Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\shareit service.exe
- %APPDATA%\microsoft\persist.dat
- %APPDATA%\microsoft\search\searchhelper.exe
- %TEMP%\wer9mso.dir00\com3.exe
- http://su######ervice.netai.net/c/c13.php?m=############
- http://ba#####upport.comxa.com/z/c13.php?m=############
- DNS ASK su#####backup.esy.es
- DNS ASK su######ervice.netai.net
- DNS ASK ba#####upport.esy.es
- DNS ASK ba#####upport.comxa.com
- '%APPDATA%\microsoft\search\searchhelper.exe'
- '%TEMP%\wer9mso.dir00\com3.exe'
- '%WINDIR%\syswow64\reg.exe' ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /f /t REG_SZ /v "Intel GPU" /d "D:\Program Files\Intel GPU\GfxUI.exe"' (со скрытым окном)
- '%WINDIR%\syswow64\reg.exe' ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /f /t REG_SZ /v "Intel GPU" /d "D:\Program Files\Intel GPU\GfxUI.exe"