Technical Information
- '<SYSTEM32>\wscript.exe' %TEMP%\F4f.js
- %TEMP%\f4f.js
- http://hw###.6pnc3461.ink/?1/
- DNS ASK hw###.6pnc3461.ink
- DNS ASK cl###flare.com
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p IPUIN="%TNQD:GTeA=%%98O8:BKIRO=/%" 0<nul 1>%TEMP%\F4f%ODC%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" md \ |"
- '<SYSTEM32>\cmd.exe' /S /D /c" echo stArt <SYSTEM32>\wsCript.eXe %TEMP%\F4f%ODC%s"
- '<SYSTEM32>\cmd.exe'