Technical Information
- https://www.so##um.org/files/download/defender-control/defendercontrol.zip as %programfiles%\defender.zip
- %TEMP%\25c8.tmp\25c9.tmp\25ca.bat
- %APPDATA%\wellyouaredoomed.exe
- %WINDIR%\ime\imepp\def.exe
- %TEMP%\62e7.tmp\62e8.tmp\62e9.bat
- nul
- %TEMP%\62e7.tmp\62e8.tmp\62e9.bat
- 'cd#.##scordapp.com':443
- 'so##um.org':443
- 'cd#.##scordapp.com':443
- 'so##um.org':443
- DNS ASK cd#.##scordapp.com
- DNS ASK so##um.org
- '%APPDATA%\wellyouaredoomed.exe'
- '%WINDIR%\ime\imepp\def.exe'
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\25C8.tmp\25C9.tmp\25CA.bat <Full path to file>"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\62E7.tmp\62E8.tmp\62E9.bat %WINDIR%\IME\IMEPP\def.exe"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\25C8.tmp\25C9.tmp\25CA.bat <Full path to file>"
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\62E7.tmp\62E8.tmp\62E9.bat %WINDIR%\IME\IMEPP\def.exe"
- '<SYSTEM32>\ping.exe' localhost -n 2