Technical Information
- %WINDIR%\syswow64\rundll32.exe
- %WINDIR%\temp\abc.vbs
- %WINDIR%\temp\tmp.js
- http://12#.#6.146.237/MNmT
- http://12#.#6.146.237/visit.js
- '%WINDIR%\syswow64\cscript.exe' /Nologo %WINDIR%\Temp\abc.vbs
- '%WINDIR%\syswow64\wscript.exe' %WINDIR%\Temp\tmp.js
- '%WINDIR%\syswow64\cscript.exe' /Nologo %WINDIR%\Temp\abc.vbs' (with hidden window)
- '%WINDIR%\syswow64\wscript.exe' %WINDIR%\Temp\tmp.js' (with hidden window)
- '%WINDIR%\syswow64\rundll32.exe'