Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RWLN] 'Startup' = 'WLEventStartup'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RWLN] 'Logon' = 'WLEventLogon'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RWLN] 'DllName' = 'RWLN.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\RManService] 'Start' = '00000002'
- 'C:\Temp\rutserv.exe' /silentinstall
- 'C:\Temp\DSC07859.exe' -prgdfg5g5ye5ygv5465756g5yg5645g54g45g54g56yg6rtfyg5thb56tyhb56tfyhb6tyhb56thbrtu35eur475634u46rthb45u834u7y4h5rfh45dru34574uhb
- C:\Temp\rutserv.exe
- %TEMP%\1.lnk
- C:\Temp\DSC07859.exe
- %TEMP%\1.lnk
- C:\Temp\DSC07859.exe
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''