Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WmiPrvSE] 'ImagePath' = '"%WINDIR%\wmi\srvany.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\WmiPrvSE] 'Start' = '00000002'
- %WINDIR%\wmi\msvcr120.dll
- %WINDIR%\wmi\OpenCL.dll
- %WINDIR%\wmi\Qt5Core.dll
- %WINDIR%\wmi\cudart64_75.dll
- %WINDIR%\wmi\libeay32.dll
- %WINDIR%\wmi\msvcp120.dll
- %WINDIR%\wmi\Qt5Gui.dll
- %WINDIR%\wmi\Run.exe
- %WINDIR%\wmi\Settings.exe
- %WINDIR%\wmi\service.reg
- %WINDIR%\wmi\Qt5Network.dll
- %WINDIR%\wmi\Qt5WebSockets.dll
- %WINDIR%\wmi\Qt5Widgets.dll
- %TEMP%\$inst\0001.tmp
- C:\ProgramData\Windows\1234.bat
- %ProgramFiles%\Microsoft\wmiprvse\Uninstall.exe
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- C:\ProgramData\Windows\wmi.exe
- %ProgramFiles%\Microsoft\wmiprvse\Uninstall.ini
- %WINDIR%\wmi\WmiPrvSE.exe
- %WINDIR%\wmi\platforms\qwindows.dll
- %WINDIR%\wmi\1.vbs
- %WINDIR%\wmi\srvany.exe
- %WINDIR%\wmi\ssleay32.dll
- %WINDIR%\wmi\vccorlib120.dll
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\0001.tmp
- %TEMP%\$inst\temp_0.tmp
- ClassName: 'EDIT' WindowName: ''
- 'C:\ProgramData\Windows\wmi.exe' -p050744
- '<SYSTEM32>\cmd.exe' /c ""C:\ProgramData\Windows\1234.bat" "