /s shimgvw.dll
- '<SYSTEM32>\cmd.exe' /c <Текущая директория>\GYNQL2831.bat
- '<SYSTEM32>\regsvr32.exe' /u /s itss.dll
- '<SYSTEM32>\regsvr32.exe' /s jscript.dll
- '<SYSTEM32>\regsvr32.exe' /u /s scrrun.dll
- <Текущая директория>\GYNQL2831.bat
- %TEMP%\RGI1.tmp
- %PROGRAM_FILES%\KCNHNWO\NLMMWN1O82K4.exe
- %PROGRAM_FILES%\HVUMOZE7Y13M\CRIKGA2.exe
- %PROGRAM_FILES%\0ENL9GYSPOLM.exe
- %PROGRAM_FILES%\KCNHNWO\NLMMWN1O82K4.exe
- %PROGRAM_FILES%\HVUMOZE7Y13M\CRIKGA2.exe
- %TEMP%\RGI1.tmp
- '58.#9.58.27':443
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'TQLQWKCJXG' WindowName: 'pgwiiezncnuanx'