Техническая информация
- [<HKLM>\SYSTEM\ControlSet002\Services\ESudisk] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\ESudisk] 'Start' = '00000000'
- <SYSTEM32>\xkj.exe install -install cd -password xkjdf -reboot
- %WINDIR%\Temp\499034.exe 程序运行参数
- <SYSTEM32>\ping.exe 127.0.0.1 -n 3
- <SYSTEM32>\logonui.exe /status /shutdown
- <SYSTEM32>\reg.exe delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} /f
- <SYSTEM32>\cmd.exe /c ""<SYSTEM32>\xkjdf.bat" "
- <SYSTEM32>\reg.exe delete HKEY_CLASSES_ROOT\CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} /f
- <SYSTEM32>\xxkj.bat
- <SYSTEM32>\xkjdf.bat
- <DRIVERS>\Esudisk.sys
- <SYSTEM32>\xkj.exe
- %TEMP%\aut1.tmp
- %WINDIR%\Temp\499034.exe
- <SYSTEM32>\xkj.bat
- %TEMP%\aut1.tmp
- %WINDIR%\bootstat.dat в %WINDIR%\bootstat.bak
- ClassName: 'StatusWindowClass' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''