Техническая информация
- '<SYSTEM32>\consent.exe' 892 312 012E0870
- '<SYSTEM32>\sysprep\sysprep.exe'
- '<SYSTEM32>\schtasks.exe' /delete /f /TN "Microsoft\Windows\Customer Experience Improvement Program\Uploader"
- '<SYSTEM32>\wsqmcons.exe'
- '<SYSTEM32>\wbem\WMIADAP.EXE' /F /T /R
- '<SYSTEM32>\consent.exe' 892 220 01325D98
- '<SYSTEM32>\DllHost.exe' /Processid:{3AD05575-8857-4850-9277-11B85BDB8E09}
- '<SYSTEM32>\DllHost.exe' /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
- %WINDIR%\Explorer.EXE
- <LS_APPDATA>\index.dat
- <SYSTEM32>\shnvf.dll
- <SYSTEM32>\LogFiles\Scm\7deaa648-753f-402b-90a6-05b6c1ad0f53
- C:\ProgramData\Microsoft\RAC\Temp\sql277C.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sql279D.tmp
- <SYSTEM32>\sysprep\Panther\setupact.log
- %TEMP%\ms_656.tmp
- %TEMP%\~tenvctm.tmp-t
- %TEMP%\~tenvctm.tmp
- <SYSTEM32>\sysprep\Panther\diagwrn.xml
- <SYSTEM32>\sysprep\Panther\diagerr.xml
- <SYSTEM32>\sysprep\CRYPTBASE.dll
- <SYSTEM32>\shnvf.dll
- C:\ProgramData\Microsoft\RAC\Temp\sql277C.tmp
- <SYSTEM32>\Tasks\Microsoft\Windows Defender\MP Scheduled Scan
- C:\ProgramData\Microsoft\RAC\Temp\sql279D.tmp
- <SYSTEM32>\sysprep\CRYPTBASE.dll
- %TEMP%\~tenvctm.tmp