Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'dServices.exe' = '%APPDATA%\Microsoft\dServices.exe'
- %APPDATA%\microsoft\dservices.exe
- %TEMP%\tmp51ea.tmp.bat
- nul
- DNS ASK fi####re.ddns.net
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'dServices.exe' -Value '"%APPDATA%\Microsoft\dServices.exe"' -PropertyType 'String' -Force
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\tmp51EA.tmp.bat" "' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\tmp51EA.tmp.bat" "
- '%WINDIR%\syswow64\timeout.exe' 3