Technical Information
- %ALLUSERSPROFILE%\mssql\mssql60.dll
- from <Full path to file> to %TEMP%\~1.tmp
- 'or###file.com':80
- http://www.or###file.com/rssfeeds/lang1.php?t=#######################
- http://www.or###file.com/rssfeeds/lang2.php?t=#######################
- DNS ASK or###file.com
- '<SYSTEM32>\rundll32.exe' "%ALLUSERSPROFILE%\mssql\mssql60.dll",DllRegisterServer' (with hidden window)
- '<SYSTEM32>\rundll32.exe' "%ALLUSERSPROFILE%\mssql\mssql60.dll",DllRegisterServer