Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'kvxqmtre' = '{D2C66645-FF1E-4B60-AD69-59E7F8CF2BED}'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'evgratsm' = '{067C4A18-B357-485D-A62E-DE51C0467FCB}'
- '%TEMP%\ac8zt2\agpqlrfm.exe' reg
- '%TEMP%\ac8zt2\eepo.exe' relxn
- '%TEMP%\ac8zt2\eepo.exe' %WINDIR%\evgratsm.dll evgratsm
- '%TEMP%\ac8zt2\eepo.exe' %WINDIR%\kvxqmtre.dll kvxqmtre
- '%WINDIR%\explorer.exe'
- '<SYSTEM32>\regsvr32.exe' /s qndsfmao.dll
- '<SYSTEM32>\regsvr32.exe' /s %WINDIR%\kgxmotapexd.dll
- %WINDIR%\Explorer.EXE
- %WINDIR%\kgxmotapexd.dll
- %WINDIR%\evgratsm.dll
- %WINDIR%\qndsfmao.dll
- %WINDIR%\agpqlrfm.exe
- %TEMP%\nsz3.tmp\System.dll
- %TEMP%\nsr4.tmp.bat
- %WINDIR%\kvxqmtre.dll
- %WINDIR%\eepo.exe
- %TEMP%\ac8zt2\qndsfmao.dll
- %TEMP%\ac8zt2\install.bat
- %TEMP%\ac8zt2\kvxqmtre.dll
- %TEMP%\nsj2.tmp
- %TEMP%\nsz3.tmp\blowfish.dll
- %TEMP%\ac8zt2\agpqlrfm.exe
- %TEMP%\ac8zt2\evgratsm.dll
- %TEMP%\ac8zt2\kgxmotapexd.dll
- %TEMP%\ac8zt2\eepo.exe
- %TEMP%\ac8zt2\qndsfmao.dll
- %TEMP%\ac8zt2\kvxqmtre.dll
- %TEMP%\nsz3.tmp\System.dll
- %TEMP%\nsz3.tmp\blowfish.dll
- %TEMP%\ac8zt2\kgxmotapexd.dll
- %TEMP%\ac8zt2\eepo.exe
- %TEMP%\ac8zt2\agpqlrfm.exe
- %TEMP%\ac8zt2\install.bat
- %TEMP%\ac8zt2\evgratsm.dll
- ClassName: 'Proxy Desktop' WindowName: ''