Technical Information
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe,"%APPDATA%\Microsoft\Windows\Start Menu\Programs\Windows Services\services.exe",'
- %APPDATA%\microsoft\windows\start menu\programs\windows services\services.exe
- 'ca####-crack.store':80
- '5.###.84.249':3336
- http://ca####-crack.store/loader/uploads/services_Nzdfpeyi.png
- '5.###.84.249':3336
- DNS ASK ca####-crack.store
- DNS ASK 24#.##.#53.5.in-addr.arpa
- '<SYSTEM32>\cmd.exe' /c timeout 20' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c timeout 20
- '<SYSTEM32>\timeout.exe' 20