Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'hstsys' = '{E8BB379B-3793-45FF-AE43-52C6B1F23914}'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'hostctrl' = '{2A59A83D-92BF-4398-B8B4-37B6E2098CB5}'
- '%TEMP%\ac8zt2\nmcuninstall.exe' reg
- '%TEMP%\ac8zt2\edi.exe' rerkn
- '%TEMP%\ac8zt2\edi.exe' %WINDIR%\hostctrl.dll hostctrl
- '%TEMP%\ac8zt2\edi.exe' %WINDIR%\hstsys.dll hstsys
- '%WINDIR%\explorer.exe'
- '<SYSTEM32>\regsvr32.exe' /s optnet.dll
- '<SYSTEM32>\regsvr32.exe' /s %WINDIR%\ntspklqs.dll
- %WINDIR%\Explorer.EXE
- %WINDIR%\hostctrl.dll
- %WINDIR%\optnet.dll
- %WINDIR%\ntspklqs.dll
- %WINDIR%\hstsys.dll
- %TEMP%\nsw4.tmp.bat
- %TEMP%\nsa3.tmp\System.dll
- %WINDIR%\nmcuninstall.exe
- %TEMP%\ac8zt2\nmcuninstall.exe
- %TEMP%\ac8zt2\hstsys.dll
- %TEMP%\ac8zt2\hostctrl.dll
- %TEMP%\nsg2.tmp
- %TEMP%\ac8zt2\ntspklqs.dll
- %TEMP%\ac8zt2\install.bat
- %TEMP%\ac8zt2\edi.exe
- %TEMP%\ac8zt2\optnet.dll
- %TEMP%\ac8zt2\ntspklqs.dll
- %TEMP%\ac8zt2\nmcuninstall.exe
- %TEMP%\nsa3.tmp\System.dll
- %TEMP%\ac8zt2\optnet.dll
- %TEMP%\ac8zt2\hostctrl.dll
- %TEMP%\ac8zt2\edi.exe
- %TEMP%\ac8zt2\install.bat
- %TEMP%\ac8zt2\hstsys.dll
- ClassName: 'Proxy Desktop' WindowName: '(null)'