Техническая информация
- '<SYSTEM32>\wsqmcons.exe'
- '<SYSTEM32>\rundll32.exe' dfdts.dll,DfdGetDefaultPolicyAndSMART
- '<SYSTEM32>\schtasks.exe' /delete /f /TN "Microsoft\Windows\Customer Experience Improvement Program\Uploader"
- '<SYSTEM32>\sc.exe' start w32time task_started
- '<SYSTEM32>\sdclt.exe' /CONFIGNOTIFICATION
- '<SYSTEM32>\taskhost.exe' $(Arg0)
- %TEMP%\nsn6162.tmp\License_IT.rtf
- %TEMP%\nsn6162.tmp\License_DE.rtf
- %TEMP%\nsn6162.tmp\License_PT.rtf
- %TEMP%\nsn6162.tmp\License_NL.rtf
- %TEMP%\nsn6162.tmp\License_ES.rtf
- C:\ProgramData\Microsoft\RAC\Temp\sql8A06.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sql8A36.tmp
- %TEMP%\nsn6162.tmp\nsDialogs.dll
- %TEMP%\nsn6162.tmp\headerleft.bmp
- %TEMP%\nsn6162.tmp\NSISdl.dll
- %TEMP%\nsc6308.tmp
- %TEMP%\nsn6162.tmp\modern-header.bmp
- %TEMP%\nsn6162.tmp\modern-wizard.bmp
- %TEMP%\nsn6162.tmp\nsArray.dll
- %TEMP%\nsn6162.tmp\License_EN.rtf
- %TEMP%\nsn6162.tmp\License_FR.rtf
- %TEMP%\nsn6162.tmp\System.dll
- %TEMP%\nsn6162.tmp\ButtonEvent.dll
- C:\ProgramData\Microsoft\RAC\Temp\sql8A36.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sql8A06.tmp
- %TEMP%\nsc6308.tmp
- <SYSTEM32>\Tasks\Microsoft\Windows Defender\MP Scheduled Scan
- 'st###.#neinstaller.com':80
- st###.#neinstaller.com/report/oneinst.php?ii################################################################
- DNS ASK ti##.#indows.com
- DNS ASK st###.#neinstaller.com
- 'ti##.#indows.com':123
- ClassName: 'OleMainThreadWndClass' WindowName: '(null)'