Technical Information
- %TEMP%\restart.bat
- nul
- %ProgramFiles%\xcoco.ini
- %TEMP%\dcbgojb.exe
- from <Full path to file> to <Current directory>\lugnqqqk.exe
- 'go###.#ulong2019.com':80
- http://go###.#ulong2019.com/kss_io/io.php?v=################################################
- DNS ASK go###.#ulong2019.com
- ClassName: 'ThunderRT6FormDC' WindowName: 'Íâ¹ÒÎÞ¼äµÀ'
- ClassName: 'ConsoleWindowClass' WindowName: ''
- '%TEMP%\dcbgojb.exe'
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\Restart.bat' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\Restart.bat
- '%WINDIR%\syswow64\ping.exe' 127.0.0.1 -n 1