Technical Information
- '<SYSTEM32>\wscript.exe' %TEMP%\7i29Ln.js
- nul
- %TEMP%\7i29ln.js
- http://fm#######8d.sitergostf.monster/?8/
- DNS ASK fm#######8d.sitergostf.monster
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p 0WInxrj="%WKQ:IOQAI=%%FKcvh6g:1BBQV=/%" 0<nul 1>%TEMP%\7i29Ln%ybok%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" md \ |"
- '<SYSTEM32>\cmd.exe' /S /D /c" echo stArt <SYSTEM32>\wsCript.eXe %TEMP%\7i29Ln%ybok%s"
- '<SYSTEM32>\cmd.exe'