Technical Information
- '<SYSTEM32>\wscript.exe' %TEMP%\Sft.js
- %TEMP%\sft.js
- http://9f####.a87eenjs.xyz/?1/
- DNS ASK 9f####.a87eenjs.xyz
- DNS ASK cl###flare.com
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p RNT6Y="%OSSQ:lVcE=%%X0F6:DPWDH=/%" 0<nul 1>%TEMP%\Sft%RLZ%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" md \ |"
- '<SYSTEM32>\cmd.exe' /S /D /c" echo stArt <SYSTEM32>\wsCript.eXe %TEMP%\Sft%RLZ%s"
- '<SYSTEM32>\cmd.exe'