Техническая информация
- <SYSTEM32>\cmd.exe
- %TEMP%\x1aoycpj.0.cs
- %TEMP%\x1aoycpj.cmdline
- %TEMP%\x1aoycpj.out
- %TEMP%\csc7cbccc4334aa4fd2bcc88ebf4260cd2e.tmp
- %TEMP%\resb5e9.tmp
- %TEMP%\x1aoycpj.dll
- %TEMP%\resb5e9.tmp
- %TEMP%\csc7cbccc4334aa4fd2bcc88ebf4260cd2e.tmp
- %TEMP%\x1aoycpj.0.cs
- %TEMP%\x1aoycpj.dll
- %TEMP%\x1aoycpj.out
- %TEMP%\x1aoycpj.cmdline
- '10#.#60.68.185':443
- '%WINDIR%\microsoft.net\framework64\v4.0.30319\csc.exe' /noconfig /fullpaths @"%TEMP%\x1aoycpj.cmdline"' (со скрытым окном)
- '%WINDIR%\microsoft.net\framework64\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESB5E9.tmp" "%TEMP%\CSC7CBCCC4334AA4FD2BCC88EBF4260CD2E.TMP"' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' ' (со скрытым окном)
- '%WINDIR%\microsoft.net\framework64\v4.0.30319\csc.exe' /noconfig /fullpaths @"%TEMP%\x1aoycpj.cmdline"
- '%WINDIR%\microsoft.net\framework64\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESB5E9.tmp" "%TEMP%\CSC7CBCCC4334AA4FD2BCC88EBF4260CD2E.TMP"
- '<SYSTEM32>\cmd.exe'