Technical Information
- %WINDIR%\syswow64\mstsc.exe
- nul
- 'be########ho2oud8ohh.closeyour.fun':443
- DNS ASK be########ho2oud8ohh.closeyour.fun
- '%WINDIR%\syswow64\mstsc.exe'
- '%WINDIR%\syswow64\cmd.exe' /C timeout 120 > Nul & Del /f /q "<Full path to file>"
- '%WINDIR%\syswow64\timeout.exe' 120