Техническая информация
- '<SYSTEM32>\wsqmcons.exe'
- '<SYSTEM32>\rundll32.exe' dfdts.dll,DfdGetDefaultPolicyAndSMART
- '<SYSTEM32>\schtasks.exe' /delete /f /TN "Microsoft\Windows\Customer Experience Improvement Program\Uploader"
- '<SYSTEM32>\sc.exe' start w32time task_started
- '<SYSTEM32>\sdclt.exe' /CONFIGNOTIFICATION
- '<SYSTEM32>\taskhost.exe' $(Arg0)
- <SYSTEM32>\cmd.exe
- %WINDIR%\Explorer.EXE
- C:\ProgramData\Microsoft\RAC\Temp\sqlCDE9.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sqlCD7B.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sqlCD7B.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sqlCDE9.tmp
- <SYSTEM32>\Tasks\Microsoft\Windows Defender\MP Scheduled Scan
- '21#.#08.252.185':80
- 'pr####.fling.com':80
- 21#.#08.252.185/5699002-2F6F334BF9ACF1B2401D3874A5B0C048/counter.img?th###############################
- pr####.fling.com/geo/txt/city.php
- DNS ASK ��#��
- DNS ASK ti##.#indows.com
- DNS ASK ��#Y',�
- DNS ASK pr####.fling.com
- 'ti##.#indows.com':123
- '8.#.8.8':60313