Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'OneDrive' = '%HOMEPATH%\Documents\dxmwv.exe'
- %HOMEPATH%\documents\dxmwv.exe
- %APPDATA%\svchost.resources.resources
- %APPDATA%\svchost.il
- %APPDATA%\svchost.pdb
- %APPDATA%\svchost.exe
- %HOMEPATH%\documents\dxmwv.exe
- %APPDATA%\svchost.pdb
- %APPDATA%\svchost.il
- %APPDATA%\svchost.resources.resources
- 'localhost':5558
- 'ip######ters.duckdns.org':5557
- DNS ASK ip######ters.duckdns.org
- '%HOMEPATH%\documents\dxmwv.exe'
- '%APPDATA%\svchost.exe'
- '%WINDIR%\microsoft.net\framework\v2.0.50727\ilasm.exe' /alignment=512 /QUIET %APPDATA%\svchost.il /output:%APPDATA%\svchost.exe' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\ilasm.exe' /alignment=512 /QUIET %APPDATA%\svchost.il /output:%APPDATA%\svchost.exe