Technical Information
- <Drive name for removable media>:\189037d8-d540-48fe-86dd-2967eef529bc.tmp.exe
- '%WINDIR%\syswow64\taskkill.exe' /F /IM wscript.exe
- '%WINDIR%\syswow64\taskkill.exe' /F /IM cmd.exe
- C:\189037d8-d540-48fe-86dd-2967eef529bc.tmp.exe
- D:\189037d8-d540-48fe-86dd-2967eef529bc.tmp.exe
- %TEMP%\189037d8-d540-48fe-86dd-2967eef529bc.tmp.exe
- 'microsoft.com':80
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK microsoft.com
- ClassName: '' WindowName: ''
- '%TEMP%\189037d8-d540-48fe-86dd-2967eef529bc.tmp.exe'
- '%WINDIR%\syswow64\taskkill.exe' /F /IM cmd.exe' (with hidden window)
- '%WINDIR%\syswow64\taskkill.exe' /F /IM wscript.exe' (with hidden window)