Technical Information
- [<HKLM>\System\CurrentControlSet\Services\wfrxl-checkstatus] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\wfrxl-checkstatus] 'ImagePath' = '"<Current directory>\srvany.exe"'
- [<HKLM>\System\CurrentControlSet\Services\wfrxl] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\wfrxl] 'ImagePath' = '"<Current directory>\srvany.exe"'
- '<File name>-checkstatus' "<Current directory>\srvany.exe"
- 'wfrxl-checkstatus' <Current directory>\srvany.exe
- '<File name>' "<Current directory>\srvany.exe"
- <Current directory>\libiconv2.dll
- <Current directory>\pdftk.exe
- <Current directory>\pdftotext.exe
- <Current directory>\munpack.exe
- <Current directory>\srvany.exe
- %TEMP%\1653304304servicelist.txt
- <PATH_SAMPLE>-checkstatus.exe
- %TEMP%\1653304304servicelist.txt
- '<PATH_SAMPLE>-checkstatus.exe'
- '<PATH_SAMPLE>-checkstatus.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c wmic service get pathname,processid > %TEMP%\1653304304servicelist.txt
- '%WINDIR%\syswow64\wbem\wmic.exe' service get pathname,processid