Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '509fd79f9ade3c32c315d2ac916e598f' = '%TEMP%\509fd79f9ade3c32c315d2ac916e598f.exe'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP13\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP13\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP12\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP14\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP14\RestorePointSize
- %TEMP%\nsm3.tmp\bidets.dll
- %TEMP%\synchrotron\bidets.tvp
- %TEMP%\nsa2.tmp
- %TEMP%\509fd79f9ade3c32c315d2ac916e598f.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP12\rp.log
- %TEMP%\509fd79f9ade3c32c315d2ac916e598f1.txt
- %TEMP%\ec925f3b
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- %TEMP%\nsm3.tmp\bidets.dll
- ClassName: 'Indicator' WindowName: ''