Technical Information
- %WINDIR%\tasks\1.bat
- %WINDIR%\tasks\l.dll
- %WINDIR%\tasks\123.vbs
- 'do###dtr.com':80
- http://do###dtr.com/
- DNS ASK do###dtr.com
- ClassName: 'EDIT' WindowName: ''
- '%WINDIR%\syswow64\wscript.exe' "%WINDIR%\tasks\123.vbs"
- '%WINDIR%\syswow64\cmd.exe' /c ""%WINDIR%\tasks\1.bat" "' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%WINDIR%\tasks\1.bat" "
- '%WINDIR%\syswow64\rundll32.exe' %WINDIR%\tasks\l.dll, PluginInit
- '<SYSTEM32>\rundll32.exe' %WINDIR%\tasks\l.dll, PluginInit