Technical Information
- [<HKLM>\System\CurrentControlSet\Control\Session Manager\AppCertDlls] 'mounexec' = '<SYSTEM32>\ddodling.dll'
- iexplore.exe
- iexplore.exe process, wininet.dll module
- iexplore.exe process, urlmon.dll module
- %WINDIR%\syswow64\ddodling.dll
- <Current directory>\abcdefg.bat
- '%WINDIR%\syswow64\cmd.exe' /c ""<Current directory>\abcdefg.bat" "<Full path to file>""' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""<Current directory>\abcdefg.bat" "<Full path to file>""