Technical Information
- '%WINDIR%\explorer.exe' /c, %TEMP%\8iEcf7e.jS
- %TEMP%\8iecf7e.js
- 'public-trust.com':80
- DNS ASK 67#########xo0da.a024c3d64bf498.site
- DNS ASK public-trust.com
- '<SYSTEM32>\wscript.exe' "%TEMP%\8iEcf7e.Js"
- '<SYSTEM32>\wscript.exe' "%TEMP%\8iEcf7e.Js"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /S /D /c" sET/p 9Oqzjfh="%LJS:ZHEG=%%Jcij6e8:OGM=/%" 0<nul 1>%TEMP%\8iEcf7e.Js 2>&1"
- '<SYSTEM32>\cmd.exe' /S /D /c" CAll %OIY:ENCR=% %TEMP%\8iEcf7e.jS 2>&1"
- '<SYSTEM32>\cmd.exe' /S /D /c" exiT"