Техническая информация
- Компонент восстановления системы (SR)
- <SYSTEM32>\vssvc.exe
- %WINDIR%\logs\windowsbackup\wbadmin.0.etl
- C:\readme.txt
- C:\id.key
- C:\msocache\all users\{90140000-0011-0000-0000-0000000ff1ce}-c\readme.txt
- D:\readme.txt
- D:\id.key
- C:\msocache\all users\{90140000-0011-0000-0000-0000000ff1ce}-c\id.key
- %WINDIR%\logs\windowsbackup\wbadmin.3.etl
- %WINDIR%\logs\windowsbackup\wbadmin.0.etl в %WINDIR%\logs\windowsbackup\wbadmin.1.etl
- %WINDIR%\logs\windowsbackup\wbadmin.1.etl в %WINDIR%\logs\windowsbackup\wbadmin.2.etl
- %WINDIR%\logs\windowsbackup\wbadmin.2.etl в %WINDIR%\logs\windowsbackup\wbadmin.3.etl
- %WINDIR%\logs\windowsbackup\wbadmin.0.etl
- %WINDIR%\logs\windowsbackup\wbadmin.1.etl
- %WINDIR%\logs\windowsbackup\wbadmin.2.etl
- %WINDIR%\logs\windowsbackup\wbadmin.3.etl
- '<LOCALNET>.15.1':445
- '<LOCALNET>.15.1':139
- '<SYSTEM32>\wbem\wmic.exe' SHADOWCOPY /nointeractive
- '<SYSTEM32>\wbadmin.exe' DELETE SYSTEMSTATEBACKUP
- '<SYSTEM32>\wbadmin.exe' DELETE SYSTEMSTATEBACKUP -deleteOldest
- '<SYSTEM32>\bcdedit.exe' /set {default} bootstatuspolicy ignoreallfailures
- '<SYSTEM32>\vssvc.exe'
- '<SYSTEM32>\svchost.exe' -k swprv