Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'rgservs' = '%TEMP%\rgservs.exe'
- %HOMEPATH%\Desktop\RAR-Password-Recovery-Magic.exe
- %TEMP%\is-LKIEN.tmp\is-CR06J.tmp /SL4 $200EA "%HOMEPATH%\Desktop\RAR-Password-Recovery-Magic.exe" 1556188 52224
- %TEMP%\rgservs.exe
- %APPDATA%\Appdata.exe
- %APPDATA%\Reg.exe
- %APPDATA%\win32.exe
- %TEMP%\is-LKIEN.tmp\is-CR06J.tmp
- %TEMP%\rgservs.exe
- %TEMP%\is-HP20S.tmp\_isetup\_shfoldr.dll
- %HOMEPATH%\Desktop\RAR-Password-Recovery-Magic.exe
- %APPDATA%\Appdata.exe
- %APPDATA%\Reg.exe
- %APPDATA%\win32.exe
- %TEMP%\rgservs.exe
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''