Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'KIRManager.exe' = '%PROGRAM_FILES%(86)\Kingdee\KIS\Retail\Common\KIRManager.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'KIRManager.exe' = '%PROGRAM_FILES%\Kingdee\KIS\Retail\Common\KIRManager.exe'
- '<SYSTEM32>\mshta.exe' javascript:window.alert("╣з╧▓─·│╔╣ж╫в▓сKIS╕▀╝╢╔╠├│░ц╙├╗з,╟ы╝ь▓щ╩╟╖ё▓х╚ы╝╙├▄╣╖!╬▐╝╙├▄╣╖╫┤╠м╚э╝■╬к╩╘╙├░цгм╦ў╚б╝╙├▄╣╖╟ы┴к╧╡ 13728822556");window.close()
- '%WINDIR%\regedit.exe' /s x.reg
- '<SYSTEM32>\taskkill.exe' /f /im KICManager.exe
- %TEMP%\aut3.tmp
- %TEMP%\LS\商贸零售4.1注册.CMD
- %TEMP%\LS\x.reg
- %TEMP%\LS\KIRManager.exe
- %TEMP%\aut1.tmp
- %TEMP%\LS\KDLicense.Dat
- %TEMP%\aut2.tmp
- %TEMP%\LS\x.reg
- <DRIVERS>\etc\hosts
- %TEMP%\aut3.tmp
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: '' WindowName: ''