Technical Information
- '<SYSTEM32>\wscript.exe' "%WINDIR%\Temp\mntbkguvru.js"
- %WINDIR%\temp\mntbkguvru.js
- http://oc##.##firmtrust.com/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBT0%2BTgTFBdhtTlPitmk9uxWI9jHdQQUnZPGU4teyq8%2Fnx4P5ZmVvCT2lI8CCEDwu6qK4MCY
- http://oc##.##firmtrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRtMhZQYpqo2xxcFXSxtJGrbVcLygQU2%2B9lNwvlR8s10ZAfA8G8iMen6oACEBkwpJRkYyXJAAAAAFgIB8w%3D
- DNS ASK tr###micro.com
- DNS ASK oc##.##firmtrust.com
- DNS ASK da###esuib.com