Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'ampkfst' = '{6CBD03A2-3A04-4E97-90EA-D2A20D343AAB}'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'bklgvsf' = '{89A8A321-0CA7-443F-9698-DA4E3706F925}'
- '%TEMP%\ac8zt2\foxflpd.exe' reg
- '%TEMP%\ac8zt2\etkl.exe' redkw
- '%TEMP%\ac8zt2\etkl.exe' %WINDIR%\bklgvsf.dll bklgvsf
- '%TEMP%\ac8zt2\etkl.exe' %WINDIR%\ampkfst.dll ampkfst
- '%WINDIR%\explorer.exe'
- '<SYSTEM32>\regsvr32.exe' /s %WINDIR%\dxpvqlmqng.dll
- '<SYSTEM32>\regsvr32.exe' /s ensfolr.dll
- %WINDIR%\Explorer.EXE
- %WINDIR%\foxflpd.exe
- %WINDIR%\dxpvqlmqng.dll
- %TEMP%\ac8zt2\install.bat
- %WINDIR%\ensfolr.dll
- %TEMP%\nsj4.tmp.bat
- %WINDIR%\ampkfst.dll
- %WINDIR%\bklgvsf.dll
- %TEMP%\ac8zt2\etkl.exe
- %TEMP%\ac8zt2\dxpvqlmqng.dll
- %TEMP%\nsh2.tmp
- %TEMP%\ac8zt2\bklgvsf.dll
- %TEMP%\ac8zt2\ensfolr.dll
- %TEMP%\ac8zt2\ampkfst.dll
- %TEMP%\ac8zt2\foxflpd.exe
- %TEMP%\ac8zt2\etkl.exe
- %TEMP%\ac8zt2\foxflpd.exe
- %TEMP%\ac8zt2\install.bat
- %TEMP%\ac8zt2\ensfolr.dll
- %TEMP%\ac8zt2\ampkfst.dll
- %TEMP%\ac8zt2\bklgvsf.dll
- %TEMP%\ac8zt2\dxpvqlmqng.dll
- ClassName: 'OleMainThreadWndClass' WindowName: ''
- ClassName: 'SystemTray_Main' WindowName: ''
- ClassName: 'CSCHiddenWindow' WindowName: ''
- ClassName: 'SysListView32' WindowName: ''
- ClassName: 'Proxy Desktop' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'BaseBar' WindowName: 'ChanApp'