Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ROMwlnotify] 'Startup' = 'WLEventStartup'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ROMwlnotify] 'Logon' = 'WLEventLogon'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ROMwlnotify] 'DllName' = 'ROMwln.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\ROMService] 'Start' = '00000002'
- 'C:\romserver\ROMServer.exe' /firewall
- 'C:\romserver\ROMServer.exe' /silentinstall
- '%WINDIR%\regedit.exe' /s \romserver\setings.reg
- C:\romserver\ROMwln.dll
- <SYSTEM32>\ROMwln.dll
- %TEMP%\tmp7.ico
- %TEMP%\tmp6.ico
- C:\romserver\ROMServer.exe
- %TEMP%\tmp9.ico
- C:\romserver\poster7.jpg
- C:\romserver\setings.reg
- %TEMP%\tmp8.ico
- C:\romserver\AledensoftSoundLib.dll
- %TEMP%\tmp3.ico
- %TEMP%\tmp2.ico
- %TEMP%\tmp1.ico
- C:\romserver\AledensoftIpcServer.dll
- %TEMP%\tmp5.ico
- C:\romserver\ROMFUSClient.exe
- C:\romserver\HookDrv.dll
- C:\romserver\English.lg
- %TEMP%\tmp4.ico
- %TEMP%\tmp7.ico
- %TEMP%\tmp6.ico
- %TEMP%\tmp9.ico
- %TEMP%\tmp8.ico
- %TEMP%\tmp5.ico
- %TEMP%\tmp2.ico
- %TEMP%\tmp1.ico
- %TEMP%\tmp4.ico
- %TEMP%\tmp3.ico
- ClassName: 'RegEdit_RegEdit' WindowName: '(null)'