Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\GN0YMFPOGDQ] 'Start' = '00000002'
- C:\0HFRYN.EXE NRWMMUYGKNSZZJ
- <SYSTEM32>\reg.exe ADD "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Display Inline Images" /t REG_SZ /d yes /F
- <SYSTEM32>\cmd.exe /c C:\RS7UL1Z3ZPD.BAT
- <SYSTEM32>\regsvr32.exe /s "%WINDIR%\nrwmmuygknszzj.dll"
- %PROGRAM_FILES%\2ULTUHHK\43J8DN.EXE
- %PROGRAM_FILES%\2ULTUHHK\24M9V8G6.EXE
- C:\RS7UL1Z3ZPD.BAT
- %WINDIR%\nrwmmuygknszzj.dll
- C:\0HFRYN.EXE
- %PROGRAM_FILES%\7BI1VQQAWX8\AP878KSQH.EXE
- %WINDIR%\NRWMMUYGKNSZZJ.txt
- %PROGRAM_FILES%\2ULTUHHK\43J8DN.EXE
- %PROGRAM_FILES%\2ULTUHHK\24M9V8G6.EXE
- <Полный путь к вирусу>
- %PROGRAM_FILES%\7BI1VQQAWX8\AP878KSQH.EXE
- '58.#9.58.27':443
- ClassName: 'NRWMMUYGKNSZZJ' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'NRWMMUYGKNSZZJ' WindowName: 'uusywtgusrfsoih'