Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '09943d0223d4c335f09d82bb5dc901cc' = '"%ALLUSERSPROFILE%\WindowsServiecs.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '09943d0223d4c335f09d82bb5dc901cc' = '"%ALLUSERSPROFILE%\WindowsServiecs.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\09943d0223d4c335f09d82bb5dc901cc.exe
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%ALLUSERSPROFILE%\WindowsServiecs.exe" "WindowsServiecs.exe" ENABLE
- windowsserviecs.exe
- %ALLUSERSPROFILE%\windowsserviecs.exe
- 'as##.ddns.net':5321
- DNS ASK as##.ddns.net
- '%ALLUSERSPROFILE%\windowsserviecs.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%ALLUSERSPROFILE%\WindowsServiecs.exe" "WindowsServiecs.exe" ENABLE' (with hidden window)