Technical Information
- %APPDATA%\regsvcs.exe
- <Full path to file>
- %APPDATA%\regsvcs.exe
- 'do####a.ddns.net':1900
- DNS ASK do####a.ddns.net
- '%APPDATA%\regsvcs.exe'
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\h52xdy15.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESA7BC.tmp" "%TEMP%\vbcA7AC.tmp"' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /create /sc minute /mo 1 /tn "RegSvcs" /tr "%APPDATA%\RegSvcs.exe"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\h52xdy15.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESA7BC.tmp" "%TEMP%\vbcA7AC.tmp"
- '%WINDIR%\syswow64\schtasks.exe' /create /sc minute /mo 1 /tn "RegSvcs" /tr "%APPDATA%\RegSvcs.exe"