Technical Information
- '<SYSTEM32>\wscript.exe' %TEMP%\Hy3.js
- %TEMP%\hy3.js
- http://r6####.j6eimz820.online/?1/
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK r6####.j6eimz820.online
- DNS ASK cl###flare.com
- DNS ASK microsoft.com
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p K5V0G="%MPQI:TReo=%%GD7W:ZMWUR=/%" 0<nul 1>%TEMP%\Hy3%KAK%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" md \ |"
- '<SYSTEM32>\cmd.exe' /S /D /c" echo stArt <SYSTEM32>\wsCript.eXe %TEMP%\Hy3%KAK%s"
- '<SYSTEM32>\cmd.exe'