Техническая информация
- %TEMP%\eygtnym4.0.cs
- %TEMP%\eygtnym4.cmdline
- %TEMP%\eygtnym4.out
- %TEMP%\eygtnym4.pdb
- %TEMP%\CSC1.tmp
- %TEMP%\RES2.tmp
- %TEMP%\eygtnym4.dll
- %APPDATA%\yAzURRCgDCTX.exe
- %APPDATA%\SubDir\muttexxx
- %APPDATA%\Microsoft\Protect\CREDHIST
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\ec702f375e1b12d218f67ab9ef19ca23_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\517D9D\DE2515.lck
- %APPDATA%\517D9D\DE2515.exe
- %TEMP%\RES2.tmp
- %TEMP%\CSC1.tmp
- %TEMP%\eygtnym4.0.cs
- %TEMP%\eygtnym4.pdb
- %TEMP%\eygtnym4.dll
- %TEMP%\eygtnym4.cmdline
- %TEMP%\eygtnym4.out
- %APPDATA%\517D9D\DE2515.lck
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\ec702f375e1b12d218f67ab9ef19ca23_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\yAzURRCgDCTX.exe в %APPDATA%\517D9D\DE2515.exe
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\ec702f375e1b12d218f67ab9ef19ca23_23ef5514-3059-436f-a4a7-4cefaab20eb1
- 'ac#.##asrglobal.com':80
- http://ac#.##asrglobal.com/ken/Panel/five/fre.php
- DNS ASK ac#.##asrglobal.com
- '%APPDATA%\yAzURRCgDCTX.exe'
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%TEMP%\eygtnym4.cmdline"
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2.tmp" "%TEMP%\CSC1.tmp"