Техническая информация
- '%TEMP%\nsd6.tmp\ns7.tmp' "cmd.exe" /c regsvr32 /s /u "<Текущая директория>\calext.dll"
- '%TEMP%\~nsu.tmp\Au_.exe' _?=<Текущая директория>\
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\regsvr32.exe' /s /u "<Текущая директория>\calext.dll"
- %TEMP%\nsd6.tmp\nsExec.dll
- %TEMP%\nsd6.tmp\ns7.tmp
- %TEMP%\nsd6.tmp\System.dll
- %TEMP%\nsa2.tmp
- %TEMP%\~nsu.tmp\Au_.exe
- %TEMP%\nsh4.tmp
- %TEMP%\nsd6.tmp\ns7.tmp
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- ClassName: '#32770' WindowName: ''
- ClassName: 'SysListView32' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'TheCalendarOfXiaoxian' WindowName: ''