Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'ocgrep' = '{A0F466B5-5D90-4D6D-8AD9-756D2CD7FCE7}'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'bxsbang' = '{69371578-4A77-4124-93CB-C01216CB6A7F}'
- %TEMP%\ac8zt2\kthemup.exe reg
- %TEMP%\ac8zt2\efsw.exe reslr
- %TEMP%\ac8zt2\efsw.exe %WINDIR%\bxsbang.dll bxsbang
- %TEMP%\ac8zt2\efsw.exe %WINDIR%\ocgrep.dll ocgrep
- %WINDIR%\explorer.exe
- <SYSTEM32>\regsvr32.exe /s nssfrch.dll
- <SYSTEM32>\regsvr32.exe /s %WINDIR%\movctrlflm.dll
- %WINDIR%\Explorer.EXE
- %WINDIR%\bxsbang.dll
- %WINDIR%\movctrlflm.dll
- %WINDIR%\kthemup.exe
- %TEMP%\nsf4.tmp.bat
- %TEMP%\nsj3.tmp\System.dll
- %TEMP%\ac8zt2\movctrlflm.dll
- %TEMP%\ac8zt2\kthemup.exe
- %TEMP%\nsv2.tmp
- %TEMP%\ac8zt2\bxsbang.dll
- %TEMP%\ac8zt2\efsw.exe
- %TEMP%\ac8zt2\install.bat
- %TEMP%\ac8zt2\kthemup.exe
- %TEMP%\ac8zt2\movctrlflm.dll
- %TEMP%\nsj3.tmp\System.dll
- %TEMP%\ac8zt2\bxsbang.dll
- %TEMP%\ac8zt2\efsw.exe
- %TEMP%\ac8zt2\install.bat
- ClassName: 'Proxy Desktop' WindowName: ''