Technical Information
- https://nc.nl.tab.digital/s/qgetnynmlodgxny/download as %appdata%\microsoft\windows\start menu\programs\startup\windows security essential.exe
- %WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe
- %TEMP%\512b.tmp\512c.tmp\512d.bat
- %TEMP%\512b.tmp\512c.tmp\512d.bat
- 'nc.##.tab.digital':443
- 'nc.##.tab.digital':443
- DNS ASK nc.##.tab.digital
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\512B.tmp\512C.tmp\512D.bat %WINDIR%\Microsoft.NET\Framework\v4.0.30319\regasm.exe"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe'
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\512B.tmp\512C.tmp\512D.bat %WINDIR%\Microsoft.NET\Framework\v4.0.30319\regasm.exe"