Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'ADSL Dia' = '%WINDIR%\Windowsadmin\Windowsserver\svssshost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'ADSL Diaa' = '%WINDIR%\Windowsadmin\Windowsserver\svsshost.exe'
- %WINDIR%\Windowsadmin\Windowsserver\svssshost.exe
- %WINDIR%\Windowsadmin\svssshost.exe
- %WINDIR%\Windowsadmin\Windowsserver\svsshost.exe
- %APPDATA%\Microsoft\VBS.vbs
- %APPDATA%\Microsoft\VBS1.vbs
- %WINDIR%\Windowsadmin\Windowsserver\Config.ini
- %WINDIR%\Windowsadmin\Windowsserver\svssshost.exe
- %WINDIR%\Windowsadmin\svssshost.exe
- <Full path to file>
- %APPDATA%\Microsoft\VBS.vbs
- %APPDATA%\Microsoft\VBS1.vbs
- %WINDIR%\Windowsadmin\Windowsserver\Config.ini
- '91.##8.115.133':8626
- ClassName: '' WindowName: ''
- '%WINDIR%\Windowsadmin\Windowsserver\svsshost.exe'
- '%WINDIR%\Windowsadmin\Windowsserver\svssshost.exe'
- '<SYSTEM32>\wscript.exe' "%APPDATA%\Microsoft\VBS.vbs"
- '<SYSTEM32>\wscript.exe' "%APPDATA%\Microsoft\VBS1.vbs"