Technical Information
- '%WINDIR%\explorer.exe' /e,/start,%TEMP%\d7hiiqq.js
- %TEMP%\d7hiiqq.js
- 'ho##########4689.matandimumews.workers.dev':443
- DNS ASK ho##########4689.matandimumews.workers.dev
- '<SYSTEM32>\wscript.exe' "%TEMP%\d7hiiqq.js"
- '<SYSTEM32>\wscript.exe' "%TEMP%\d7hiiqq.js"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /S /D /c" EcHO %LSSKqii:Z23=%%9hhIEEO:;X=/% 1>%TEMP%\d7hiiqq.js"
- '<SYSTEM32>\cmd.exe' /S /D /c" exit"