Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'bklgvsf' = '{0B860543-97EE-4380-80BC-D9DD07EB18E5}'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'ampkfst' = '{06473329-D511-4A08-99DA-9D999765768A}'
- %TEMP%\ac8zt2\foxflpd.exe reg
- %TEMP%\ac8zt2\evsn.exe relqw
- %TEMP%\ac8zt2\evsn.exe %WINDIR%\ampkfst.dll ampkfst
- %TEMP%\ac8zt2\evsn.exe %WINDIR%\bklgvsf.dll bklgvsf
- %WINDIR%\explorer.exe
- <SYSTEM32>\regsvr32.exe /s %WINDIR%\dxpvqlmnsr.dll
- <SYSTEM32>\regsvr32.exe /s ensfolr.dll
- %WINDIR%\Explorer.EXE
- %WINDIR%\ampkfst.dll
- %WINDIR%\foxflpd.exe
- %WINDIR%\ensfolr.dll
- %WINDIR%\bklgvsf.dll
- %TEMP%\nsj4.tmp.bat
- %TEMP%\nsy3.tmp\System.dll
- %WINDIR%\dxpvqlmnsr.dll
- %TEMP%\ac8zt2\ampkfst.dll
- %TEMP%\ac8zt2\evsn.exe
- %TEMP%\ac8zt2\dxpvqlmnsr.dll
- %TEMP%\nsf2.tmp
- %TEMP%\ac8zt2\install.bat
- %TEMP%\ac8zt2\bklgvsf.dll
- %TEMP%\ac8zt2\foxflpd.exe
- %TEMP%\ac8zt2\ensfolr.dll
- %TEMP%\ac8zt2\foxflpd.exe
- %TEMP%\ac8zt2\evsn.exe
- %TEMP%\nsy3.tmp\System.dll
- %TEMP%\ac8zt2\install.bat
- %TEMP%\ac8zt2\bklgvsf.dll
- %TEMP%\ac8zt2\ampkfst.dll
- %TEMP%\ac8zt2\ensfolr.dll
- %TEMP%\ac8zt2\dxpvqlmnsr.dll
- ClassName: 'OleMainThreadWndClass' WindowName: ''
- ClassName: 'SystemTray_Main' WindowName: ''
- ClassName: 'CSCHiddenWindow' WindowName: ''
- ClassName: 'SysListView32' WindowName: ''
- ClassName: 'Proxy Desktop' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'BaseBar' WindowName: 'ChanApp'