Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\startup.vbs
- %WINDIR%\microsoft.net\framework\v4.0.30319\msbuild.exe
- C:\users\public\avast.xml
- %TEMP%\gppuy05y.0.cs
- %TEMP%\gppuy05y.cmdline
- %TEMP%\gppuy05y.out
- %TEMP%\csc51d62c24a35040a38d452fa6135aba59.tmp
- %TEMP%\res72af.tmp
- %TEMP%\gppuy05y.dll
- %TEMP%\res72af.tmp
- %TEMP%\csc51d62c24a35040a38d452fa6135aba59.tmp
- %TEMP%\gppuy05y.dll
- %TEMP%\gppuy05y.pdb
- %TEMP%\gppuy05y.cmdline
- %TEMP%\gppuy05y.0.cs
- %TEMP%\gppuy05y.out
- 'ex#####exe2021.ddns.net':5892
- 'microsoft.com':80
- 'ex#####exe2021.ddns.net':5892
- DNS ASK ex#####exe2021.ddns.net
- DNS ASK microsoft.com
- '%WINDIR%\microsoft.net\framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%TEMP%\gppuy05y.cmdline"' (со скрытым окном)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES72AF.tmp" "%TEMP%\CSC51D62C24A35040A38D452FA6135ABA59.TMP"' (со скрытым окном)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\msbuild.exe' C:\Users\Public\Avast.xml
- '%WINDIR%\microsoft.net\framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%TEMP%\gppuy05y.cmdline"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES72AF.tmp" "%TEMP%\CSC51D62C24A35040A38D452FA6135ABA59.TMP"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\msbuild.exe'