Technical Information
- <SYSTEM32>\tasks\dllhst3g
- %WINDIR%\microsoft.net\framework\v2.0.50727\regasm.exe
- %APPDATA%\runonce\conhost.exe
- DNS ASK re#####ba1.duckdns.org
- '%APPDATA%\runonce\conhost.exe'
- '%WINDIR%\syswow64\schtasks.exe' /create /tn dllhst3g /tr "%APPDATA%\runonce\conhost.exe" /sc minute /mo 1 /F' (with hidden window)
- '%APPDATA%\runonce\conhost.exe' ' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\regasm.exe'
- '%WINDIR%\syswow64\schtasks.exe' /create /tn dllhst3g /tr "%APPDATA%\runonce\conhost.exe" /sc minute /mo 1 /F
- '<SYSTEM32>\taskeng.exe' {FDFEB905-6D81-40C9-936F-5B06B6AEB2EB} S-1-5-21-1960123792-2022915161-3775307078-1001:gwrmmtq\user:Interactive:[1]