Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'fca414ff24bdf83e0a0e1d35ee8c1b52' = '"%APPDATA%\WindowsServices.exe" ..'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'fca414ff24bdf83e0a0e1d35ee8c1b52' = '"%APPDATA%\WindowsServices.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\fca414ff24bdf83e0a0e1d35ee8c1b52.exe
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\WindowsServices.exe" "WindowsServices.exe" ENABLE
- %APPDATA%\windowsservices.exe
- '18#.#40.53.61':8888
- 'pa###bin.com':443
- DNS ASK pa###bin.com
- '%APPDATA%\windowsservices.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\WindowsServices.exe" "WindowsServices.exe" ENABLE' (with hidden window)