Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\sppsvc] 'Start' = '00000002'
- %TEMP%\rarsfx0\activate7.exe
- %TEMP%\rarsfx0\bootinst.exe
- %TEMP%\rarsfx0\cert.xrm-ms
- %TEMP%\rarsfx0\grldr
- %TEMP%\rarsfx0\install.cmd
- nul
- %TEMP%\diskpartscript.txt
- %TEMP%\foundvolumes.txt
- %TEMP%\diskpartmountscript.txt
- %TEMP%\diskpartunmountscript.txt
- z:\grldr
- z:\grldr
- %TEMP%\diskpartmountscript.txt
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'MS_WINHELP' WindowName: ''
- '%TEMP%\rarsfx0\activate7.exe'
- '%TEMP%\rarsfx0\bootinst.exe' /nt60 Z
- '%WINDIR%\syswow64\cmd.exe' /c install.cmd' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c install.cmd
- '%WINDIR%\syswow64\sc.exe' config sppsvc start= Auto
- '%WINDIR%\syswow64\net.exe' start sppsvc
- '%WINDIR%\syswow64\net1.exe' start sppsvc
- '%WINDIR%\syswow64\diskpart.exe' /S "%TEMP%\DISKPARTSCRIPT.TXT"
- '<SYSTEM32>\vds.exe'
- '%WINDIR%\syswow64\cmd.exe' /c FindStr /C:"System Rese" "%TEMP%\FOUNDVOLUMES.TXT"
- '%WINDIR%\syswow64\findstr.exe' /C:"System Rese" "%TEMP%\FOUNDVOLUMES.TXT"
- '%WINDIR%\syswow64\diskpart.exe' /S "%TEMP%\DISKPARTMOUNTSCRIPT.TXT"
- '%WINDIR%\syswow64\cscript.exe' <SYSTEM32>\slmgr.vbs -ipk 22TKD-F8XX6-YG69F-9M66D-PMJBM
- '%WINDIR%\syswow64\cscript.exe' <SYSTEM32>\slmgr.vbs -ilc "Cert.xrm-ms"
- '%WINDIR%\syswow64\attrib.exe' Z:\GRLDR -h -s -r
- '%WINDIR%\syswow64\attrib.exe' "Z:\grldr" +h +s +r
- '%WINDIR%\syswow64\shutdown.exe' /R /T 00