Техническая информация
- '%HOMEPATH%\Templates\asem.exe'
- '%HOMEPATH%\Templates\hekal.exe'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES3.tmp" "%TEMP%\CSC2.tmp"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\3wccjji3.cmdline"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\hekal.bat""
- %TEMP%\CSC2.tmp
- %TEMP%\3wccjji3.out
- %TEMP%\3wccjji3.dll
- %TEMP%\RES3.tmp
- %TEMP%\3wccjji3.cmdline
- %HOMEPATH%\Templates\asem.exe
- %HOMEPATH%\Templates\hekal.exe
- %TEMP%\3wccjji3.0.cs
- %TEMP%\1.tmp\hekal.bat
- %TEMP%\3wccjji3.dll
- %TEMP%\3wccjji3.cmdline
- %TEMP%\3wccjji3.0.cs
- %TEMP%\RES3.tmp
- %TEMP%\CSC2.tmp
- %TEMP%\3wccjji3.out
- 'sa######vice.red-gate.com':80
- 'ma#####o.meximas.com':80
- 'wp#d':80
- ma#####o.meximas.com/c2c5.txt
- wp#d/wpad.dat
- DNS ASK sa######vice.red-gate.com
- DNS ASK ma#####o.meximas.com
- DNS ASK wp#d