Техническая информация
Вредоносные функции:
Запускает на исполнение:
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BE4FBA79C54E0D0AABAC0FE0FAE5663" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7AA5FC8E8D265687B7D94F5893E0D93B" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DDF16D17EB2EDD5D24E0E0368C125D5" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1561C248300D41006C1B8F2299F038D" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9F6B344F5AE78897F2F058856883119A" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90D5F6DA649B01CE8BF789E524CFF5A4" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6CA574706BC95DFAE9B243A03F9681D9" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5295D0C84EB8CC59A6ABA93460A7BA2F" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49E89C94496A55E39BEDDE10212DBBE6" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3E7D90B2CC18CEBBE11AEAC9A1AD77B1" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E4DC3E26ACB3199DF81297B0FCEFB34" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\595DE193DFF19BF414D66207EA4CD2C5" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53603883B123F7ED43700466268A22F7" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E86EB4C31ABDD316B93CC06800A34612" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1749C6E0C78CE31DA57B169C12A4638" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB3953DE617D6BD6B67D0412AE93BF32" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F6EAF41EBF234D493CB6EE95184D2884" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F5D3B062B4C471CE4ECC4768DB112AEC" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFA9F1DEABD9764F6BE008DCA391182E" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D4F211CD70C5FB9E04559BD309EEE3D5" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C16FF75CE545FEB44619CF12F3CF6B86" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB146B58B63F9238D4B1428AC1C7AE0A" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ABC0785F7515F97B7643D19C5F5966A6" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CD2B44B465D87C47DE2D97C191812180" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA7497550B113F6D5F11E9CD0BD05020" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C17A244537EE999488386E468CB5947F" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B5DD6B4BA986EBA4A98551CC61C0713E" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\466DBF60BC979A84FAF1DAD03DEB91EF" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\29AADD026A9EDE943A8AA410EFEBBB33" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8C28D55EA494E9740B73AEFC7CCDF48C" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B81CE08CDE7D1D645B231854B5307CD5" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C7B8D64DC2C42574C947BB8A9073CF2F" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|UtopicV4|Utopic.Server.Services.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|UtopicV3|Utopic.Server.Services.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|UtopicV3|Utopic.Server.ServiceHost.EXE" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|UtopicV3|Utopic.Server.Contracts.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|UtopicV4|Utopic.Server.ServiceHost.EXE" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|UtopicV4|Utopic.Server.Contracts.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|UtopicV4|StartAgent.exe" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23E4879139E490084907EB78A1FB71D0" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C75BEA197E2A5DC6AE9E39D361BB3FC" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0D6BC7F32009C3242151378DD13B6D84" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2F071A5E7B2BB19392049EAF1C38AB76" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\260659229BE398803483738D9D4059CF" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2533860D2F1F4CBE3CAFC6E0727B1F57" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B99710CE9288EBB3CE974843EB123C8" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\203200215011F11135B1532E65BB9D73" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\168B9DA4DF0597F6F2E27216931F0CFE" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1582A967CF4211A8DDB22DE492321D2F" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07153706062E9A7F6686BDCC57320543" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04FF40A713AD5B9188435A4EBC971BB3" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00A45469F98AF393FB075846ED7FFA39" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1D9CBD80A4F011B44BCAB95F63AEC2CF" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B4B6DD5B-689A-4ABE-9A58-15CC160C17E3}" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{20DDAA92-E9A6-49ED-A3A8-4A01FEBEBB33}" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{06FBD664-79CB-48A9-AF1F-AD0DD3BE19FE}" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C80EC18B-D7ED-46D1-B532-81455B03C75D}" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FA08DB6E-C7BC-4723-9D33-84EA2F6CBD48}" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D46D8B7C-4C2C-4752-9C74-BBA80937FCF2}" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\UAgentService" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Utopic Policy Publisher Version 2" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Utopic Policy Publisher Service" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Utopic Policy Publisher" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Utopic Service Host" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Utopic Service Base" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Utopic Server Framework" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Utopic Policy Publisher Service" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Utopic Policy Publisher" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Utopic Handler Service" /f
- '<SYSTEM32>\mode.com' con: cols=60 lines=19
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Utopic Service Host" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Utopic Server Framework" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Utopic Handler" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Utopic Handler" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Utopic Agent Version 2" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Utopic Agent" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Utopic Agent Service" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Utopic Agent" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Utopic Policy Publisher" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Utopic Handler Service" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Utopic Handler" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Utopic Agent Service" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Utopic Server Framework" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Utopic Policy Publisher Service" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Utopic Policy Publisher" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Utopic Agent" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B5DD6B4BA986EBA4A98551CC61C0713E" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\466DBF60BC979A84FAF1DAD03DEB91EF" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\29AADD026A9EDE943A8AA410EFEBBB33" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UAgentService" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E6BD80AFCB7C3274D93348AEF2C6DB84" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C7B8D64DC2C42574C947BB8A9073CF2F" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Utopic Agent Version 2" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Utopic Agent Service" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Utopic Agent" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Utopic Handler Version 2" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Utopic Handler Service" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Utopic Handler" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\UtopicServiceInstall" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Utopic Agent Version 2" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\UAgentService" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Utopic Service Host" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Utopic Service Base" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Utopic Policy Publisher Version 2" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Utopic Handler Version 2" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|UtopicV3|StartAgent.exe" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Utopic Software|Utopic Agent|System.Management.Automation.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Utopic Software|Utopic Agent|AgentCustomInstallAction.dll" /f
- '<SYSTEM32>\sc.exe' DELETE "Utopic Policy Publisher Service"
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Utopic Software|Utopic Agent|Utopic.Server.Services.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Utopic Software|Utopic Agent|Utopic.Server.ServiceHost.EXE" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Utopic Software|Utopic Agent|Utopic.Server.Contracts.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Utopic Policy Publisher Service" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Utopic Policy Publisher Version 2" /f
- '<SYSTEM32>\sc.exe' DELETE "Utopic Handler Version 2"
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Utopic Handler Version 2" /f
- '<SYSTEM32>\sc.exe' DELETE "Utopic Policy Publisher"
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Utopic Policy Publisher" /f
- '<SYSTEM32>\sc.exe' DELETE "Utopic Policy Publisher Version 2"
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Utopic Agent|Utopic.Server.Contracts.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Utopic Agent|System.Management.Automation.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Utopic Agent|AgentCustomInstallAction.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Utopic Agent|WindowsServiceManager.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Utopic Agent|Utopic.Server.Services.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Utopic Agent|Utopic.Server.ServiceHost.EXE" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Utopic Software|WindowsServiceManager.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Utopic Software|System.Management.Automation.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Utopic Software|AgentCustomInstallAction.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Utopic Software|Utopic Agent|WindowsServiceManager.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Utopic Software|Utopic.Server.Services.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Utopic Software|Utopic.Server.ServiceHost.EXE" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Utopic Software|Utopic.Server.Contracts.dll" /f
- '<SYSTEM32>\net1.exe' stop "Utopic Agent"
- '<SYSTEM32>\net.exe' stop "Utopic Agent"
- '<SYSTEM32>\taskkill.exe' /f /im "iexplore.exe"
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Utopic Agent Version 2" /f
- '<SYSTEM32>\net1.exe' stop "Utopic Agent Version 2"
- '<SYSTEM32>\net.exe' stop "Utopic Agent Version 2"
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings" /f
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v AUOptions /t REG_DWORD /d 4 /f
- '<SYSTEM32>\mode.com' con: cols=75 lines=40
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\batchfile.bat" "
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v IncludeRecommendedUpdates /t REG_DWORD /d 1 /f
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v ScheduledInstallTime /t REG_DWORD /d 4 /f
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v ScheduledInstallDay /t REG_DWORD /d 0 /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Utopic Handler 2" /f
- '<SYSTEM32>\sc.exe' DELETE "Utopic Handler"
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Utopic Handler" /f
- '<SYSTEM32>\sc.exe' DELETE "Utopic Handler Service"
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Utopic Handler Service" /f
- '<SYSTEM32>\sc.exe' DELETE "Utopic Handler 2"
- '<SYSTEM32>\sc.exe' DELETE "Utopic Agent Service"
- '<SYSTEM32>\sc.exe' DELETE "Utopic Agent"
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Utopic Agent" /f
- '<SYSTEM32>\sc.exe' DELETE "Utopic Agent Version 2"
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Utopic Agent Service" /f
- '<SYSTEM32>\sc.exe' DELETE "Utopic Service Host"
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Utopic Service Host" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Utopic|AgentCustomInstallAction.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Utopic Software|Utopic Agent|WindowsServiceManager.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Utopic Software|Utopic Agent|Utopic.Server.Services.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Utopic Software|Utopic Agent|Utopic.Server.ServiceHost.EXE" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Utopic|Utopic Agent|Utopic.Server.Contracts.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Utopic|Utopic Agent|System.Management.Automation.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Utopic|Utopic Agent|AgentCustomInstallAction.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Utopic Software|Utopic Agent|Utopic.Server.Contracts.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Utopic Software|Utopic.Server.Services.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Utopic Software|Utopic.Server.ServiceHost.EXE" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Utopic Software|Utopic.Server.Contracts.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Utopic Software|Utopic Agent|System.Management.Automation.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Utopic Software|Utopic Agent|AgentCustomInstallAction.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Utopic Software|WindowsServiceManager.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Utopic|UAgentCustomInstallAction.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Utopic|Utopic.Server.Services.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Utopic|Utopic.Server.ServiceHost.EXE" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Utopic|UtopicCommon.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Utopic|UtopicAgent.exe" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Utopic|UAgentService.exe" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Utopic|Utopic.Server.PolicyPublisher.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Utopic|Utopic Agent|WindowsServiceManager.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Utopic|Utopic Agent|Utopic.Server.Services.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Utopic|Utopic Agent|Utopic.Server.ServiceHost.EXE" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Utopic|Utopic.Server.Handler.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Utopic|Utopic.Server.Contracts.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Utopic|Utopic.Server.Agent.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|UtopicV4|StartAgent.exe" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|UtopicV3|Utopic.Server.Services.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|UtopicV3|Utopic.Server.ServiceHost.EXE" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|UtopicV4|Utopic.Server.Services.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|UtopicV4|Utopic.Server.ServiceHost.EXE" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|UtopicV4|Utopic.Server.Contracts.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|UtopicV3|Utopic.Server.Contracts.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Utopic|Utopic.Server.ServiceHost.EXE" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Utopic|Utopic.Server.Contracts.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Utopic|System.Management.Automation.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|UtopicV3|StartAgent.exe" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Utopic|WindowsServiceManager.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Program Files|Utopic|Utopic.Server.Services.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8C28D55EA494E9740B73AEFC7CCDF48C" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Products\8C28D55EA494E9740B73AEFC7CCDF48C" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Products\B5DD6B4BA986EBA4A98551CC61C0713E" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Utopic Software|System.Management.Automation.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Utopic Software|AgentCustomInstallAction.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E6BD80AFCB7C3274D93348AEF2C6DB84" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Products\466DBF60BC979A84FAF1DAD03DEB91EF" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Utopic|UtopicAgent.exe" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Utopic|UAgentService.exe" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Utopic|UAgentCustomInstallAction.dll" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Products\29AADD026A9EDE943A8AA410EFEBBB33" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Products\1D9CBD80A4F011B44BCAB95F63AEC2CF" /f
- '<SYSTEM32>\reg.exe' delete "HKEY_CLASSES_ROOT\Installer\Assemblies\C:|Utopic|UtopicCommon.dll" /f
Завершает или пытается завершить
следующие пользовательские процессы:
- iexplore.exe
Изменения в файловой системе:
Создает следующие файлы:
- %TEMP%\1.tmp\batchfile.bat
Другое:
Ищет следующие окна:
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''
