Technical Information
- %WINDIR%\tasks\drdoal.job
- <SYSTEM32>\tasks\drdoal
- %ALLUSERSPROFILE%\fbwsp\drdoal.exe
- '31.#4.185.6':4001
- 'mi#####stefensson.com':80
- http://mi#####stefensson.com/supd/s.exe
- '31.#4.185.6':4001
- DNS ASK mi#####stefensson.com
- '%ALLUSERSPROFILE%\fbwsp\drdoal.exe' start
- '%ALLUSERSPROFILE%\fbwsp\drdoal.exe' start' (with hidden window)