Техническая информация
- '<SYSTEM32>\ping.exe' 127.0.0.1
- '<SYSTEM32>\msiexec.exe' /I "rms.host6.3ru_mod.msi" /qn
- '<SYSTEM32>\msiexec.exe' -Embedding 2715D9DC1253BA34C1D0C086714DA0F3
- '<SYSTEM32>\msiexec.exe' /x {54067864-C0E7-47DB-A0C1-D6C874CE6BD8} /qn REBOOT=ReallySuppress
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\FENIX.bat" "
- '<SYSTEM32>\msiexec.exe' /x {61FFA475-24D5-44FB-A51F-39B699E3D82C} /qn REBOOT=ReallySuppress
- '<SYSTEM32>\msiexec.exe' /V
- %TEMP%\Cab2.tmp
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
- %WINDIR%\Installer\MSI8.tmp
- %TEMP%\Cab6.tmp
- %TEMP%\Cab4.tmp
- %WINDIR%\28122008.txt
- %TEMP%\1.tmp\rms.host6.3ru_mod.msi
- %TEMP%\1.tmp\FENIX.bat
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
- %WINDIR%\Installer\3c3af.msi
- %TEMP%\Cab6.tmp
- %TEMP%\Cab4.tmp
- %TEMP%\Cab2.tmp
- 'sv.##mcb.com':80
- 'www.download.windowsupdate.com':80
- 'wp#d':80
- http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
- http://sv.##mcb.com/sv.crt
- http://11#.#11.111.1/wpad.dat via wp#d
- http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
- DNS ASK sv.##mcb.com
- DNS ASK www.download.windowsupdate.com
- DNS ASK wp#d