Technical Information
- '<SYSTEM32>\wscript.exe' %TEMP%\mi0.js
- %TEMP%\mi0.js
- http://6c###.grtmlx.store/?1/
- DNS ASK 6c###.grtmlx.store
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p WUS60="%PVAZ:WaY8=%%CILK:GNUWK=/%" 0<nul 1>%TEMP%\mi0%CLZ%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" md \ |"
- '<SYSTEM32>\cmd.exe' /S /D /c" echo stArt <SYSTEM32>\wsCript.eXe %TEMP%\mi0%CLZ%s"
- '<SYSTEM32>\cmd.exe'