Technical Information
- '<Current directory>\resonance\rkill.exe' -w <Current directory>\resonance\rkill_wl.txt
- iexplore.exe
- safari.exe
- chrome.exe
- firefox.exe
- %TEMP%\_MEI28162\select.pyd
- %TEMP%\_MEI28162\unicodedata.pyd
- %TEMP%\_MEI28162\msvcr90.dll
- %TEMP%\_MEI28162\python27.dll
- <Current directory>\resonance\rkill.exe
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\3C83474D61E624A4F9844DF935AFE217
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\3C83474D61E624A4F9844DF935AFE217
- <Current directory>\resonance\rkill_wl.txt
- %HOMEPATH%\Desktop\Rkill.txt
- %TEMP%\_MEI28162\_hashlib.pyd
- %TEMP%\_MEI28162\_socket.pyd
- %TEMP%\_MEI28162\Microsoft.VC90.CRT.manifest
- %TEMP%\_MEI28162\_ctypes.pyd
- %TEMP%\_MEI28162\_ssl.pyd
- %TEMP%\_MEI28162\msvcm90.dll
- %TEMP%\_MEI28162\msvcp90.dll
- %TEMP%\_MEI28162\bz2.pyd
- %TEMP%\_MEI28162\main.exe.manifest
- '20#.#6.232.182':80
- 'wp#d':80
- http://crl.microsoft.com/pki/crl/products/WindowsPCA.crl via 20#.#6.232.182
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK crl.microsoft.com
- DNS ASK wp#d