Техническая информация
- [<HKLM>\SOFTWARE\Classes\exefile\shell\open\command] '' = '<SYSTEM32>\RAVMOND.EXE "%1" %*'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'regmon' = '<SYSTEM32>\RAVMOND.EXE'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] 'regmon' = '<SYSTEM32>\RAVMOND.EXE'
- <SYSTEM32>\RAVMOND.EXE /HuiFSetup
- <SYSTEM32>\cmd.exe /c <SYSTEM32>\Deleteme.bat
- <SYSTEM32>\Deleteme.bat
- <SYSTEM32>\RAVMOND.EXE
- <SYSTEM32>\RAVMOND.EXE
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'Indicator' WindowName: ''