Техническая информация
- %TEMP%\config.bat
- %WINDIR%\Fonts\System\svchost.exe
- %WINDIR%\Fonts\svchost.exe
- %WINDIR%\Fonts\TimesAir.ttf
- %WINDIR%\Fonts\SystemF5X9.exe
- %TEMP%\1.tmp\1.vbs
- %TEMP%\1.tmp\ovinl.exe
- %TEMP%\1.tmp\m86.exe
- %TEMP%\1.tmp\m64.exe
- %TEMP%\1.tmp\inver.txt
- %TEMP%\1.tmp\486.exe
- %TEMP%\1.tmp\464.exe
- %TEMP%\1.tmp\386.exe
- <SYSTEM32>\service.exe
- %TEMP%\1.tmp\364.exe
- %TEMP%\1.tmp\264.exe
- %TEMP%\1.tmp\186.exe
- %TEMP%\1.tmp\164.exe
- %TEMP%\1.tmp\4.vbs
- %TEMP%\1.tmp\3.vbs
- %TEMP%\1.tmp\2.vbs
- %TEMP%\1.tmp\2.bat
- %TEMP%\me_core.dll
- %TEMP%\ME.exe
- %TEMP%\MacrosEffects.v1.9.beta.exe
- %TEMP%\param.vbs
- %TEMP%\ME_v1.9.exe
- %TEMP%\1.tmp\286.exe
- %WINDIR%\Fonts\taskmgr.exe
- ClassName: 'EDIT' WindowName: ''
- '<SYSTEM32>\wscript.exe' "%TEMP%\param.vbs"
- '%TEMP%\ME_v1.9.exe' -pMamBAhUYAmba -d%HOMEPATH%\Local Settings\Temp
- '%TEMP%\MacrosEffects.v1.9.beta.exe'
- '%TEMP%\ME.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\config.bat" "
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\2.bat" %TEMP%\MacrosEffects.v1.9.beta.exe"
- '<SYSTEM32>\sc.exe' stop PcaSvc
- '<SYSTEM32>\schtasks.exe' /create /ru "SYSTEM" /sc onstart /tn "MicrosoftUpdate" /tr "%WINDIR%\Fonts\svchost.exe" /f