Technical Information
- %WINDIR%\tasks\dctooux.job
- C:\Documents\user\locals~1\temp\154561dcbf\dctooux.exe
- %APPDATA%\810b84e2bfa3a9\cred.dll
- 'to####echeats.dev':80
- http://to####echeats.dev/j4Fvskd3/Plugins/cred.dll
- http://to####echeats.dev/j4Fvskd3/index.php
- DNS ASK to####echeats.dev
- 'C:\Documents\user\locals~1\temp\154561dcbf\dctooux.exe'
- 'C:\Documents\user\locals~1\temp\154561dcbf\dctooux.exe' ' (with hidden window)