Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rpga' = '%APPDATA%\RapidGet\rpgchk.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'RapidGet' = '%APPDATA%\RapidGet\RPGManager.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\RPGSvcman] 'Start' = '00000002'
- %APPDATA%\RapidGet\RapidGet.exe /r
- <SYSTEM32>\cmd.exe /c <Текущая директория>\nsisintrgdl.bat
- <SYSTEM32>\regsvr32.exe /s "%APPDATA%\RapidGet\RPDMgr.dll"
- %APPDATA%\RapidGet\RPGSvcMan.exe
- %APPDATA%\RapidGet\RPGManager.exe
- %APPDATA%\RapidGet\RPGUnist.exe
- <Текущая директория>\nsisintrgdl.bat
- %APPDATA%\RapidGet\rpgchk.exe
- %TEMP%\Setuprpgset.exe
- %TEMP%\nsb2.tmp\nsisinstrg.dll
- %APPDATA%\RapidGet\RapidGet.exe
- %APPDATA%\RapidGet\RPDMgr.dll
- %APPDATA%\RapidGet\RapidGet.tlb
- %TEMP%\nsb2.tmp\nsisinstrg.dll
- 'ra###get.co.kr':80
- 'www.ke###arch.co.kr':80
- ra###get.co.kr/update_xml2.php?gu#####################################
- ra###get.co.kr/check_counter.php?pi###############################################
- www.ke###arch.co.kr/log/app_upt_inst_prog_log.php
- DNS ASK www.ra###get.co.kr
- DNS ASK ra###get.co.kr
- DNS ASK www.ke###arch.co.kr
- ClassName: '' WindowName: 'RapidGet ???? ???'