Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '469f99d3db441cd0cdc544bc5c90c59e' = '"%TEMP%\serve32.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '469f99d3db441cd0cdc544bc5c90c59e' = '"%TEMP%\serve32.exe" ..'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\serve32.exe" "serve32.exe" ENABLE
- %TEMP%\5407\5407.exe
- %TEMP%\2735\2735.exe
- %TEMP%\4022\4022.exe
- %TEMP%\4998\4998.exe
- %TEMP%\6565\6565.exe
- %TEMP%\serve32.exe
- %TEMP%\5407\5407.exe
- %TEMP%\2735\2735.exe
- %TEMP%\4022\4022.exe
- %TEMP%\4998\4998.exe
- %TEMP%\6565\6565.exe
- '<LOCALNET>.100.5':5552
- '%TEMP%\5407\5407.exe'
- '%TEMP%\serve32.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\serve32.exe" "serve32.exe" ENABLE' (со скрытым окном)