Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'f15a1481d35d57c9247ddf9d377e6415' = '"%ALLUSERSPROFILE%\WindowsServiecs.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'f15a1481d35d57c9247ddf9d377e6415' = '"%ALLUSERSPROFILE%\WindowsServiecs.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\f15a1481d35d57c9247ddf9d377e6415.exe
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%ALLUSERSPROFILE%\WindowsServiecs.exe" "WindowsServiecs.exe" ENABLE
- windowsserviecs.exe
- %ALLUSERSPROFILE%\windowsserviecs.exe
- 'as##.ddns.net':5552
- DNS ASK as##.ddns.net
- '%ALLUSERSPROFILE%\windowsserviecs.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%ALLUSERSPROFILE%\WindowsServiecs.exe" "WindowsServiecs.exe" ENABLE' (with hidden window)