Technical Information
- '<SYSTEM32>\wscript.exe' %TEMP%\m3l.js
- %TEMP%\m3l.js
- http://bs####.3r6ei9bz.xyz/?1/
- DNS ASK bs####.3r6ei9bz.xyz
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p U2LQE="%QXGH:OG6r=%%RBUE:EXYRH=/%" 0<nul 1>%TEMP%\m3l%CSO%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" md \ |"
- '<SYSTEM32>\cmd.exe' /S /D /c" echo stArt <SYSTEM32>\wsCript.eXe %TEMP%\m3l%CSO%s"
- '<SYSTEM32>\cmd.exe'