Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'kbdctrl' = '{E55C849B-1169-40E6-A317-3E3BBFC2D2B7}'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'neobus' = '{D18A6F58-333B-4D88-AE5E-CFFB69F0C7DC}'
- %TEMP%\ac8zt2\qdertu.exe reg
- %TEMP%\ac8zt2\emks.exe rekqs
- %TEMP%\ac8zt2\emks.exe %WINDIR%\neobus.dll neobus
- %TEMP%\ac8zt2\emks.exe %WINDIR%\kbdctrl.dll kbdctrl
- %WINDIR%\explorer.exe
- <SYSTEM32>\regsvr32.exe /s %WINDIR%\ipwyprkg.dll
- <SYSTEM32>\regsvr32.exe /s bonrep.dll
- %WINDIR%\Explorer.EXE
- %WINDIR%\kbdctrl.dll
- %WINDIR%\qdertu.exe
- %WINDIR%\ipwyprkg.dll
- %WINDIR%\bonrep.dll
- %TEMP%\nsh4.tmp.bat
- %TEMP%\nsm3.tmp\System.dll
- %WINDIR%\neobus.dll
- %TEMP%\ac8zt2\bonrep.dll
- %TEMP%\ac8zt2\qdertu.exe
- %TEMP%\ac8zt2\install.bat
- %TEMP%\nsl2.tmp
- %TEMP%\ac8zt2\ipwyprkg.dll
- %TEMP%\ac8zt2\emks.exe
- %TEMP%\ac8zt2\neobus.dll
- %TEMP%\ac8zt2\kbdctrl.dll
- %TEMP%\ac8zt2\neobus.dll
- %TEMP%\ac8zt2\kbdctrl.dll
- %TEMP%\nsm3.tmp\System.dll
- %TEMP%\ac8zt2\qdertu.exe
- %TEMP%\ac8zt2\emks.exe
- %TEMP%\ac8zt2\bonrep.dll
- %TEMP%\ac8zt2\ipwyprkg.dll
- %TEMP%\ac8zt2\install.bat
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Proxy Desktop' WindowName: ''