Техническая информация
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'SAMAgent' = '<Текущая директория>\SAMAgent.exe'
- %TEMP%\a8cpsvrv.0.cs
- %TEMP%\a8cpsvrv.cmdline
- %TEMP%\a8cpsvrv.out
- %TEMP%\csc3f1e.tmp
- %TEMP%\res3f3e.tmp
- %TEMP%\a8cpsvrv.dll
- %PROGRAMDATA%\global symphony services\samagent\data\logs\traceb.log
- %TEMP%\res3f3e.tmp
- %TEMP%\csc3f1e.tmp
- %TEMP%\a8cpsvrv.dll
- %TEMP%\a8cpsvrv.cmdline
- %TEMP%\a8cpsvrv.0.cs
- %TEMP%\a8cpsvrv.out
- http://oc##.#tartssl.com/sub/class2/code/ca/MEMwQTA%2FMD0wOzAJBgUrDgMCGgUABBQSOgrhRCSnWfKxoWTjWxhk8hga9AQU0E4PQJlsuEsZbzsouODjiAc0qrcCAhAV
- DNS ASK oc##.#tartssl.com
- '%WINDIR%\microsoft.net\framework\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\a8cpsvrv.cmdline"' (со скрытым окном)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES3F3E.tmp" "%TEMP%\CSC3F1E.tmp"' (со скрытым окном)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\a8cpsvrv.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES3F3E.tmp" "%TEMP%\CSC3F1E.tmp"