Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'fa280178bd55348ab39c6738d80c9542' = '"%APPDATA%\servsss.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'fa280178bd55348ab39c6738d80c9542' = '"%APPDATA%\servsss.exe" ..'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\servsss.exe" "servsss.exe" ENABLE
- ClassName: 'FileMonClass', WindowName: ''
- ClassName: 'RegMonClass', WindowName: ''
- ClassName: 'PROCMON_WINDOW_CLASS', WindowName: ''
- %APPDATA%\bluetoothdriverinstaller_x64.exe
- %APPDATA%\google.exe
- %APPDATA%\servsss.exe
- 'go######rcpics16.ddns.net':2222
- DNS ASK go######rcpics16.ddns.net
- '%APPDATA%\bluetoothdriverinstaller_x64.exe'
- '%APPDATA%\google.exe'
- '%APPDATA%\servsss.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\servsss.exe" "servsss.exe" ENABLE' (with hidden window)