Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'fa280178bd55348ab39c6738d80c9542' = '"%APPDATA%\servsss.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'fa280178bd55348ab39c6738d80c9542' = '"%APPDATA%\servsss.exe" ..'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\servsss.exe" "servsss.exe" ENABLE
- %APPDATA%\servsss.exe
- 'go######rcpics16.ddns.net':2222
- DNS ASK go######rcpics16.ddns.net
- '%APPDATA%\servsss.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\servsss.exe" "servsss.exe" ENABLE' (with hidden window)