Техническая информация
- '<SYSTEM32>\reg.exe' ADD "HKLM\SYSTEM\ControlSet001\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}" /f /v "UpperFilters" /T REG_MULTI_SZ /D "PartMgr"
- '<SYSTEM32>\reg.exe' delete "HKLM\SYSTEM\ControlSet001\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}" /v "UpperFilters" /f
- '<SYSTEM32>\reg.exe' delete "HKLM\SYSTEM\ControlSet001\Control\Class\{1860459D-4692-4825-B761-44A725991050}" /f
- '<SYSTEM32>\reg.exe' delete "HKLM\SOFTWARE\Acronis" /f
- '<SYSTEM32>\reg.exe' delete "HKCU\SOftware\Acronis" /f
- '<SYSTEM32>\reg.exe' delete "HKLM\SYSTEM\ControlSet001\Services\arsm" /f
- '<SYSTEM32>\shutdown.exe' -f -r -t 00
- '<SYSTEM32>\reg.exe' delete "HKLM\SYSTEM\ControlSet001\Services\mms" /f
- '<SYSTEM32>\reg.exe' delete "HKLM\SYSTEM\ControlSet001\Services\snapman" /f
- '<SYSTEM32>\reg.exe' delete "HKLM\SYSTEM\ControlSet001\Services\fltsrv" /f
- '<SYSTEM32>\net1.exe' stop mms
- '<SYSTEM32>\net.exe' stop arsm
- '<SYSTEM32>\net.exe' stop mms
- '<SYSTEM32>\sc.exe' delete snapman
- '<SYSTEM32>\sc.exe' delete fltsrv
- '<SYSTEM32>\sc.exe' delete mms
- '<SYSTEM32>\sc.exe' delete arsm
- '<SYSTEM32>\taskkill.exe' /f /im arsm.exe /t
- '<SYSTEM32>\net1.exe' stop arsm
- '<SYSTEM32>\taskkill.exe' /f /im mms.exe /t
- %TEMP%\2784EVH1.bat
- %TEMP%\2784EVH1.bat
- %TEMP%\2784EVH1.bat
- ClassName: '(null)' WindowName: '(null)'