Техническая информация
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- %TEMP%\n3fpmgi4.0.cs
- %TEMP%\n3fpmgi4.cmdline
- %TEMP%\n3fpmgi4.out
- %TEMP%\csc452.tmp
- %TEMP%\res463.tmp
- %TEMP%\n3fpmgi4.dll
- %TEMP%\sapha-machine-admins-job-20200827-133704.log
- %TEMP%\res463.tmp
- %TEMP%\csc452.tmp
- %TEMP%\n3fpmgi4.0.cs
- %TEMP%\n3fpmgi4.cmdline
- %TEMP%\n3fpmgi4.dll
- %TEMP%\n3fpmgi4.pdb
- %TEMP%\n3fpmgi4.out
- http://pk#.#evecek.com/CA/Sevecek%20Enterprise%20Root%20CA(1).crt
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK pk#.#evecek.com
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\n3fpmgi4.cmdline"' (со скрытым окном)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES463.tmp" "%TEMP%\CSC452.tmp"' (со скрытым окном)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\n3fpmgi4.cmdline"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES463.tmp" "%TEMP%\CSC452.tmp"