Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\msvchost.url
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2.tmp" "%TEMP%\CSC1.tmp"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\hnzecoil.cmdline"
- %TEMP%\hnzecoil.dll
- %TEMP%\RES2.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\bot[1].htm
- %APPDATA%\FlashPlayer\msvchost.exe
- %TEMP%\hnzecoil.cmdline
- %TEMP%\hnzecoil.0.cs
- %TEMP%\CSC1.tmp
- %TEMP%\hnzecoil.out
- %TEMP%\hnzecoil.out
- %TEMP%\hnzecoil.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\bot[1].htm
- %TEMP%\hnzecoil.cmdline
- %TEMP%\RES2.tmp
- %TEMP%\CSC1.tmp
- %TEMP%\hnzecoil.0.cs
- '37.##.125.145':80
- 37.##.125.145/eeph3opi4ia3Mie/X123/bot.php