Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{5EED7086-B89D-4DE8-A860-D248EA782788}' = ''
- <SYSTEM32>\net1.exe stop sharedaccess
- <SYSTEM32>\cmd.exe /c <Текущая директория>\_deleteme.bat
- <SYSTEM32>\net1.exe stop KVSrvXP.EXE
- <SYSTEM32>\net.exe stop KVSrvXP.EXE
- <SYSTEM32>\net.exe stop sharedaccess
- <Текущая директория>\_deleteme.bat
- <SYSTEM32>\kbdyej.dll
- 'sm##.126.com':25
- DNS ASK sm##.126.com
- ClassName: 'TForm1' WindowName: ''
- ClassName: 'TfLockDownMain' WindowName: ''
- ClassName: 'ZAFrameWnd' WindowName: 'ZoneAlarm'
- ClassName: '' WindowName: '???????????? KV2004??????????'
- ClassName: 'RavMonClass' WindowName: 'RavMon.exe'
- ClassName: 'Tapplication' WindowName: '????????????????'