Technical Information
- '<SYSTEM32>\wscript.exe' "C:\Users\Public\cT9.js"
- C:\users\public\ct9.js
- http://bw###.#n01jmcc0ar.fun/?7/
- DNS ASK bw###.#n01jmcc0ar.fun
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p 2A3W9="%AYCDV:QDjS=%%XXS7:LMEBM=/%" 0<nul 1>C:\Users\Public\cT9%ZTFI%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" start cmd /c start C:\Users\Public\cT9%ZTFI%s"
- '<SYSTEM32>\cmd.exe' /c start C:\Users\Public\cT9.js