Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'run32' = '<SYSTEM32>\rundl32.exe'
- %WINDIR%\Tasks\rcxsrv2408.job
- <SYSTEM32>\reg.exe add HKLM\software\microsoft\windows\currentversion\run /v run32 /d "<SYSTEM32>\rundl32.exe" /f
- <SYSTEM32>\schtasks.exe /create /ru system /sc minute /mo 3 /tn rcxsrv2408 /tr %WINDIR%\system\winlogon.exe
- <SYSTEM32>\schtasks.exe /create /ru system /sc co_minutк /mo 3 /tn rcxsrv2408 /tr %WINDIR%\system\winlogon.exe
- <SYSTEM32>\rundl32.exe
- %WINDIR%\system\winlogon.exe
- %WINDIR%\rcx7
- <SYSTEM32>\system32.dll
- %PROGRAM_FILES%\Outlook Express\wsock32.dll
- %PROGRAM_FILES%\Messenger\wsock32.dll
- %PROGRAM_FILES%\Internet Explorer\wsock32.dll
- <SYSTEM32>\rundl32.p2
- %WINDIR%\rcx.p1
- <SYSTEM32>\libeax.dll
- %WINDIR%\cpp7.ini
- %WINDIR%\rcx.p2
- <SYSTEM32>\rundl32.p1
- %WINDIR%\system\winlogon.p2
- %WINDIR%\system\winlogon.p1
- ClassName: 'Shell_TrayWnd' WindowName: ''