Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'admgcx' = '{ED9447EB-4D5B-4CD1-B00B-FE6EDB4F274C}'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'bdmanager' = '{57A1C45D-40B6-492C-AE06-258D1E1E9E65}'
- '%TEMP%\ac8zt2\fsxloqf.exe' reg
- '%TEMP%\ac8zt2\etgx.exe' rewxg
- '%TEMP%\ac8zt2\etgx.exe' %WINDIR%\bdmanager.dll bdmanager
- '%TEMP%\ac8zt2\etgx.exe' %WINDIR%\admgcx.dll admgcx
- '%WINDIR%\explorer.exe'
- '<SYSTEM32>\regsvr32.exe' /s emotigt.dll
- '<SYSTEM32>\regsvr32.exe' /s %WINDIR%\dmdvpnnwk.dll
- %WINDIR%\Explorer.EXE
- %WINDIR%\emotigt.dll
- %WINDIR%\admgcx.dll
- %TEMP%\ac8zt2\bdmanager.dll
- %WINDIR%\bdmanager.dll
- %TEMP%\nsr4.tmp.bat
- %WINDIR%\dmdvpnnwk.dll
- %WINDIR%\fsxloqf.exe
- %TEMP%\ac8zt2\admgcx.dll
- %TEMP%\ac8zt2\fsxloqf.exe
- %TEMP%\nso2.tmp
- %TEMP%\ac8zt2\dmdvpnnwk.dll
- %TEMP%\ac8zt2\etgx.exe
- %TEMP%\ac8zt2\emotigt.dll
- %TEMP%\ac8zt2\install.bat
- %TEMP%\ac8zt2\etgx.exe
- %TEMP%\ac8zt2\fsxloqf.exe
- %TEMP%\ac8zt2\install.bat
- %TEMP%\ac8zt2\emotigt.dll
- %TEMP%\ac8zt2\admgcx.dll
- %TEMP%\ac8zt2\bdmanager.dll
- %TEMP%\ac8zt2\dmdvpnnwk.dll
- ClassName: 'OleMainThreadWndClass' WindowName: ''
- ClassName: 'SystemTray_Main' WindowName: ''
- ClassName: 'CSCHiddenWindow' WindowName: ''
- ClassName: 'SysListView32' WindowName: ''
- ClassName: 'Proxy Desktop' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'BaseBar' WindowName: 'ChanApp'