Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\] 'Microsoft Windows Service' = '%WINDIR%\M-8695784673568559\winsvc.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run\] 'Microsoft Windows Service' = '%WINDIR%\M-8695784673568559\winsvc.exe'
- %WINDIR%\m-8695784673568559\winsvc.exe
- %WINDIR%\m-8695784673568559\winsvc.exe
- '18#.#76.27.132':80
- DNS ASK ao#.com
- '%WINDIR%\m-8695784673568559\winsvc.exe'