Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'f5aa1406a7e0e081de9e13df98df5d5f' = '"%TEMP%\servare.exe" ..'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'f5aa1406a7e0e081de9e13df98df5d5f' = '"%TEMP%\servare.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\f5aa1406a7e0e081de9e13df98df5d5f.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\servare.exe' = '%TEMP%\servare.exe:*:Enabled:servare.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\servare.exe" "servare.exe" ENABLE
- %TEMP%\servare.exe
- 'ja#####jjar123.ddns.net':1177
- DNS ASK ja#####jjar123.ddns.net
- '%TEMP%\servare.exe'