Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rcpcrtdll] 'Logon' = 'Load'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rcpcrtdll] 'DllName' = 'rcploader.dll'
- <SYSTEM32>\svсhost.exe
- %WINDIR%\regedit.exe /S <SYSTEM32>\rcpcrt.log
- <SYSTEM32>\rcpcrt.log
- <SYSTEM32>\svсhost.exe
- <SYSTEM32>\rcploader.dll
- <SYSTEM32>\rcpcrt32.dll
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: '!__bot_pincher_class__!' WindowName: 'BOT_PINCHER_2'