Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '6a2634340fbf8a0a2c038c6263d49fd1' = '"%PROGRAMDATA%\Server.exe"'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] '6a2634340fbf8a0a2c038c6263d49fd1' = '"%PROGRAMDATA%\Server.exe"'
- %PROGRAMDATA%\server.exe
- %PROGRAMDATA%\server.exe
- 'localhost':66
- '%PROGRAMDATA%\server.exe'
- '<SYSTEM32>\cmd.exe' /c ping 127.0.0.1 & start %PROGRAMDATA%\Server.exe & exit' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c ping 127.0.0.1 & start %PROGRAMDATA%\Server.exe & exit
- '<SYSTEM32>\ping.exe' 127.0.0.1