Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows host process' = '%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe'
- %APPDATA%\microsoft\windows\start menu\programs\startup\microsoft corporation.exe
- %TEMP%\_mei27962\startup.exe.manifest
- %TEMP%\_mei27962\vcruntime140.dll
- %TEMP%\_mei27962\_bz2.pyd
- %TEMP%\_mei27962\_hashlib.pyd
- %TEMP%\_mei27962\_lzma.pyd
- %TEMP%\_mei27962\_socket.pyd
- %TEMP%\_mei27962\_ssl.pyd
- %TEMP%\_mei27962\libcrypto-1_1.dll
- %TEMP%\_mei27962\libssl-1_1.dll
- %TEMP%\_mei27962\pyexpat.pyd
- %TEMP%\_mei27962\python37.dll
- %TEMP%\_mei27962\select.pyd
- %TEMP%\_mei27962\unicodedata.pyd
- %TEMP%\_mei27962\microsoft corporation.exe
- %TEMP%\_mei27962\base_library.zip
- %TEMP%\_mei27962\base_library.zip
- %TEMP%\_mei27962\libcrypto-1_1.dll
- %TEMP%\_mei27962\libssl-1_1.dll
- %TEMP%\_mei27962\microsoft corporation.exe
- %TEMP%\_mei27962\pyexpat.pyd
- %TEMP%\_mei27962\python37.dll
- %TEMP%\_mei27962\select.pyd
- %TEMP%\_mei27962\startup.exe.manifest
- %TEMP%\_mei27962\unicodedata.pyd
- %TEMP%\_mei27962\vcruntime140.dll
- %TEMP%\_mei27962\_bz2.pyd
- %TEMP%\_mei27962\_hashlib.pyd
- %TEMP%\_mei27962\_lzma.pyd
- %TEMP%\_mei27962\_socket.pyd
- %TEMP%\_mei27962\_ssl.pyd