Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'fa280178bd55348ab39c6738d80c9542' = '"%APPDATA%\servsss.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'fa280178bd55348ab39c6738d80c9542' = '"%APPDATA%\servsss.exe" ..'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\servsss.exe" "servsss.exe" ENABLE
- %APPDATA%\rufus-3.10.exe
- %APPDATA%\google.exe
- %TEMP%\ruff1c0.tmp
- %WINDIR%\syswow64\grouppolicy\gpt.ini
- %APPDATA%\servsss.exe
- %PROGRAMDATA%\ntuser.pol
- 'go######rcpics16.ddns.net':2222
- DNS ASK go######rcpics16.ddns.net
- '%APPDATA%\rufus-3.10.exe'
- '%APPDATA%\google.exe'
- '%APPDATA%\servsss.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\servsss.exe" "servsss.exe" ENABLE' (with hidden window)
- '<SYSTEM32>\raserver.exe' /offerraupdate