Technical Information
- %WINDIR%\Tasks\StateBinDLL.job
- %WINDIR%\microhost.dll
- %TEMP%\7ZipSfx.000\a_00
- %TEMP%\7ZipSfx.000\dll.cmd
- '<SYSTEM32>\rundll32.exe' "%WINDIR%\microhost.dll",updates
- '<SYSTEM32>\schtasks.exe' /Delete /tn StateBinDLL /f
- '<SYSTEM32>\ping.exe' 127.0.0.1
- '<SYSTEM32>\schtasks.exe' /Create /SC MINUTE /MO 7 /RU "SYSTEM" /TN StateBinDLL /TR "rundll32.exe """%WINDIR%\microhost.dll""",updates"
- '<SYSTEM32>\cmd.exe' /S /D /c" ver "
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\7ZipSfx.000\dll.cmd" "
- '<SYSTEM32>\schtasks.exe' /end /tn StateBinDLL
- '<SYSTEM32>\find.exe' "Microsoft Windows XP"