Technical Information
- '%WINDIR%\explorer.exe' /c, %TEMP%\Fb5e9Lc.js
- %TEMP%\fb5e9lc.js
- 'public-trust.com':80
- 'nw#####3a0t.2w9nwsir.cf':443
- DNS ASK nw#####3a0t.2w9nwsir.cf
- DNS ASK public-trust.com
- '<SYSTEM32>\wscript.exe' "%TEMP%\Fb5e9Lc.js"
- '<SYSTEM32>\wscript.exe' "%TEMP%\Fb5e9Lc.js"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /S /D /c" sET/p Lnv2g6I="%FQZ:XXDOXP=%%6u0Ubxs:TIQTP=/%" 0<nul 1>%TEMP%\Fb5e9Lc.js 2>&1"
- '<SYSTEM32>\cmd.exe' /S /D /c" CAll %QNU:FTDRQ=% %TEMP%\Fb5e9Lc.js 2>&1"
- '<SYSTEM32>\cmd.exe' /S /D /c" exiT"