Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WMI Update Service' = 'C:\ProgramData\WMI Services\WmiPrvSvc.exe'
- C:\programdata\wmi services\wmiprvsvc.exe
- %TEMP%\dw.log
- %TEMP%\149bac.dmp
- C:\programdata\wmi services\wmiprvsvc.exe
- 'C:\programdata\wmi services\wmiprvsvc.exe'
- '<SYSTEM32>\schtasks.exe' /create /sc MINUTE /mo 1 /tn "WMI Services" /tr "C:\ProgramData\WMI Services\\WmiPrvSvc.exe" /f' (со скрытым окном)
- '<SYSTEM32>\schtasks.exe' /create /sc MINUTE /mo 1 /tn "WMI Services" /tr "C:\ProgramData\WMI Services\\WmiPrvSvc.exe" /f
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 528