Technical Information
- '<SYSTEM32>\wscript.exe' C:\Users\Public\QJB.js
- C:\users\public\qjb.js
- http://bw###.#n01jmcc0ar.fun/?1/
- DNS ASK bw###.#n01jmcc0ar.fun
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p TK3DO="%QSJGC:H3Ec=%%LYDS:LEYRG=/%" 0<nul 1>C:\Users\Public\QJB%EYYB%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" echo StArt <SYSTEM32>\wsCript.eXe C:\Users\Public\QJB%EYYB%s"
- '<SYSTEM32>\cmd.exe'