Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = '"%APPDATA%\8dikXg48m6aI611r\N2GmL21yw2hH.exe",explorer.exe'
- %WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe
- %TEMP%\rarsfx0\checkupdate.exe
- %TEMP%\rarsfx0\setp.exe
- %APPDATA%\8dikxg48m6ai611r\n2gml21yw2hh.exe
- %TEMP%\is-chpmf.tmp\setp.tmp
- %APPDATA%\8dikxg48m6ai611r\n2gml21yw2hh.exe
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\rarsfx0\checkupdate.exe'
- '%TEMP%\rarsfx0\setp.exe'
- '%TEMP%\is-chpmf.tmp\setp.tmp' /SL5="$201B2,2365639,57856,%TEMP%\RarSFX0\setp.exe"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe'