Technical Information
- '<SYSTEM32>\wscript.exe' %TEMP%\Jat.js
- %TEMP%\jat.js
- http://5w####.#hcco980m1zy9.org/?1/
- DNS ASK 5w####.#hcco980m1zy9.org
- DNS ASK cl###flare.com
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p 00JB1="%WMUK:gBqc=%%0HP1:YHUGZ=/%" 0<nul 1>%TEMP%\Jat%MRF%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" md \ |"
- '<SYSTEM32>\cmd.exe' /S /D /c" echo stArt <SYSTEM32>\wsCript.eXe %TEMP%\Jat%MRF%s"
- '<SYSTEM32>\cmd.exe'