Technical Information
- '<SYSTEM32>\wscript.exe' %TEMP%\2Hmhh8F.js
- nul
- %TEMP%\2hmhh8f.js
- http://ta######re.sitergostf.xyz/?8/
- DNS ASK ta######re.sitergostf.xyz
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p 6idLm2l="%TUB:IHQTH=%%xh6edHx:1RNEE=/%" 0<nul 1>%TEMP%\2Hmhh8F%ycmp%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" md \ |"
- '<SYSTEM32>\cmd.exe' /S /D /c" echo stArt <SYSTEM32>\wsCript.eXe %TEMP%\2Hmhh8F%ycmp%s"
- '<SYSTEM32>\cmd.exe'