Technical Information
- '<SYSTEM32>\wscript.exe' %TEMP%\skk.js
- %TEMP%\skk.js
- http://e9####.#y2eqrpl4seg.online/?1/
- DNS ASK e9####.#y2eqrpl4seg.online
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p X5INZ="%LVNCY:I7QY=%%NETR:JFYCB=/%" 0<nul 1>%TEMP%\skk%GINO%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" echo StArt <SYSTEM32>\wsCript.eXe %TEMP%\skk%GINO%s"
- '<SYSTEM32>\cmd.exe'