Техническая информация
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- %TEMP%\qc1jzgpy.0.cs
- %TEMP%\qc1jzgpy.cmdline
- %TEMP%\qc1jzgpy.out
- %TEMP%\cscc387.tmp
- %TEMP%\resc397.tmp
- %TEMP%\qc1jzgpy.dll
- C:\systeminfologs\senseomslistener.txt
- C:\systeminfologs\ifeo.txt
- C:\systeminfologs\sessionmanager.txt
- C:\systeminfologs\addremoveprograms.csv
- C:\systeminfologs\addremoveprogramswow64.csv
- %TEMP%\resc397.tmp
- %TEMP%\cscc387.tmp
- %TEMP%\qc1jzgpy.0.cs
- %TEMP%\qc1jzgpy.dll
- %TEMP%\qc1jzgpy.pdb
- %TEMP%\qc1jzgpy.cmdline
- %TEMP%\qc1jzgpy.out
- http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab
- DNS ASK microsoft.com
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\qc1jzgpy.cmdline"' (со скрытым окном)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESC397.tmp" "%TEMP%\CSCC387.tmp"' (со скрытым окном)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\qc1jzgpy.cmdline"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESC397.tmp" "%TEMP%\CSCC387.tmp"
- '<SYSTEM32>\netsh.exe' winhttp show proxy
- '<SYSTEM32>\logman.exe' SenseOms -ets