Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] 'rgservs' = '%TEMP%\rgservs.exe'
- %WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe
- %TEMP%\rgservs.exe
- %TEMP%\rgservs.exe
- from <Full path to file> to %TEMP%\tmpg781.tmp
- '%TEMP%\rgservs.exe'
- '%TEMP%\rgservs.exe' ' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe'