Technical Information
- '%WINDIR%\syswow64\taskkill.exe' /F /IM WmiPrvSE.exe
- <SYSTEM32>\wbem\wmiprvse.exe
- %WINDIR%\addins\1.bat
- %WINDIR%\addins\1.exe
- %WINDIR%\addins\isr.sys
- %WINDIR%\addins\windos.exe
- %WINDIR%\addins\1.bat
- %WINDIR%\addins\1.exe
- %WINDIR%\addins\isr.sys
- %WINDIR%\addins\windos.exe
- %WINDIR%\addins\1.bat
- %WINDIR%\addins\1.exe
- %WINDIR%\addins\isr.sys
- %WINDIR%\addins\windos.exe
- ClassName: '' WindowName: ''
- '%WINDIR%\addins\windos.exe' isr.sys
- '%WINDIR%\syswow64\cmd.exe' /c %WINDIR%\addins\1.bat' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c %WINDIR%\addins\1.bat
- '%WINDIR%\syswow64\powercfg.exe' /h off