Technical Information
- '<SYSTEM32>\wscript.exe' C:\Users\Public\JOw.js
- C:\users\public\jow.js
- http://bw###.#n01jmcc0ar.fun/?1/
- DNS ASK bw###.#n01jmcc0ar.fun
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p 50NB6="%DVATD:txUn=%%0BZG:WRLND=/%" 0<nul 1>C:\Users\Public\JOw%NLIH%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" echo StArt <SYSTEM32>\wsCript.eXe C:\Users\Public\JOw%NLIH%s"
- '<SYSTEM32>\cmd.exe'