Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'runrc' = '<SYSTEM32>\rundll32.exe %WINDIR%\trm.dll,RunMain'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'win32l' = '%APPDATA%\load32.exe'
- <SYSTEM32>\rundll32.exe <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen C:\image.jpg
- <SYSTEM32>\reg.exe add HKLM\software\microsoft\windows\currentversion\run /v runrc /d "<SYSTEM32>\rundll32.exe %WINDIR%\trm.dll,RunMain" /f
- <SYSTEM32>\reg.exe add HKLM\software\microsoft\windows\currentversion\run /v win32l /d "%APPDATA%\load32.exe" /f
- %WINDIR%\wsock.p2
- %WINDIR%\trm.dll
- %WINDIR%\trdl.dll
- %WINDIR%\wsock.p1
- %WINDIR%\wsock32
- %HOMEPATH%\Recent\image.lnk
- %HOMEPATH%\Recent\Local Disk (C).lnk
- %WINDIR%\wsock32.dll
- C:\image.jpg
- %WINDIR%\rcx.ini
- %WINDIR%\rcx.dat
- %APPDATA%\rcx.dat
- %APPDATA%\rcx.ini
- <SYSTEM32>\w32ss.dll
- %WINDIR%\trdl.p2
- %WINDIR%\trdl
- <SYSTEM32>\l32nn.dll
- %WINDIR%\trdl.p1
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''