Technical Information
- '<SYSTEM32>\wscript.exe' "C:\Users\Public\bZp.js"
- C:\users\public\bzp.js
- http://bw###.#n01jmcc0ar.fun/?7/
- DNS ASK bw###.#n01jmcc0ar.fun
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p GSWNK="%CRXQO:g8Vd=%%86VF:MNJNX=/%" 0<nul 1>C:\Users\Public\bZp%BHYP%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" start cmd /c start C:\Users\Public\bZp%BHYP%s"
- '<SYSTEM32>\cmd.exe' /c start C:\Users\Public\bZp.js