Technical Information
- '<SYSTEM32>\schtasks.exe' /delete /f /TN "Microsoft\Windows\Customer Experience Improvement Program\Uploader"
- '<SYSTEM32>\wsqmcons.exe'
- '<SYSTEM32>\wbem\WMIADAP.EXE' /F /T /R
- C:\ProgramData\Microsoft\RAC\Temp\sql277C.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sql279D.tmp
- %TEMP%\nsr5F30.tmp\manlib.dll
- <SYSTEM32>\LogFiles\Scm\f46b7512-603d-44fa-8b9c-8ab48ec54142
- %TEMP%\nsr5F30.tmp\GetVersion.dll
- %TEMP%\nsr5F30.tmp\installog.txt
- %TEMP%\nsr5F30.tmp\registry.dll
- %TEMP%\nsr5F30.tmp\System.dll
- %TEMP%\nsr5F30.tmp\header.bmp
- %TEMP%\nsr5F30.tmp\nsDialogs.dll
- %TEMP%\nsr5F30.tmp\blowfish.dll
- %TEMP%\nsr5F30.tmp\checked.jpg
- %TEMP%\nsr5F30.tmp\unchecked.jpg
- %TEMP%\nsr5F30.tmp\registry.dll
- %TEMP%\nsr5F30.tmp\nsDialogs.dll
- %TEMP%\nsr5F30.tmp\manlib.dll
- <SYSTEM32>\Tasks\Microsoft\Windows Defender\MP Scheduled Scan
- %TEMP%\nsr5F30.tmp\unchecked.jpg
- %TEMP%\nsr5F30.tmp\System.dll
- %TEMP%\nsr5F30.tmp\header.bmp
- %TEMP%\nsr5F30.tmp\installog.txt
- C:\ProgramData\Microsoft\RAC\Temp\sql277C.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sql279D.tmp
- %TEMP%\nsr5F30.tmp\GetVersion.dll
- %TEMP%\nsr5F30.tmp\checked.jpg
- %TEMP%\nsr5F30.tmp\blowfish.dll
- 'www.ht###wedgo.us':80
- www.ht###wedgo.us/first_call_mon_v2.php
- DNS ASK www.ht###wedgo.us