Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '6f39eb8c5355dfb830ff2e8a82a59ad2' = '"%APPDATA%\server.exe" ..'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] '6f39eb8c5355dfb830ff2e8a82a59ad2' = '"%APPDATA%\server.exe" ..'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\server.exe" "server.exe" ENABLE
- <Текущая директория>:{76005a00-5500-3900-6700-36004c002f00}
- <Текущая директория>:{42004c00-6a00-3200-4d00-690070006200}
- %PROGRAMDATA%\isolated storage\{42004c00-6a00-3200-4d00-690070006200}
- %APPDATA%\server.exe
- %APPDATA%:{42004c00-6a00-3200-4d00-690070006200}
- %APPDATA%:{76005a00-5500-3900-6700-36004c002f00}
- %PROGRAMDATA%\isolated storage\{76005a00-5500-3900-6700-36004c002f00}
- 'pa###bin.com':443
- 'me#####en102.ddns.net':7771
- DNS ASK pa###bin.com
- DNS ASK me#####en102.ddns.net
- '%APPDATA%\server.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\server.exe" "server.exe" ENABLE' (со скрытым окном)