Technical Information
- '<SYSTEM32>\schtasks.exe' /create /sc onlogon /tn "Startup protocol" /rl highest /tr "'%ProgramFiles%\command\netsvkrnl.exe' /startup" /f
- <SYSTEM32>\cmd.exe
- %ProgramFiles%\command\netsvkrnl.exe
- 'z.###record.xyz':50604
- 'a.##mx.xyz':50604
- DNS ASK z.###record.xyz
- DNS ASK a.##mx.xyz