Техническая информация
- '%TEMP%\nsz2.tmp\ns4.tmp' wmic product where name="¤е®СЅsїи-¤Ѕ¤е»s§@ЁtІО" call uninstall
- '<SYSTEM32>\msiexec.exe' /V
- '%TEMP%\nsz2.tmp\ns3.tmp' taskkill /im "Comp.exe" /f
- '<SYSTEM32>\taskkill.exe' /im "Comp.exe" /f
- <SYSTEM32>\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9
- <Текущая директория>\TempWmicBatchFile.bat
- <SYSTEM32>\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9
- <SYSTEM32>\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD
- <SYSTEM32>\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD
- %TEMP%\nsz2.tmp\ns3.tmp
- %TEMP%\nsz2.tmp\nsExec.dll
- %TEMP%\nsz2.tmp\ns4.tmp
- <SYSTEM32>\wbem\AutoRecover\23BDE61F1F4FACE17E9B0C01F2A1FD9B.mof
- <SYSTEM32>\wbem\AutoRecover\C8463ECBE33BC240263A0B094E46D510.mof
- %TEMP%\tmp6.tmp
- %TEMP%\tmp7.tmp
- %TEMP%\nsz2.tmp\ns3.tmp
- %TEMP%\tmp5.tmp
- '20#.#6.232.182':80
- 'wp#d':80
- http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl via 20#.#6.232.182
- http://crl.microsoft.com/pki/crl/products/CSPCA.crl via 20#.#6.232.182
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK crl.microsoft.com
- DNS ASK wp#d
- ClassName: 'SysListView32' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '#32770' WindowName: ''