Technical Information
- '%TEMP%\start.exe'
- '%TEMP%\CL_Debug_Log.txt' e -p"jDWQJkdqkwdqo2m@mdwmsxPAS,sq%" CR_Debug_Log.txt
- '%TEMP%\setup.exe' -p12345
- '%TEMP%\install.exe'
- '<SYSTEM32>\cmd.exe' /c start.bat
- '<SYSTEM32>\schtasks.exe' /Create /XML "SystemCheck.xml" /TN "System\SystemCheck"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\autorun.bat" "
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\update.bat" "
- %APPDATA%\Uninstall.exe
- %APPDATA%\Uninstall.ini
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\aut1.tmp
- %TEMP%\install.exe
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- '19#.#24.119.142':26123
- 'wp#d':80
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK wp#d
- ClassName: 'EDIT' WindowName: ''