Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Intel(R) Common Networking System' = '%APPDATA%\Intel Corporation\Intel(R) Common User Interface\1.0.0.0\svchost.exe'
- '%APPDATA%\Microsoft\Windows\8.1.7601.17587\svchost.exe'
- '%APPDATA%\Intel Corporation\Intel(R) Common User Interface\1.0.0.0\svchost.exe'
- '<Текущая директория>\~Multi_Shit_Tool_v_0_3.exe'
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- %APPDATA%\Microsoft\Windows\8.1.7601.17587\svchost.exe
- <Текущая директория>\~Multi_Shit_Tool_v_0_3.exe
- %APPDATA%\Intel Corporation\Intel(R) Common User Interface\1.0.0.0\server.zip
- %APPDATA%\Intel Corporation\Intel(R) Common User Interface\1.0.0.0\svchost.exe
- %APPDATA%\Intel Corporation\Intel(R) Common User Interface\1.0.0.0\svchost.exe
- <Текущая директория>\~Multi_Shit_Tool_v_0_3.exe
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- %APPDATA%\Intel Corporation\Intel(R) Common User Interface\1.0.0.0\server.zip
- 'ch####andomain.club':80
- 'wp#d':80
- http://ch####andomain.club/1/explorer.txt
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK ch####andomain.club
- DNS ASK wp#d