Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Windows' = '%TEMP%\svshost.exe'
- '<SYSTEM32>\schtasks.exe' /delete /f /TN "Microsoft\Windows\Customer Experience Improvement Program\Uploader"
- '<SYSTEM32>\conhost.exe'
- '<SYSTEM32>\wsqmcons.exe'
- '<SYSTEM32>\sdclt.exe' /CONFIGNOTIFICATION
- '<SYSTEM32>\taskhost.exe' $(Arg0)
- %HOMEPATH%\System32.ini
- %TEMP%\TMP456.dll
- C:\ProgramData\Microsoft\RAC\Temp\sqlE3F8.tmp
- <SYSTEM32>\LogFiles\Scm\5f6a0792-0df2-497a-8dcd-1951a84493cf
- C:\ProgramData\Microsoft\RAC\Temp\sqlE495.tmp
- %TEMP%\TMP654.dll
- %TEMP%\844716.627055676
- %TEMP%\autB8B3.tmp
- %TEMP%\svshost.exe
- %TEMP%\4991152.60244
- %TEMP%\autC763.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sqlE495.tmp
- %TEMP%\4991152.60244
- <SYSTEM32>\Tasks\Microsoft\Windows Defender\MP Scheduled Scan
- C:\ProgramData\Microsoft\RAC\Temp\sqlE3F8.tmp
- %TEMP%\844716.627055676
- %TEMP%\autB8B3.tmp
- %TEMP%\autC763.tmp
- %TEMP%\svshost.exe
- 'om.###software.com':4201
- DNS ASK dn#.##ftncsi.com
- DNS ASK om.###software.com