Техническая информация
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'IE' = '%PROGRAMDATA%\IExplore.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'IE' = '%APPDATA%\IExplore.exe'
- %PROGRAMDATA%\iexplore.exe
- %APPDATA%\iexplore.exe
- %TEMP%\ysr6eq3j.0.cs
- %TEMP%\ysr6eq3j.cmdline
- %TEMP%\ysr6eq3j.out
- %TEMP%\csc511f.tmp
- %TEMP%\res5120.tmp
- %TEMP%\ysr6eq3j.dll
- %TEMP%\res5120.tmp
- %TEMP%\csc511f.tmp
- %TEMP%\ysr6eq3j.cmdline
- %TEMP%\ysr6eq3j.out
- %TEMP%\ysr6eq3j.dll
- %TEMP%\ysr6eq3j.0.cs
- '20#.#91.230.85':443
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\ysr6eq3j.cmdline"' (со скрытым окном)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES5120.tmp" "%TEMP%\CSC511F.tmp"' (со скрытым окном)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\ysr6eq3j.cmdline"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES5120.tmp" "%TEMP%\CSC511F.tmp"