Technical Information
- [<HKLM>\Software\Classes\WinRAR\shell\open\command] '' = '"%ProgramFiles%\WinRAR\WinRAR.exe" "%1"'
- [<HKLM>\Software\Classes\WinRAR.ZIP\shell\open\command] '' = '"%ProgramFiles%\WinRAR\WinRAR.exe" "%1"'
- [<HKLM>\Software\Classes\WinRAR.REV\shell\open\command] '' = '"%ProgramFiles%\WinRAR\WinRAR.exe" "%1"'
- '<SYSTEM32>\taskkill.exe' /F /IM WinRAR.exe
- '<SYSTEM32>\taskkill.exe' /IM WinRAR.exe /F
- %TEMP%\ff08.tmp\ff09.bat
- %APPDATA%\winrar\themes\delato_32x32\sortup.bmp
- %APPDATA%\winrar\themes\delato_32x32\sortdown.bmp
- %APPDATA%\winrar\themes\delato_32x32\sfxlogo.bmp
- %APPDATA%\winrar\themes\delato_32x32\sfx.ico
- %APPDATA%\winrar\themes\delato_32x32\setup.ico
- %APPDATA%\winrar\themes\delato_32x32\rev.ico
- %APPDATA%\winrar\themes\delato_32x32\rarsmall.bmp
- %APPDATA%\winrar\themes\delato_32x32\rar.ico
- %APPDATA%\winrar\themes\delato_32x32\tray.ico
- %APPDATA%\winrar\themes\delato_32x32\passwordon.ico
- %APPDATA%\winrar\themes\delato_32x32\folderup.bmp
- %APPDATA%\winrar\themes\delato_32x32\file.ico
- %APPDATA%\winrar\themes\delato_32x32\estimate.bmp
- %APPDATA%\winrar\themes\delato_32x32\dragcopy.cur
- %APPDATA%\winrar\themes\delato_32x32\diskon.ico
- %APPDATA%\winrar\themes\delato_32x32\diskoff.ico
- %APPDATA%\winrar\themes\delato_32x32\aboutlogo.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\wizardlogo.bmp
- %APPDATA%\winrar\themes\delato_32x32\passwordoff.ico
- %APPDATA%\winrar\themes\delato_32x32\toolbar\info.bmp
- %APPDATA%\winrar\themes\delato_32x32\toolbar\wizard.bmp
- %APPDATA%\winrar\themes\delato_32x32\toolbar\add.bmp
- %APPDATA%\winrar\themes\delato_32x32\toolbar\virusscan.bmp
- %APPDATA%\winrar\themes\delato_32x32\toolbar\view.bmp
- %APPDATA%\winrar\themes\delato_32x32\toolbar\test.bmp
- %APPDATA%\winrar\themes\delato_32x32\toolbar\sfx.bmp
- %APPDATA%\winrar\themes\delato_32x32\toolbar\report.bmp
- %APPDATA%\winrar\themes\delato_32x32\toolbar\repair.bmp
- %APPDATA%\winrar\themes\delato_32x32\toolbar\protect.bmp
- %APPDATA%\winrar\themes\delato_32x32\toolbar\print.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\winrar_theme_description.txt
- %APPDATA%\winrar\themes\delato_32x32\toolbar\lock.bmp
- %APPDATA%\winrar\themes\delato_32x32\toolbar\find.bmp
- %APPDATA%\winrar\themes\delato_32x32\toolbar\extractto.bmp
- %APPDATA%\winrar\themes\delato_32x32\toolbar\extract.bmp
- %APPDATA%\winrar\themes\delato_32x32\toolbar\exit.bmp
- %APPDATA%\winrar\themes\delato_32x32\toolbar\delete.bmp
- %APPDATA%\winrar\themes\delato_32x32\toolbar\convert.bmp
- %APPDATA%\winrar\themes\delato_32x32\toolbar\comment.bmp
- %APPDATA%\winrar\themes\delato_32x32\toolbar\benchmark.bmp
- %APPDATA%\winrar\themes\delato_32x32\winrar_theme_description.txt
- %APPDATA%\winrar\themes\delato_32x32\wizardlogo.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\tray.ico
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\sortdown.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\setup.ico
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\rev.ico
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\rarsmall.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\rar.ico
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\passwordon.ico
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\passwordoff.ico
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\folderup.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\file.ico
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\sfx.ico
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\estimate.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\diskon.ico
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\diskoff.ico
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\aboutlogo.bmp
- %TEMP%\ff08.tmp\crack\rarreg.key
- %TEMP%\ff08.tmp\winrar-x64-571.exe
- %TEMP%\ff08.tmp\themeregxp.reg
- %TEMP%\ff08.tmp\themereg.reg
- %TEMP%\ff08.tmp\wrar571.exe
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\dragcopy.cur
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\find.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\virusscan.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\sortup.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\view.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\test.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\sfx.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\report.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\repair.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\protect.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\print.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\lock.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\wizard.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\info.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\extractto.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\extract.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\exit.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\delete.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\convert.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\comment.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\benchmark.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\add.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\sfxlogo.bmp
- %ProgramFiles%\winrar\rarreg.key
- %TEMP%\ff08.tmp\wrar571.exe
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\delete.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\exit.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\extract.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\extractto.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\find.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\info.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\lock.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\print.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\folderup.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\protect.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\report.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\sfx.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\test.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\view.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\virusscan.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\wizard.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\tray.ico
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\winrar_theme_description.txt
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\comment.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\convert.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\benchmark.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\add.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\sortup.bmp
- %TEMP%\ff08.tmp\themeregxp.reg
- %TEMP%\ff08.tmp\winrar-x64-571.exe
- %TEMP%\ff08.tmp\crack\rarreg.key
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\aboutlogo.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\diskoff.ico
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\diskon.ico
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\dragcopy.cur
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\estimate.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\wizardlogo.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\toolbar\repair.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\file.ico
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\passwordon.ico
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\rar.ico
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\rarsmall.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\rev.ico
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\setup.ico
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\sfx.ico
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\sfxlogo.bmp
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\sortdown.bmp
- %TEMP%\ff08.tmp\themereg.reg
- %TEMP%\ff08.tmp\xxx\themes\delato_32x32\passwordoff.ico
- %TEMP%\ff08.tmp\ff09.bat
- %ProgramFiles%\WinRAR\RarExt.dll
- %ProgramFiles%\WinRAR\RarExt32.dll
- %APPDATA%\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk
- %APPDATA%\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk
- %APPDATA%\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk
- %APPDATA%\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk
- %PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk
- %PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk
- %PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk
- %PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk
- ClassName: '' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- '%TEMP%\ff08.tmp\winrar-x64-571.exe' /S
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\FF08.tmp\FF09.bat <Full path to file>"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\FF08.tmp\FF09.bat <Full path to file>"
- '%ProgramFiles%\winrar\uninstall.exe' /setup
- '<SYSTEM32>\xcopy.exe' /s /e /i /y /h /r /k "xxx" "%APPDATA%\WinRAR"
- '%WINDIR%\regedit.exe' /s ThemeREG.reg
- '<SYSTEM32>\xcopy.exe' /s /e /i /y /h /r /k "crack" "%ProgramFiles%\WinRAR"