Техническая информация
- <SYSTEM32>\svchost.exe
- '<SYSTEM32>\wbem\wmic.exe' /namespace:\\root\subscription PATH __FilterToConsumerBinding WHERE "Filter='__EventFilter.Name=\'EFohvps\''" delete' (со скрытым окном)
- '<SYSTEM32>\wbem\wmic.exe' /namespace:\\root\subscription PATH __EventFilter WHERE "Name='EFohvps'" delete' (со скрытым окном)
- '<SYSTEM32>\wbem\wmic.exe' /namespace:\\root\subscription PATH ActiveScriptEventConsumer WHERE "Name='ASECohvps'" delete' (со скрытым окном)
- '<SYSTEM32>\wbem\wmic.exe' /namespace:\\root\subscription PATH __TimerInstruction WHERE "TimerId='TIohvps'" delete' (со скрытым окном)
- '<SYSTEM32>\svchost.exe'
- '<SYSTEM32>\wbem\wmic.exe' /namespace:\\root\subscription PATH __FilterToConsumerBinding WHERE "Filter='__EventFilter.Name=\'EFohvps\''" delete
- '<SYSTEM32>\wbem\wmic.exe' /namespace:\\root\subscription PATH __EventFilter WHERE "Name='EFohvps'" delete
- '<SYSTEM32>\wbem\wmic.exe' /namespace:\\root\subscription PATH ActiveScriptEventConsumer WHERE "Name='ASECohvps'" delete
- '<SYSTEM32>\wbem\wmic.exe' /namespace:\\root\subscription PATH __TimerInstruction WHERE "TimerId='TIohvps'" delete