Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WindowsServices.exe' = '<Full path to file>'
- Windows Defender
- %WINDIR%\microsoft.net\framework\v4.0.30319\regsvcs.exe
- firefox.exe
- %TEMP%\content\3672-3860-<File name>.exe-16-12-27-678.dump
- %LOCALAPPDATA%\microsoft\clr_v4.0\usagelogs\<File name>.exe.log
- http://ch####p.dyndns.org/
- 'hw########stem.000webhostapp.com':443
- 'cd#.##scordapp.com':443
- 'fr###eoip.app':443
- DNS ASK hw########stem.000webhostapp.com
- DNS ASK cd#.##scordapp.com
- DNS ASK ch####p.dyndns.org
- DNS ASK fr###eoip.app
- '<SYSTEM32>\devicecensus.exe'
- '<SYSTEM32>\apphostregistrationverifier.exe'
- '%WINDIR%\microsoft.net\framework\v4.0.30319\regsvcs.exe'