Technical Information
- https://www.so##um.org/files/download/defender-control/defendercontrol.zip as %programfiles%\defender.zip
- ClassName: 'FilemonClass', WindowName: ''
- ClassName: 'PROCMON_WINDOW_CLASS', WindowName: ''
- ClassName: 'RegmonClass', WindowName: ''
- %WINDIR%\ime\imepp\def.exe
- %TEMP%\35a.tmp\36a.tmp\36b.bat
- nul
- %TEMP%\35a.tmp\36a.tmp\36b.bat
- 'cd#.##scordapp.com':443
- 'so##um.org':443
- 'cd#.##scordapp.com':443
- 'so##um.org':443
- DNS ASK cd#.##scordapp.com
- DNS ASK so##um.org
- ClassName: 'File Monitor - Sysinternals: www.sysinternals.com' WindowName: ''
- ClassName: 'Process Monitor - Sysinternals: www.sysinternals.com' WindowName: ''
- ClassName: 'Registry Monitor - Sysinternals: www.sysinternals.com' WindowName: ''
- ClassName: '18467-41' WindowName: ''
- '%WINDIR%\ime\imepp\def.exe'
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\35A.tmp\36A.tmp\36B.bat %WINDIR%\IME\IMEPP\def.exe"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\35A.tmp\36A.tmp\36B.bat %WINDIR%\IME\IMEPP\def.exe"
- '<SYSTEM32>\ping.exe' localhost -n 2