Technical Information
- '<SYSTEM32>\wscript.exe' %TEMP%\aCr.js
- %TEMP%\acr.js
- http://7g####.g4sxogpsx.fun/?1/
- DNS ASK 7g####.g4sxogpsx.fun
- DNS ASK cl###flare.com
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p QYDQ6="%KUXH:uEIn=%%5UTD:CUJJA=/%" 0<nul 1>%TEMP%\aCr%KMK%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" md \ |"
- '<SYSTEM32>\cmd.exe' /S /D /c" echo stArt <SYSTEM32>\wsCript.eXe %TEMP%\aCr%KMK%s"
- '<SYSTEM32>\cmd.exe'