Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] '*LogMeInRescue_1744422203' = '"<LS_APPDATA>\LogMeIn Rescue Applet\LMIR0001.tmp\lmi_instantchat.exe" -runonce reboot'
- [<HKLM>\SYSTEM\ControlSet001\Services\LMIRescue_39c1eea3-1a03-42f0-bd59-1e9187fd8aa2] 'Start' = '00000002'
- '<LS_APPDATA>\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_InstantChat_srv.exe' -service -sid 39c1eea3-1a03-42f0-bd59-1e9187fd8aa2
- '<LS_APPDATA>\LogMeIn Rescue Applet\LMIR0001.tmp\lmi_instantchat.exe'
- <LS_APPDATA>\LogMeIn Rescue Applet\LMIR0001.tmp\rescue.log
- <LS_APPDATA>\LogMeIn Rescue Applet\LMIR0001.tmp\rescue.ico
- <LS_APPDATA>\LogMeIn Rescue Applet\LMIR0001.tmp\chatlog.dat
- <SYSTEM32>\Microsoft\Protect\S-1-5-18\Preferred
- <SYSTEM32>\Microsoft\Protect\S-1-5-18\f874b0c7-519b-4ff2-bc00-d7f8a37bb6ef
- <LS_APPDATA>\LogMeIn Rescue Applet\LMIR0001.tmp\params.txt
- <LS_APPDATA>\LogMeIn Rescue Applet\LMIR0001.tmp\rahook.dll
- <LS_APPDATA>\LogMeIn Rescue Applet\LMIR0001.tmp\lmi_instantchat.exe
- <LS_APPDATA>\LogMeIn Rescue Applet\LMIR0001.tmp\RescueWinRTLib.dll
- <LS_APPDATA>\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_InstantChat_srv.exe
- <LS_APPDATA>\LogMeIn Rescue Applet\LMIR0001.tmp\ra64app.exe
- 'se####.#ogmeinrescue.com':443
- 'se####.#ogmeinrescue.com':80
- se####.#ogmeinrescue.com/myrahost/list.aspx?we#######
- DNS ASK se####.#ogmeinrescue.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'