Technical Information
- '<SYSTEM32>\wscript.exe' %TEMP%\SaF.js
- %TEMP%\saf.js
- http://gw###.#gya4sylgbt.uno/?1/
- DNS ASK gw###.#gya4sylgbt.uno
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p FQOK2="%XMDPA:gjCm=%%YWO6:BDSPC=/%" 0<nul 1>%TEMP%\SaF%WCFP%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" echo StArt <SYSTEM32>\wsCript.eXe %TEMP%\SaF%WCFP%s"
- '<SYSTEM32>\cmd.exe'