Техническая информация
- %TEMP%\RES2.tmp
- %APPDATA%\Microsoft\Windows Defender\CSC1.tmp
- %TEMP%\udd43oef.out
- %TEMP%\3A123.dmp
- %TEMP%\dw.log
- %APPDATA%\Microsoft\Windows Defender\defender.exe
- %ProgramFiles%\Games\vid.sfx.exe
- %ProgramFiles%\Games\client1.exe
- %ProgramFiles%\Games\hacked.bat
- %TEMP%\udd43oef.cmdline
- %TEMP%\udd43oef.0.cs
- C:\program\vid.exe
- %APPDATA%\Microsoft\Windows Defender\defender.exe
- %TEMP%\udd43oef.out
- %TEMP%\udd43oef.cmdline
- %TEMP%\udd43oef.0.cs
- %TEMP%\RES2.tmp
- %APPDATA%\Microsoft\Windows Defender\CSC1.tmp
- ClassName: 'EDIT' WindowName: ''
- 'C:\program\vid.exe'
- '%ProgramFiles%\Games\vid.sfx.exe' -p123 -d%ProgramFiles%\games
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2.tmp" "%APPDATA%\Microsoft\Windows Defender\CSC1.tmp"
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 432
- '<SYSTEM32>\cmd.exe' /c ""%ProgramFiles%\Games\hacked.bat" "
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%TEMP%\udd43oef.cmdline"