Technical Information
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'fzg' = '%WINDIR%\Config\svhost32.exe'
- <SYSTEM32>\dllf.dll
- Handler for all processes: <SYSTEM32>\dllf.dll
- %WINDIR%\config\svhost32.exe
- <SYSTEM32>\dllf.dll
- ClassName: 'RavMonClass' WindowName: 'RavMon.exe'