Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'bxsnvqt' = '{0F01F20A-7D83-4F1F-BEC8-DE0AA1E3E1C6}'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'aslpmqk' = '{811E5098-22B6-41DE-9EB2-9B182F9B18BF}'
- %TEMP%\ac8zt2\fknxwqf.exe reg
- %TEMP%\ac8zt2\erwd.exe repvn
- %TEMP%\ac8zt2\erwd.exe %WINDIR%\aslpmqk.dll aslpmqk
- %TEMP%\ac8zt2\erwd.exe %WINDIR%\bxsnvqt.dll bxsnvqt
- %WINDIR%\explorer.exe
- <SYSTEM32>\regsvr32.exe /s %WINDIR%\dopfwrlgwx.dll
- <SYSTEM32>\regsvr32.exe /s egodktf.dll
- %WINDIR%\Explorer.EXE
- %WINDIR%\fknxwqf.exe
- %WINDIR%\egodktf.dll
- %WINDIR%\dopfwrlgwx.dll
- %WINDIR%\aslpmqk.dll
- %TEMP%\nsu4.tmp.bat
- %TEMP%\nsk3.tmp\System.dll
- %WINDIR%\bxsnvqt.dll
- %TEMP%\ac8zt2\install.bat
- %TEMP%\ac8zt2\egodktf.dll
- %TEMP%\ac8zt2\aslpmqk.dll
- %TEMP%\nsz2.tmp
- %TEMP%\ac8zt2\fknxwqf.exe
- %TEMP%\ac8zt2\dopfwrlgwx.dll
- %TEMP%\ac8zt2\bxsnvqt.dll
- %TEMP%\ac8zt2\erwd.exe
- %TEMP%\ac8zt2\fknxwqf.exe
- %TEMP%\ac8zt2\erwd.exe
- %TEMP%\nsk3.tmp\System.dll
- %TEMP%\ac8zt2\install.bat
- %TEMP%\ac8zt2\bxsnvqt.dll
- %TEMP%\ac8zt2\aslpmqk.dll
- %TEMP%\ac8zt2\egodktf.dll
- %TEMP%\ac8zt2\dopfwrlgwx.dll
- ClassName: 'BaseBar' WindowName: 'ChanApp'
- ClassName: 'SysListView32' WindowName: ''
- ClassName: 'Proxy Desktop' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''