Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'rwlfsdmk' = '{4FA0C6ED-E1FA-43A5-B32E-BD1171A2D598}'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'onfwbsak' = '{1CA30B7F-0332-44DF-B2DC-1C61B3024D54}'
- %TEMP%\ac8zt2\fbxrqtwn.exe reg
- %TEMP%\ac8zt2\evqb.exe reong
- %TEMP%\ac8zt2\evqb.exe %WINDIR%\onfwbsak.dll onfwbsak
- %TEMP%\ac8zt2\evqb.exe %WINDIR%\rwlfsdmk.dll rwlfsdmk
- %WINDIR%\explorer.exe
- <SYSTEM32>\regsvr32.exe /s %WINDIR%\dfmlxbpkvlo.dll
- <SYSTEM32>\regsvr32.exe /s peltodgx.dll
- %WINDIR%\Explorer.EXE
- %WINDIR%\peltodgx.dll
- %WINDIR%\fbxrqtwn.exe
- %WINDIR%\onfwbsak.dll
- %WINDIR%\rwlfsdmk.dll
- %TEMP%\nsy3.tmp\System.dll
- %TEMP%\nsc4.tmp.bat
- %WINDIR%\evqb.exe
- %WINDIR%\dfmlxbpkvlo.dll
- %TEMP%\ac8zt2\onfwbsak.dll
- %TEMP%\ac8zt2\install.bat
- %TEMP%\ac8zt2\dfmlxbpkvlo.dll
- %TEMP%\nst2.tmp
- %TEMP%\nsy3.tmp\blowfish_d.dll
- %TEMP%\ac8zt2\evqb.exe
- %TEMP%\ac8zt2\peltodgx.dll
- %TEMP%\ac8zt2\fbxrqtwn.exe
- %TEMP%\ac8zt2\rwlfsdmk.dll
- %TEMP%\ac8zt2\rwlfsdmk.dll
- %TEMP%\ac8zt2\peltodgx.dll
- %TEMP%\nsy3.tmp\System.dll
- %TEMP%\nsy3.tmp\blowfish_d.dll
- %TEMP%\ac8zt2\onfwbsak.dll
- %TEMP%\ac8zt2\evqb.exe
- %TEMP%\ac8zt2\dfmlxbpkvlo.dll
- %TEMP%\ac8zt2\install.bat
- %TEMP%\ac8zt2\fbxrqtwn.exe
- ClassName: 'BaseBar' WindowName: 'ChanApp'
- ClassName: 'SysListView32' WindowName: ''
- ClassName: 'Proxy Desktop' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''