Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\serverrr.exe' = '%TEMP%\serverrr.exe:*:Enabled:serverrr.exe'
- '%TEMP%\serverrr.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\serverrr.exe" "serverrr.exe" ENABLE
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new
- %TEMP%\serverrr.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new в %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new в %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
- 'ad####adi.hopto.org':5552
- DNS ASK ad####adi.hopto.org