Technical Information
- '%WINDIR%\explorer.exe' /c, %TEMP%\hqll233.jS
- %TEMP%\hqll233.js
- DNS ASK lo#########50.8u22d3b0n41r.workers.dev
- '<SYSTEM32>\wscript.exe' "%TEMP%\hqll233.Js"
- '<SYSTEM32>\wscript.exe' "%TEMP%\hqll233.Js"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /S /D /c" seT/p _HHKKqqn="%FMA:DGGZ=%%OLLSSFF:XXI=/%" 0<nul 1>%TEMP%\hqll233.Js 2>&1"
- '<SYSTEM32>\cmd.exe' /S /D /c" call %FUY:NQAA=% %TEMP%\hqll233.jS 2>&1"
- '<SYSTEM32>\cmd.exe' /S /D /c" exiT"