Technical Information
- '<SYSTEM32>\wscript.exe' %TEMP%\0Ji8lhF.js
- %TEMP%\0ji8lhf.js
- nul
- http://be###.vcfmy.buzz/?02#
- DNS ASK be###.vcfmy.buzz
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p 8q9Lm2h="%OPD:ILCUN=%%5i9Hvjh:1QLJK=/%" 0<nul 1>%TEMP%\0Ji8lhF%yssg%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" md \ |"
- '<SYSTEM32>\cmd.exe' /S /D /c" echo stArt <SYSTEM32>\wsCript.eXe %TEMP%\0Ji8lhF%yssg%s"
- '<SYSTEM32>\cmd.exe'